[Date Prev][Date Next] [Chronological] [Thread] [Top]
Re: ITS#7552

To: openldap-its@OpenLDAP.org
Subject: Re: ITS#7552
From: Matthew.Monaco@colorado.edu
Date: Thu, 25 Apr 2013 02:14:03 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)
This is a multi-part message in MIME format.
--------------010002070300090900000609
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Caching queries with * attributes broken (compiled from 260fd69, RE24 HEAD).

This works:

ldapsearch -x -b ou=users,dc=cs,dc=colorado,dc=edu \
    '(&(objectClass=posixAccount)(uid=matt)'

This does not:

ldapsearch -x -b ou=users,dc=cs,dc=colorado,dc=edu \
    '(&(objectClass=posixAccount)(uid=matt)' uid

I also have a problem where the attribute set is set to (nssov_passwd_byname):

uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
description objectClass

For this, nssov does not work (I see cacheable, but the query never gets
cached). However, this does work:

ldapsearch -x -b ou=users,dc=cs,dc=colorado,dc=edu \
    '(&(objectClass=posixAccount)(uid=matt)' uid


(Also, test020 passes)

--------------010002070300090900000609
Content-Type: text/plain; charset=UTF-8;
 name="slapd-master.conf"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename="slapd-master.conf"

########
##
## CSEL
##

##
# Modules

#modulepath  /usr/lib/ldap
moduleload  back_mdb.so
moduleload  nssov.so

##
# Schema

include     /etc/openldap/schema/core.schema
include     /etc/openldap/schema/cosine.schema
include     /etc/openldap/schema/nis.schema
include     /etc/openldap/schema/inetorgperson.schema
include     /etc/openldap/schema/misc.schema
include     /etc/openldap/schema/ldapns.schema

##
# System

pidfile     /run/slapd/slapd.pid
argsfile    /run/slapd/slapd.args
loglevel    256
sizelimit   5000

TLSCACertificateFile  /etc/openldap/ldap-csel-ca.crt
TLSCertificateFile    /etc/openldap/ldap-csel.crt
TLSCertificateKeyFile /etc/openldap/ldap-csel.key

##
# ACLs

access to attrs=userPassword
	by set="[cn=administrators,ou=groups,dc=cs,dc=colorado,dc=edu]/memberUid & user/uid" manage
	by self =xw
	by anonymous auth
	by * none

#access to dn.children="ou=users,dc=cs,dc=colorado,dc=edu"
#	by set="[cn=administrators,ou=groups,dc=cs,dc=colorado,dc=edu]/memberUid & user/uid" manage
#	by self read
#	by * none

#access to dn.children="ou=groups,dc=cs,dc=colorado,dc=edu" attrs=memberUid
#	by set="[cn=administrators,ou=groups,dc=cs,dc=colorado,dc=edu]/memberUid & user/uid" manage
#	by users search
#	by * none

access to *
	by set="[cn=administrators,ou=groups,dc=cs,dc=colorado,dc=edu]/memberUid & user/uid" manage
	by users read
	by * read

##
# Backend (mdb)

database    mdb
directory   /var/lib/openldap/csel.mdb
maxsize     1073741824
suffix      dc=cs,dc=colorado,dc=edu

index default eq
index objectClass
index cn
index uid
index uidNumber
index gidNumber
index memberUid
index uniqueMember
index entryCSN

##
# Overlay (nssov)

overlay     nssov
nssov-ssd   passwd   ldap:///ou=users,dc=cs,dc=colorado,dc=edu??one
nssov-ssd   shadow   ldap:///ou=users,dc=cs,dc=colorado,dc=edu??one
nssov-ssd   group    ldap:///ou=groups,dc=cs,dc=colorado,dc=edu??one
nssov-ssd   hosts    ldap:///ou=hosts,dc=cs,dc=colorado,dc=edu??one

--------------010002070300090900000609
Content-Type: text/plain; charset=UTF-8;
 name="slapd-client.conf"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename="slapd-client.conf"

#######
##
## CSEL
##

##
# Modules

moduleload  back_ldap.so
moduleload  back_mdb.so
moduleload  pcache.so
moduleload  nssov.so

##
# Schema

include     /etc/openldap/schema/core.schema
include     /etc/openldap/schema/cosine.schema
include     /etc/openldap/schema/nis.schema
include     /etc/openldap/schema/inetorgperson.schema
include     /etc/openldap/schema/misc.schema
include     /etc/openldap/schema/ldapns.schema

##
# System

pidfile     /run/slapd/slapd.pid
argsfile    /run/slapd/slapd.args
sizelimit   10000

##
# Backend (ldap)

database    ldap
uri         ldaps://xxx.colorado.edu/
tls         ldaps tls_reqcert=allow
suffix      dc=cs,dc=colorado,dc=edu
rootdn      cn=pcache,ou=sys,dc=cs,dc=colorado,dc=edu

##
# Overlay (proxy cache)

overlay pcache
pcache mdb 10000 1 256 120
pcacheOffline TRUE

directory /var/lib/openldap/pcache.mdb
maxsize   67108864
index default eq
index objectClass
index cn
index uid
index uidNumber
index gidNumber
index memberUid
index uniqueMember

pcacheAttrset 0 *

pcacheTemplate (&(objectClass=)(uid=)) 0 3600

##
# Overlay (nssov)

overlay     nssov
nssov-ssd   passwd   ldap:///ou=users,dc=cs,dc=colorado,dc=edu??one
nssov-ssd   shadow   ldap:///ou=users,dc=cs,dc=colorado,dc=edu??one
nssov-ssd   group    ldap:///ou=groups,dc=cs,dc=colorado,dc=edu??one
nssov-ssd   hosts    ldap:///ou=hosts,dc=cs,dc=colorado,dc=edu??one


--------------010002070300090900000609--
Prev by Date: (ITS#7577) hdb and mdb derefere aliases differently
Next by Date: (ITS#7578) delta-sync multimaster replication issue
Index(es):
- Chronological
- Thread