[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7577) hdb and mdb derefere aliases differently

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#7577) hdb and mdb derefere aliases differently
From: hyc@symas.com
Date: Sun, 28 Apr 2013 19:38:46 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

juergen.sprenger@swisscom.com wrote:
> Full_Name: Juergen Sprenger
> Version: 2.4.35
> OS: Gentoo Base System release 2.1, Kernel 3.7.10
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (193.5.238.18)
>
>
> mdb dereference aliases problem.

A fix for this is now in git master, please test, thanks. commit 
fb537d747c6fd43e08986e99b1fe7781660feaf3
>
> I use aliases to keep information about a person who has multiple accounts
> consistent over all accounts and avoid redundancy, example:
>
> dn: uid=joe,ou=Account,dc=its,dc=scom
> objectClass: alias
> objectClass: extensibleObject
> uid: joe
> aliasedObjectName: uid=joe,ou=Person,dc=its,dc=scom
> structuralObjectClass: alias
>
> When using hdb as backend for slapd everything works fine, and user are
> authenticated properly:
> # running 'getent passwd' with hdb backend:
> Apr 24 09:53:54 openldap-dev slapd[19240]: conn=1000 op=0 BIND
> dn="cn=itsAgent,ou=customerAgent,dc=scom" method=128
> Apr 24 09:53:54 openldap-dev slapd[19240]: conn=1000 op=0 BIND
> dn="cn=itsAgent,ou=customerAgent,dc=scom" mech=SIMPLE ssf=0
> Apr 24 09:53:54 openldap-dev slapd[19240]: conn=1000 op=0 RESULT tag=97 err=0
> text=
> Apr 24 09:53:54 openldap-dev slapd[19240]: conn=1000 op=1 SRCH
> base="ou=account,dc=its,dc=scom" scope=1 deref=3
> filter="(objectClass=posixAccount)"
> Apr 24 09:53:54 openldap-dev slapd[19240]: conn=1000 op=1 SRCH attr=uid
> userPassword uidNumber gidNumber cn homeDirectory x-LinuxLoginShell gecos
> description objectClass
> Apr 24 09:53:54 openldap-dev slapd[19240]: conn=1000 op=1 SEARCH RESULT tag=101
> err=0 nentries=656 text=
> Apr 24 09:53:54 openldap-dev slapd[19240]: conn=1000 fd=13 closed (connection
> lost)
>
> When using mdb as backend with same directory content, users are no longer
> authenticated, search returns nentries=0:
>
> # running 'getent passwd' with mdb backend:
> Apr 24 10:00:17 openldap-dev slapd[19300]: conn=1002 op=0 BIND
> dn="cn=itsAgent,ou=customerAgent,dc=scom" method=128
> Apr 24 10:00:17 openldap-dev slapd[19300]: conn=1002 op=0 BIND
> dn="cn=itsAgent,ou=customerAgent,dc=scom" mech=SIMPLE ssf=0
> Apr 24 10:00:17 openldap-dev slapd[19300]: conn=1002 op=0 RESULT tag=97 err=0
> text=
> Apr 24 10:00:17 openldap-dev slapd[19300]: conn=1002 op=1 SRCH
> base="ou=account,dc=its,dc=scom" scope=1 deref=3
> filter="(objectClass=posixAccount)"
> Apr 24 10:00:17 openldap-dev slapd[19300]: conn=1002 op=1 SRCH attr=uid
> userPassword uidNumber gidNumber cn homeDirectory x-LinuxLoginShell gecos
> description objectClass
> Apr 24 10:00:17 openldap-dev slapd[19300]: conn=1002 op=1 SEARCH RESULT tag=101
> err=0 text=
> Apr 24 10:00:17 openldap-dev slapd[19300]: conn=1002 fd=13 closed (connection
> lost)
>
> Both setups have identical md5sum of slapcat output, so directory content can be
> assumed identical in my opinion.
>
>
>


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: Re: (ITS#7567) Alias dereferencing slowness
Next by Date: (ITS#7579) back-sql does not update DIT when DB is updated
Index(es):
- Chronological
- Thread