[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#7758) slapcat exports entire databases when given a non-existent base
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#7758) slapcat exports entire databases when given a non-existent base
- From: quanah@zimbra.com
- Date: Thu, 5 Dec 2013 02:58:59 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
--On Wednesday, December 04, 2013 6:52 PM -0800 Howard Chu <hyc@symas.com>
wrote:
> quanah@OpenLDAP.org wrote:
>> Full_Name: Quanah Gibson-Mount
>> Version: 2.4.35
>> OS: Linux 2.6
>> URL: ftp://ftp.openldap.org/incoming/
>> Submission from: (NULL) (75.111.58.125)
>>
>>
>> If the root of the primary database is "", and you try and export a base
>> that doesn't exist via slapcat, the entire database is exported (i.e.,
>> it acts like you specified "" as the base):
>
> Works as designed. -b selects the backend that matches the DN you
> provided. A backend with suffix "" matches anything that nothing more
> specific matched. If you wanted to filter down to a specific branch, you
> should have used -s. Closing this ITS.
There is no backend matching cn=accesslog. There is only "" and
"cn=monitor" on this particular server. The goal here was not to export a
subtree, it was something trying to export the delta-syncrepl accesslog on
a server that didn't have one. That should result in an error, not match
the primary db rooted at "". I certainly wouldn't expect -n 3 to default
to -n 1 if -n 3 doesn't exist. Neither should -b "cn=accesslog" default to
-b "". Those clearly do not match.
--Quanah
--
Quanah Gibson-Mount
Architect - Server
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration