[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#8912) incorrect rootDSE (namingContexts)
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#8912) incorrect rootDSE (namingContexts)
- From: hyc@symas.com
- Date: Wed, 05 Sep 2018 10:43:12 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
jochen@keutel.de wrote:
> Full_Name: Jochen Keutel
> Version: 2.4.46
> OS: Debian 9
> URL:
> Submission from: (NULL) (80.146.191.218)
>
>
> With certain configurations it happens that the attribute namingContexts of the
> rootDSE contains the same value twice (which is not correct). It seems to be
> related to the fact that the naming context of a hidden backend is not ignored
> (servers/slapd/root_dse.c).
Thanks for the report. Fixed now in git master.
>
> To reproduce it: I started to configure replication: szenario syncrepl proxy
> (push based replication, see 18.3.5 in OpenLDAP Admin Guide - "primary directory
> also contains back-ldap databases"). Configuring the LDAP backend leads
> unfortunately to a root DSE showing the same name context twice:
>
> namingContexts: dc=keutel,dc=de
> namingContexts: dc=keutel,dc=de
>
> Is this a known problem? Esp. this stops PHPLDAPAdmin from working: It prints a
> lot of PHP arrays in this case.
>
> I've set "hidden on" for this backend but the problem remains.
>
> My configuration:
>
> 1. slapd.conf on server1 (master):
>
> database mdb
> suffix "dc=keutel,dc=de"
> ...
>
> database ldap
> hidden on
> suffix "dc=keutel,dc=de"
> rootdn "cn=admin,dc=keutel,dc=de"
> uri ldaps://server2/
>
> lastmod on
> restrict all
>
> acl-bind bindmethod=simple
> binddn="cn=replication,dc=keutel,dc=de"
> credentials=secret
>
> syncrepl rid=001
> provider=ldaps://server1/
> binddn="cn=replication,dc=keutel,dc=de"
> bindmethod=simple
> credentials=secret
> searchbase="dc=keutel,dc=de"
> type=refreshAndPersist
> retry="5 5 300 5"
>
> 2. converting this to dynamic config using slaptest gives the following entry:
>
>
> dn: olcDatabase={2}ldap
> objectClass: olcDatabaseConfig
> objectClass: olcLDAPConfig
> olcDatabase: {2}ldap
> olcHidden: TRUE
> olcSuffix: dc=keutel,dc=de
> ...
>
> 3. starting slapd with this dynamic configuration
>
> 4. reading rootDSE: attribute namingContexts occurs twice with the same value.
>
>
>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/