[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8912) incorrect rootDSE (namingContexts)

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#8912) incorrect rootDSE (namingContexts)
From: hyc@symas.com
Date: Wed, 05 Sep 2018 10:43:12 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

jochen@keutel.de wrote:
> Full_Name: Jochen Keutel
> Version: 2.4.46
> OS: Debian 9
> URL: 
> Submission from: (NULL) (80.146.191.218)
> 
> 
> With certain configurations it happens that the attribute namingContexts of the
> rootDSE contains the same value twice (which is not correct). It seems to be
> related to the fact that the naming context of a hidden backend is not ignored
> (servers/slapd/root_dse.c).

Thanks for the report. Fixed now in git master.
> 
> To reproduce it: I started to configure replication: szenario syncrepl proxy
> (push based replication, see 18.3.5 in OpenLDAP Admin Guide - "primary directory
> also contains back-ldap databases"). Configuring the LDAP backend leads
> unfortunately to a root DSE showing the same name context twice:
> 
> namingContexts: dc=keutel,dc=de
> namingContexts: dc=keutel,dc=de
> 
> Is this a known problem? Esp. this stops PHPLDAPAdmin from working: It prints a
> lot of PHP arrays in this case.
> 
> I've set "hidden on" for this backend but the problem remains.
> 
> My configuration:
> 
> 1. slapd.conf on server1 (master):
> 
> database mdb
> suffix          "dc=keutel,dc=de"
> ...
> 
> database ldap
> hidden on
> suffix          "dc=keutel,dc=de"
> rootdn          "cn=admin,dc=keutel,dc=de"
> uri ldaps://server2/
> 
> lastmod on
> restrict all
> 
> acl-bind    bindmethod=simple
>         binddn="cn=replication,dc=keutel,dc=de"
>         credentials=secret
> 
> syncrepl    rid=001
>         provider=ldaps://server1/
>         binddn="cn=replication,dc=keutel,dc=de"
>         bindmethod=simple
>         credentials=secret
>         searchbase="dc=keutel,dc=de"
>         type=refreshAndPersist
>         retry="5 5 300 5"
> 
> 2. converting this to dynamic config using slaptest gives the following entry:
> 
> 
> dn: olcDatabase={2}ldap
> objectClass: olcDatabaseConfig
> objectClass: olcLDAPConfig
> olcDatabase: {2}ldap
> olcHidden: TRUE
> olcSuffix: dc=keutel,dc=de
> ...
> 
> 3. starting slapd with this dynamic configuration
> 
> 4. reading rootDSE: attribute namingContexts occurs twice with the same value.
> 
> 
> 
> 


-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: (ITS#8912) incorrect rootDSE (namingContexts)
Next by Date: Re: (ITS#8910) Open Ldap back sql installation Query
Index(es):
- Chronological
- Thread