[Date Prev][Date Next] [Chronological] [Thread] [Top]

2nd bdb tree access problem


i have a weird problem with OpenLDAP 2.1.16 when i use a second bdb backend

how i found the problem:

1. i configure my slapd.conf for one bdb database with suffix "dc=xyz,dc=com"
2. i load an LDIF file for this suffix (includes the user i bind with)
3. i setup my access control lists... everything works 100% (read/write)


4. i add a second dbd database with suffix "dc=abc,dc=com" to slapd.conf
5. i load an LDIF file for the second suffic
6. access control stays the same, i bind with the same user and this user
has access to everything:

--8<---------:- snip -:---------8<---------:- snip -:---------8<--
# Everything
access to *
    by dn="cn=root,ou=adminUsers,dc=xyz,dc=com" write
    by self write
    by * none
--8<---------:- snip -:---------8<---------:- snip -:---------8<--

then i can still bind and still browse everything (first and second trees),
but... i can only modify things in the second (abc) database.

so, my problem is: i can not write to the original database after i loaded a
second database.

my first thought was that access control is specific to each database,
but according to 'man slapd.conf' the 'access' systax is part of the global

--8<---------:- snip -:---------8<---------:- snip -:---------8<--
Mar 16 12:03:34 blue slapd[10182]: => access_allowed: backend default write
access denied to "cn=root,ou=adminUsers,dc=xyz,dc=com"
Mar 16 12:03:34 blue slapd[10182]: bdb_modify: modify failed (50)
--8<---------:- snip -:---------8<---------:- snip -:---------8<--

is anybody running 2.1.x with two trees in one server ? did anything change
for access control with two databases from 2.0.x to 2.1.x ?


ps. platform: Debian, Linux 2.4.20, bdb 4.1.25


          'Simplicity is the ultimate sophistication.'
                                 - Leonardo da Vinci
 Johann L. Botha      Frogfoot Networks ISP
 joe@frogfoot.net     http://www.frogfoot.net/
 +27.82.562.6167      Built and Managed with Attention to Detail