[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
2nd bdb tree access problem
- To: openldap-software <openldap-software@OpenLDAP.org>
- Subject: 2nd bdb tree access problem
- From: Johann Botha <joe@frogfoot.net>
- Date: Sun, 16 Mar 2003 12:04:59 +0200
- Content-disposition: inline
- Organization: Frogfoot Networks
- User-agent: Mutt/1.4i
Hi!
i have a weird problem with OpenLDAP 2.1.16 when i use a second bdb backend
database.
how i found the problem:
1. i configure my slapd.conf for one bdb database with suffix "dc=xyz,dc=com"
2. i load an LDIF file for this suffix (includes the user i bind with)
3. i setup my access control lists... everything works 100% (read/write)
then
4. i add a second dbd database with suffix "dc=abc,dc=com" to slapd.conf
5. i load an LDIF file for the second suffic
6. access control stays the same, i bind with the same user and this user
has access to everything:
--8<---------:- snip -:---------8<---------:- snip -:---------8<--
# Everything
access to *
by dn="cn=root,ou=adminUsers,dc=xyz,dc=com" write
by self write
by * none
--8<---------:- snip -:---------8<---------:- snip -:---------8<--
then i can still bind and still browse everything (first and second trees),
but... i can only modify things in the second (abc) database.
so, my problem is: i can not write to the original database after i loaded a
second database.
my first thought was that access control is specific to each database,
but according to 'man slapd.conf' the 'access' systax is part of the global
config.
log:
--8<---------:- snip -:---------8<---------:- snip -:---------8<--
Mar 16 12:03:34 blue slapd[10182]: => access_allowed: backend default write
access denied to "cn=root,ou=adminUsers,dc=xyz,dc=com"
Mar 16 12:03:34 blue slapd[10182]: bdb_modify: modify failed (50)
--8<---------:- snip -:---------8<---------:- snip -:---------8<--
is anybody running 2.1.x with two trees in one server ? did anything change
for access control with two databases from 2.0.x to 2.1.x ?
thanks.
ps. platform: Debian, Linux 2.4.20, bdb 4.1.25
--
Regards
Johann
'Simplicity is the ultimate sophistication.'
- Leonardo da Vinci
________________________________________________________________
Johann L. Botha Frogfoot Networks ISP
joe@frogfoot.net http://www.frogfoot.net/
+27.82.562.6167 Built and Managed with Attention to Detail
+27.21.686.1674
http://blue.frogfoot.net/