[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ldappasswd with multiple bdb databases
- To: openldap-software@OpenLDAP.org
- Subject: ldappasswd with multiple bdb databases
- From: Andrew Reilly <andrew.reilly@gmail.com>
- Date: Tue, 23 Nov 2004 15:55:23 -0500
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding; b=cqBUomECdpWAS+xaR7zKTSnLGQ8tixkDPnOxKEQQRKbQxl9XoK7GXf+NGH7p2j10lriCcLUpiHXptj9qFXfOJx4IUKoFe3dEI/xGimtDFAY4ZaHQmDRHaVdHt8grVJqGfCJTznqBfleAQ+YXpEhElxj6coNdiKjplCdtQZyjiLQ=
We are using OpenLDAP in a fairly distributed environment, and for
numerous reasons we decided to split the tree for our organization
into multiple DBs that are cross replicated. This has proved to work
pretty well so far but we have recently noticed an inconsistency with
the way ldappaswd behaves vs. the other ldap* utilities.
We are able to search a db using an account that exists in another
database so long as slapd.conf has the appropriate ACL entries, and
likewise we seem to be able to use ldapadd and ldapmodify across DBs.
However, when we attempt to use ldappasswd to change the password of
an account and the authenticating account is from another db we
receive an error:
/usr/local/openldap/bin/ldappasswd -x -D "cn=Manager,dc=org,dc=com" -w
secret1 -s "secret2" "uid=tuser,ou=People,dc=branch,dc=org,dc=com"
Result: Referral (10)
Referral: ldap://ldap.org.com
If I import the authenticating account into the same db and change the
ACLs in the slapd.conf file to correspond to the new DN everything
works fine. We have tested this with both OpenLDAP 2.1.x and 2.2.x.
Does anyone know if this the expected behaviour of ldappasswd in this
situation?
TIA,
andrew