[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldappasswd with multiple bdb databases

To: Andrew Reilly <andrew.reilly@gmail.com>
Subject: Re: ldappasswd with multiple bdb databases
From: Pierangelo Masarati <ando@sys-net.it>
Date: Wed, 24 Nov 2004 13:56:26 +0100
Cc: openldap-software@OpenLDAP.org
Domainkey-signature: a=rsa-sha1; s=mail; d=sys-net.it; c=simple; q=dns; b=XJXqipZZomNDLlaeIgdWAghNwFTY/edUGBJqzdreidikq1IavjFIDzKtt5Pm7KVht fotZCizerasZLoDMrSpYA==
References: <80a6493504112312555a46e29f@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003

I have no idea, but if you think there's a bug you should file an ITS, or your message may go unnoticed. In any case, I don't think the error is in the client, because it has no notion of how the operation is performed internally, and bind and passwd exop are two separate operations, which affect the DSA's internals when access control is verified, but I don't see a clear means for a client to affect this. In any case, you don't declare what version of the software you're using. Let me remember you that such bugs in releases other than 2.2 are not going to be addressed (unless you can also post a solution in form of a working patch, which can be hosted by the ITS).

p.

Andrew Reilly wrote:

We are using OpenLDAP in a fairly distributed environment, and for
numerous reasons we decided to split the tree for our organization
into multiple DBs that are cross replicated.  This has proved to work
pretty well so far but we have recently noticed an inconsistency with
the way ldappaswd behaves vs. the other ldap* utilities.

We are able to search a db using an account that exists in another
database so long as slapd.conf has the appropriate ACL entries, and
likewise we seem to be able to use ldapadd and ldapmodify across DBs.

However, when we attempt to use ldappasswd to change the password of
an account and the authenticating account is from another db we
receive an error:

/usr/local/openldap/bin/ldappasswd -x -D "cn=Manager,dc=org,dc=com" -w
secret1 -s "secret2" "uid=tuser,ou=People,dc=branch,dc=org,dc=com"
Result: Referral (10)
Referral: ldap://ldap.org.com

If I import the authenticating account into the same db and change the
ACLs in the slapd.conf file to correspond to the new DN everything
works fine.  We have tested this with both OpenLDAP 2.1.x and 2.2.x.

Does anyone know if this the expected behaviour of ldappasswd in this
situation?

TIA, andrew


   SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

References:
- ldappasswd with multiple bdb databases
  - From: Andrew Reilly <andrew.reilly@gmail.com>

Prev by Date: Re: How to execute a program after every change in the Directory?
Next by Date: Re: How to execute a program after every change in the Directory?
Index(es):
- Chronological
- Thread