[Date Prev][Date Next] [Chronological] [Thread] [Top]

backend relay with empty suffix

Hi all,

I tried the following (please note the empty suffix in relay's database definition) with an openldap-2.3.35:

database bdb
suffix   "dc=real,dc=naming,dc=context"

access to * attrs=userPassword
        by anonymous auth
        by * none
# other database specific ACLs
access to * by * none

database relay
suffix   ""
relay    "dc=real,dc=naming,dc=context" massage

access to * attrs=userPassword
        by anonymous auth
        by * none
# translated the previous set of ACLs as slapd-relay manual indicates
access to * by * none

Access to the real naming context (using BindDN and BasedDN on top of dc=real,dc=naming,dc=context) fails with the following error

=> bdb_search bdb_dn2entry("dc=real,dc=naming,dc=context,dc=real,dc=naming,dc=context")
=> bdb_dn2id("dc=real,dc=naming,dc=context")
<= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30989)

at the same time access to the virtual naming context (binddn: uid=myuid, basedn: uid=myuid) operates as expected. Normal access to the real naming context is restored by removing the declaration of relay database.

1. What is the status with the usage of empty suffixes? Is this the cause of the problem here?
2. How the relay,massage pair differs from overlay,suffixmassage in relay database?
3. Could slapo-rwm be used as a workaround to this problem?

BTW: slapd segfaults when I replace the relay,massage pair with overlay,suffixmassage.