That sounds like an odd change in behavior. Aside from the special entries (rootDSE, subschema) if select_backend() cannot find a match we should be dropping the request (either with a referral or OBJECT_NOT_FOUND).lukeh@OpenLDAP.org wrote:
Add fe_access_allowed(), should allow global ACL overlays to workThis didn't handle the case of requests that are corretly honored by the frontend itself. Please review my fix. Howard, what about having select_backend() return the frontendDB for the appropriate entries? Do you see any drawbacks? (all entries that don't match, or rootDSE and cn=Subschema only?)
-- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc OpenLDAP Core Team http://www.openldap.org/project/