Re: overlays and frontend database

[masarati@aero.polimi.it]

> Hello list.
>
> I have some questions about defining overlays on the frontend
> database. Documentation (manual pages) is not very consistent
> about it:
>
> slapd.overlays
>
> | Most of the overlays are only allowed to be configured on
> | individual databases, but some may also be configured
> | globally.
>
> slapd.conf
>
> | Note that all of the database's regular settings should be
> | configured before any overlay settings.

This is no longer strictly required, as far as I recall, but still it's
good admin practice (although it's a moot point as slapd.conf(5) should
not be used any longer, except possibly for bootstrapping.

> slapd-config
>
> | Settings in the frontend database are inherited by the other
> | databases, unless they are explicitly overridden in a
> | specific database.
>
> | Overlays must be configured as child entries of a specific
> | database.

Including the frontend database

> FAQ
>
> | Starting from OpenLDAP 2.3 they can be stacked on the
> | frontend as well; this means that they can be executed after
> | a request is parsed and validated, but right before the
> | appropriate database is selected.
>
> Are there are some overlays that can be applied on the
> fronted database (globally)?

Many.  For example, slapo-rwm(5).

> What about the inheritance as mentioned in slapd-config?
> (Maybe I didn't understand this correctly.)

...

>>From what I have tried, enabling an overlay on fronted
> database makes slapd to segfault due to accessing a null
> pointer or due to a heap overflow. It seems that there
> are no verifications of overlay settings, because both
> slapadd and ldapmodify succeed when enabling the void
> configuration.

Can you be more specific?  In general, overlays that cannot be configured
on the frontend database should complain somehow, but some checks might be
missing.  Feel free to file an ITS for specific bugs.

p.