This is a multi-part message in MIME format. --------------010002070300090900000609 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit
Caching queries with * attributes broken (compiled from 260fd69, RE24 HEAD).
This works:
ldapsearch -x -b ou=users,dc=cs,dc=colorado,dc=edu \ '(&(objectClass=posixAccount)(uid=matt)'
This does not:
ldapsearch -x -b ou=users,dc=cs,dc=colorado,dc=edu \ '(&(objectClass=posixAccount)(uid=matt)' uid
I also have a problem where the attribute set is set to (nssov_passwd_byname):
uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass
For this, nssov does not work (I see cacheable, but the query never gets cached). However, this does work:
ldapsearch -x -b ou=users,dc=cs,dc=colorado,dc=edu \ '(&(objectClass=posixAccount)(uid=matt)' uid
(Also, test020 passes)
--------------010002070300090900000609 Content-Type: text/plain; charset=UTF-8; name="slapd-master.conf" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="slapd-master.conf"
######## ## ## CSEL ##
## # Modules
#modulepath /usr/lib/ldap moduleload back_mdb.so moduleload nssov.so
## # Schema
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/misc.schema include /etc/openldap/schema/ldapns.schema
## # System
pidfile /run/slapd/slapd.pid argsfile /run/slapd/slapd.args loglevel 256 sizelimit 5000
TLSCACertificateFile /etc/openldap/ldap-csel-ca.crt TLSCertificateFile /etc/openldap/ldap-csel.crt TLSCertificateKeyFile /etc/openldap/ldap-csel.key
## # ACLs
access to attrs=userPassword by set="[cn=administrators,ou=groups,dc=cs,dc=colorado,dc=edu]/memberUid & user/uid" manage by self =xw by anonymous auth by * none
#access to dn.children="ou=users,dc=cs,dc=colorado,dc=edu" # by set="[cn=administrators,ou=groups,dc=cs,dc=colorado,dc=edu]/memberUid & user/uid" manage # by self read # by * none
#access to dn.children="ou=groups,dc=cs,dc=colorado,dc=edu" attrs=memberUid # by set="[cn=administrators,ou=groups,dc=cs,dc=colorado,dc=edu]/memberUid & user/uid" manage # by users search # by * none
access to * by set="[cn=administrators,ou=groups,dc=cs,dc=colorado,dc=edu]/memberUid & user/uid" manage by users read by * read
## # Backend (mdb)
database mdb directory /var/lib/openldap/csel.mdb maxsize 1073741824 suffix dc=cs,dc=colorado,dc=edu
index default eq index objectClass index cn index uid index uidNumber index gidNumber index memberUid index uniqueMember index entryCSN
## # Overlay (nssov)
overlay nssov nssov-ssd passwd ldap:///ou=users,dc=cs,dc=colorado,dc=edu??one nssov-ssd shadow ldap:///ou=users,dc=cs,dc=colorado,dc=edu??one nssov-ssd group ldap:///ou=groups,dc=cs,dc=colorado,dc=edu??one nssov-ssd hosts ldap:///ou=hosts,dc=cs,dc=colorado,dc=edu??one
--------------010002070300090900000609 Content-Type: text/plain; charset=UTF-8; name="slapd-client.conf" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="slapd-client.conf"
####### ## ## CSEL ##
## # Modules
moduleload back_ldap.so moduleload back_mdb.so moduleload pcache.so moduleload nssov.so
## # Schema
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/misc.schema include /etc/openldap/schema/ldapns.schema
## # System
pidfile /run/slapd/slapd.pid argsfile /run/slapd/slapd.args sizelimit 10000
## # Backend (ldap)
database ldap uri ldaps://xxx.colorado.edu/ tls ldaps tls_reqcert=allow suffix dc=cs,dc=colorado,dc=edu rootdn cn=pcache,ou=sys,dc=cs,dc=colorado,dc=edu
## # Overlay (proxy cache)
overlay pcache pcache mdb 10000 1 256 120 pcacheOffline TRUE
directory /var/lib/openldap/pcache.mdb maxsize 67108864 index default eq index objectClass index cn index uid index uidNumber index gidNumber index memberUid index uniqueMember
pcacheAttrset 0 *
pcacheTemplate (&(objectClass=)(uid=)) 0 3600
## # Overlay (nssov)
overlay nssov nssov-ssd passwd ldap:///ou=users,dc=cs,dc=colorado,dc=edu??one nssov-ssd shadow ldap:///ou=users,dc=cs,dc=colorado,dc=edu??one nssov-ssd group ldap:///ou=groups,dc=cs,dc=colorado,dc=edu??one nssov-ssd hosts ldap:///ou=hosts,dc=cs,dc=colorado,dc=edu??one
--------------010002070300090900000609--