--Boundary-00=_glFxL04kLcJl7l6 Content-Type: Text/Plain; charset="iso-8859-15" Content-Transfer-Encoding: quoted-printable
Thanks for your quick answer Pierangelo,
On Monday, 12. April 2010, masarati@aero.polimi.it wrote:
[...] My guess is that you're trying to use ACIs with a non-local storage.
In
that case your analysis is correct. Can you provide your (sanitized) configuration?
I am using a local hdb backend.
In order to generate a minimal test case I found out, that it seems to be=20 related to the rwm overlay.
Although I have set rwm-rewriteEngine to off, rwm seems to be partially=20 active. Commenting out the rwm directives completely makes the searches work as=20 expected.
Please find attached a testcase with slapd.conf and ldif data. To experience the issue simply perform a search with e.g. attribute 1.1 as = one=20 of the users in the data. Then comment the rwm-... lines in slapd.conf, restart slapd and try again. Voil=E0 the difference.
I see. probably, a relatively "quick" fix would be to allow to define a list of attributes, specific for a database, that is available to all implementations that need to muck with requested attrs (e.g. slapd-ldap, slapd-meta, slapo-rwm). They are supposed to be added to the list of requested attrs whenever appropriate. It's up to the administrato to keep it updated with everything that may be needed by special features like ACI. Something like
required_attrs OpenLDAPACI
In the future, we might be able to figure out a clever way to self-detect what attributes need to be treated this way. I'll work at that, time permitting.
Thanks for reporting. p.
-
masaratiļ¼ aero.polimi.it