Re: (ITS#6471) dynlist overlay only acknowledging last dynlist-attrset statement - openldap-bugs

13 Feb 2010


      First of all,  I am paraphrasing.  No one is hiding anything from you =
Pierre. You need only ask.=20
...
It is supposed to be a bug.  It's also the reason I asked from the
beginning to see the real configuration, real data and real operation
causing the issue.  If you keep hiding essential details, and only =
provide
...
bits of information each time, it'll take ages to just discover where =
the
...
issue is.
...
So now the only way to keep this ITS open is to see your ENTIRE =
slapd.conf
...
(except passwords, of course).  An even better alternative would be to
receive a sanitized slapd.conf, a LDIF and a search operation based on
ldapsearch that clearly illustrates the issue, like what I posted a =
couple
...
of postings ago.
Here, the entire sanitized config. I left out the ACL file (the include =
statement at the very end), but the behavior in question was happening =
to the rootdn user as well, meaning ACLs weren't the culprit.  I also =
removed 14 of 15 of the syncrepl stanzas for brevity, as they were all =
the same aside from hostname/IP.
NOTE the sections labeled WORKS HERE, and BROKEN HERE, which denote the =
original (dysfunctional) position vs the current (functional) position.
######
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/openldap.schema
include /etc/ldap/schema/duaconf.schema
include /etc/ldap/schema/dyngroup.schema
include /etc/ldap/schema/ppolicy.schema
include /etc/ldap/schema/sudo.schema
include /etc/ldap/schema/dhcp.schema
include /etc/ldap/schema/samba.schema
include /usr/share/doc/libpam-ldap/ldapns.schema
include /etc/ldap/schema/hdb.schema
include /etc/ldap/schema/uber.schema
include /etc/ldap/schema/nisdomainobject.schema
pidfile		/var/run/slapd/slapd.pid
argsfile	/var/run/slapd/slapd.args
tool-threads    4
loglevel	stats stats2 sync
## Modules/Overlays
modulepath  /usr/lib/ldap
moduleload  back_hdb
moduleload  back_monitor.la
moduleload  syncprov
moduleload  accesslog
moduleload  dynlist.la
serverID 100 ldap://10.94.100.100:3890/
TLSCertificateFile	/etc/ldap/ssl/wildcard.example.com.crt
TLSCertificateKeyFile	/etc/ldap/ssl/wildcard.example.com.key
TLSCACertificateFile	/etc/ssl/certs/ca-example.cert
TLSVerifyClient		never
## Limits, Mandates & Allowances
disallow   bind_anon
sizelimit  unlimited
timelimit  unlimited
security    tls=3D0
access to dn.subtree=3D"cn=3DSubschema"
  by users read
access to dn.base=3D""
  by users read
defaultSearchBase	dc=3Dexample,dc=3Dcom
sasl-realm	EXAMPLE.COM
sasl-host	ds.example.com
authz-regexp	"uid=3D(.*),cn=3DEXAMPLE.COM,cn=3Dgssapi,cn=3Dauth"
    	"uid=3D$1,cn=3Dplain,cn=3Dauth,dc=3Dexample,dc=3Dcom"
backend hdb
########### Monitoring Database - For slapd/hdb performance data
database	monitor
rootdn		uid=3Dmonitor,cn=3Dmonitor
rootpw            {SSHA}....
access to dn.subtree=3D"cn=3Dmonitor"
   by =
group/groupOfUniqueNames/uniqueMember=3D"cn=3Dldapadmin,cn=3Dldap,cn=3Dgro=
ups,dc=3Dexample,dc=3Dcom" read
########### Example Log
database		hdb
suffix			cn=3Dexamplelog
rootdn			"uid=3Dlog,cn=3Dexamplelog"
rootpw			{SSHA}....
directory		/var/lib/ldap/examplelog
index			reqStart,objectClass,entryCSN,reqResult	eq
dbconfig                set_cachesize 0 4097152 0
dbconfig                set_lg_regionmax 1048576
dbconfig                set_lg_max 1048576
dbconfig                set_lg_dir /var/lib/ldap/examplelog
dbconfig                set_tmp_dir /tmp
overlay			syncprov
syncprov-nopresent	TRUE
syncprov-reloadhint     TRUE
access to dn.subtree=3D"cn=3Dexamplelog"
  by =
group/groupOfUniqueNames/uniqueMember=3D"cn=3Dldapadmin,cn=3Dldap,cn=3Dgro=
ups,dc=3Dexample,dc=3Dcom" read
########### Example.Com
database		hdb
idlcachesize	4000
suffix			"dc=3Dexample,dc=3Dcom"
checksum
checkpoint		10 1
cachefree 		20
rootdn			"uid=3Drootdn,cn=3Dplain,cn=3Dauth,dc=3Dexample,dc=
=3Dcom"
rootpw			{SSHA}....
monitoring		on
lastmod			on
directory       "/var/lib/ldap/example"
dncachesize 	1000
dbconfig		set_cachesize 1 0 2
dbconfig        set_lg_max 10485760
dbconfig        set_lg_regionmax 40485760
dbconfig 		set_flags db_log_autoremove
dbconfig 		set_lg_bsize 20971520
dbconfig 		set_lk_max_objects 5500
dbconfig 		set_lk_max_locks 5500
dbconfig 		set_lk_max_lockers 5500
index   objectClass			        eq     =20
index   entryCSN,entryUUID          eq     =20
index   cn,uid,memberUid            eq
index	uidNumber,gidNumber			eq
###############
### WORKS HERE
overlay dynlist
dynlist-attrset groupOfURLs memberURL memberUid
dynlist-attrset posixGroup memberURL memberUid:uid
## There were 15 of these, removed 14 for brevity.
syncrepl rid=3D001
  provider=3Dldap://10.94.100.100:3890/
  starttls=3Dyes
  bindmethod=3Dsimple
  binddn=3D"uid=3Dsyncrepl,cn=3Dplain,cn=3Dauth,dc=3Dexample,dc=3Dcom"
  credentials=3Dpassword
  scope=3Dsub
  filter=3D"(objectClass=3D*)"
  schemachecking=3Doff
  searchbase=3D"dc=3Dexample,dc=3Dcom"
  attrs=3D"*,+"
  retry=3D"12 +"
  sizelimit=3Dunlimited
  timeout=3D20
  type=3DrefreshAndPersist
mirrormode	true
overlay		syncprov
syncprov-sessionlog 10
syncprov-checkpoint 1 5
overlay			accesslog
logdb			cn=3Dexamplelog
logops			writes
logold			(objectclass=3D*)
logpurge		7+00:00 2+00:00
logsuccess		TRUE
##################
### IS BROKEN HERE
overlay dynlist
dynlist-attrset groupOfURLs memberURL memberUid
dynlist-attrset posixGroup memberURL memberUid:uid
include	/etc/ldap/acls