This is a multi-part message in MIME format. --------------010002070300090900000609 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Caching queries with * attributes broken (compiled from 260fd69, RE24 HEAD). This works: ldapsearch -x -b ou=users,dc=cs,dc=colorado,dc=edu \ '(&(objectClass=posixAccount)(uid=matt)' This does not: ldapsearch -x -b ou=users,dc=cs,dc=colorado,dc=edu \ '(&(objectClass=posixAccount)(uid=matt)' uid I also have a problem where the attribute set is set to (nssov_passwd_byname): uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass For this, nssov does not work (I see cacheable, but the query never gets cached). However, this does work: ldapsearch -x -b ou=users,dc=cs,dc=colorado,dc=edu \ '(&(objectClass=posixAccount)(uid=matt)' uid (Also, test020 passes) --------------010002070300090900000609 Content-Type: text/plain; charset=UTF-8; name="slapd-master.conf" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="slapd-master.conf" ######## ## ## CSEL ## ## # Modules #modulepath /usr/lib/ldap moduleload back_mdb.so moduleload nssov.so ## # Schema include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/misc.schema include /etc/openldap/schema/ldapns.schema ## # System pidfile /run/slapd/slapd.pid argsfile /run/slapd/slapd.args loglevel 256 sizelimit 5000 TLSCACertificateFile /etc/openldap/ldap-csel-ca.crt TLSCertificateFile /etc/openldap/ldap-csel.crt TLSCertificateKeyFile /etc/openldap/ldap-csel.key ## # ACLs access to attrs=userPassword by set="[cn=administrators,ou=groups,dc=cs,dc=colorado,dc=edu]/memberUid & user/uid" manage by self =xw by anonymous auth by * none #access to dn.children="ou=users,dc=cs,dc=colorado,dc=edu" # by set="[cn=administrators,ou=groups,dc=cs,dc=colorado,dc=edu]/memberUid & user/uid" manage # by self read # by * none #access to dn.children="ou=groups,dc=cs,dc=colorado,dc=edu" attrs=memberUid # by set="[cn=administrators,ou=groups,dc=cs,dc=colorado,dc=edu]/memberUid & user/uid" manage # by users search # by * none access to * by set="[cn=administrators,ou=groups,dc=cs,dc=colorado,dc=edu]/memberUid & user/uid" manage by users read by * read ## # Backend (mdb) database mdb directory /var/lib/openldap/csel.mdb maxsize 1073741824 suffix dc=cs,dc=colorado,dc=edu index default eq index objectClass index cn index uid index uidNumber index gidNumber index memberUid index uniqueMember index entryCSN ## # Overlay (nssov) overlay nssov nssov-ssd passwd ldap:///ou=users,dc=cs,dc=colorado,dc=edu??one nssov-ssd shadow ldap:///ou=users,dc=cs,dc=colorado,dc=edu??one nssov-ssd group ldap:///ou=groups,dc=cs,dc=colorado,dc=edu??one nssov-ssd hosts ldap:///ou=hosts,dc=cs,dc=colorado,dc=edu??one --------------010002070300090900000609 Content-Type: text/plain; charset=UTF-8; name="slapd-client.conf" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="slapd-client.conf" ####### ## ## CSEL ## ## # Modules moduleload back_ldap.so moduleload back_mdb.so moduleload pcache.so moduleload nssov.so ## # Schema include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/misc.schema include /etc/openldap/schema/ldapns.schema ## # System pidfile /run/slapd/slapd.pid argsfile /run/slapd/slapd.args sizelimit 10000 ## # Backend (ldap) database ldap uri ldaps://xxx.colorado.edu/ tls ldaps tls_reqcert=allow suffix dc=cs,dc=colorado,dc=edu rootdn cn=pcache,ou=sys,dc=cs,dc=colorado,dc=edu ## # Overlay (proxy cache) overlay pcache pcache mdb 10000 1 256 120 pcacheOffline TRUE directory /var/lib/openldap/pcache.mdb maxsize 67108864 index default eq index objectClass index cn index uid index uidNumber index gidNumber index memberUid index uniqueMember pcacheAttrset 0 * pcacheTemplate (&(objectClass=)(uid=)) 0 3600 ## # Overlay (nssov) overlay nssov nssov-ssd passwd ldap:///ou=users,dc=cs,dc=colorado,dc=edu??one nssov-ssd shadow ldap:///ou=users,dc=cs,dc=colorado,dc=edu??one nssov-ssd group ldap:///ou=groups,dc=cs,dc=colorado,dc=edu??one nssov-ssd hosts ldap:///ou=hosts,dc=cs,dc=colorado,dc=edu??one --------------010002070300090900000609--