Hi all,
I tried the following (please note the empty suffix in relay's database
definition) with an openldap-2.3.35:
#-------------
database bdb
suffix "dc=real,dc=naming,dc=context"
access to * attrs=userPassword
by anonymous auth
by * none
# other database specific ACLs
access to * by * none
#--------------
database relay
suffix ""
relay "dc=real,dc=naming,dc=context" massage
access to * attrs=userPassword
by anonymous auth
by * none
# translated the previous set of ACLs as slapd-relay manual indicates
access to * by * none
#-----------------
Access to the real naming context (using BindDN and BasedDN on top of
dc=real,dc=naming,dc=context) fails with the following error
=> bdb_search
bdb_dn2entry("dc=real,dc=naming,dc=context,dc=real,dc=naming,dc=context")
=> bdb_dn2id("dc=real,dc=naming,dc=context")
<= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found
(-30989)
at the same time access to the virtual naming context (binddn:
uid=myuid, basedn: uid=myuid) operates as expected. Normal access to the
real naming context is restored by removing the declaration of relay
database.
Questions:
1. What is the status with the usage of empty suffixes? Is this the
cause of the problem here?
2. How the relay,massage pair differs from overlay,suffixmassage in
relay database?
3. Could slapo-rwm be used as a workaround to this problem?
BTW: slapd segfaults when I replace the relay,massage pair with
overlay,suffixmassage.
Thanks,