Dominique VOLPE wrote:
Hi,
I try to install a meta directory.
My slapd.conf looks like that :
database meta suffix "o=mydomain,c=fr" rootdn "cn=Manager,o=mydomain,c=fr" rootpw secret lastmod off
uri "ldap://xxxxx/ou=persons,o=mydomain,c=fr" suffixmassage "ou=persons,o=mydomain,c=fr" "ou=org1,o=mydomain,c=fr"
When I search an address whith my email client, I can see in the log :
conn=5 op=1 SRCH base="o=mydomain,c=fr" scope=0 deref=0 filter="(objectClass=*)" conn=5 op=1 SRCH attr=objectClass daemon: select: listen=6 active_threads=0 tvp=NULL daemon: select: listen=7 active_threads=0 tvp=NULL request 1 done conn=5 op=1 SEARCH RESULT tag=101 err=32 nentries=0 text=
It tries to list all objectclasses, but it uses the scope "base" (scope=0) instead of "sub" (scope=2). Thus, it produces an error.
Has anybody already met this problem and did find a solution?
I think I could do it with rewrite rules, but I didn't find how to substitute the scope.
The scope of a search is automatically handled by slapd-meta to deal with matching the request with what the targets are supposed to handle, there's no way you can explicitly modify the scope of asearch. However, your issue occurs well before any rewriting takes place.
In your slapd.conf you configure the meta database so that it can handle requests in the "o=mydomain,c=fr" naming context; then, you configure the only target in a manner that it can only deal with requests in the "ou=persons,o=mydomain,c=fr" branch of that naming context. As the client searches for "o=mydomain,c=fr" with a scope of "base", it means that the client really wants only that very entry, which your meta database can't answer. Either you configure the target so that it can return that very entry, or you configure your client to request what the database can actually return.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati@sys-net.it ------------------------------------------