Hi all,
I tried the following (please note the empty suffix in relay's database definition) with an openldap-2.3.35:
#------------- database bdb suffix "dc=real,dc=naming,dc=context"
access to * attrs=userPassword by anonymous auth by * none # other database specific ACLs access to * by * none
#-------------- database relay suffix "" relay "dc=real,dc=naming,dc=context" massage
access to * attrs=userPassword by anonymous auth by * none # translated the previous set of ACLs as slapd-relay manual indicates access to * by * none #-----------------
Access to the real naming context (using BindDN and BasedDN on top of dc=real,dc=naming,dc=context) fails with the following error
=> bdb_search bdb_dn2entry("dc=real,dc=naming,dc=context,dc=real,dc=naming,dc=context") => bdb_dn2id("dc=real,dc=naming,dc=context") <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30989)
at the same time access to the virtual naming context (binddn: uid=myuid, basedn: uid=myuid) operates as expected. Normal access to the real naming context is restored by removing the declaration of relay database.
Questions: 1. What is the status with the usage of empty suffixes? Is this the cause of the problem here? 2. How the relay,massage pair differs from overlay,suffixmassage in relay database? 3. Could slapo-rwm be used as a workaround to this problem?
BTW: slapd segfaults when I replace the relay,massage pair with overlay,suffixmassage.
Thanks,