I'm using current re23 code (2.3.35 + few fixes) and everything seems to work just fine. You should narrow down what's happening (e.g. post you exact configuration and command line...)

p.

Nikos Voutsinas wrote:

Hi all,

I tried the following (please note the empty suffix in relay's database definition) with an openldap-2.3.35:

#------------- database bdb suffix "dc=real,dc=naming,dc=context"

access to * attrs=userPassword by anonymous auth by * none # other database specific ACLs access to * by * none

#-------------- database relay suffix "" relay "dc=real,dc=naming,dc=context" massage

access to * attrs=userPassword by anonymous auth by * none # translated the previous set of ACLs as slapd-relay manual indicates access to * by * none #-----------------

Access to the real naming context (using BindDN and BasedDN on top of dc=real,dc=naming,dc=context) fails with the following error

=> bdb_search bdb_dn2entry("dc=real,dc=naming,dc=context,dc=real,dc=naming,dc=context") => bdb_dn2id("dc=real,dc=naming,dc=context") <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30989)

at the same time access to the virtual naming context (binddn: uid=myuid, basedn: uid=myuid) operates as expected. Normal access to the real naming context is restored by removing the declaration of relay database.

Questions:

1. What is the status with the usage of empty suffixes? Is this the

cause of the problem here? 2. How the relay,massage pair differs from overlay,suffixmassage in relay database? 3. Could slapo-rwm be used as a workaround to this problem?

BTW: slapd segfaults when I replace the relay,massage pair with overlay,suffixmassage.

Thanks,

Ing. Pierangelo Masarati OpenLDAP Core Team

SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------