--On Monday, April 29, 2013 6:56 PM +0000 jeevan kc jeev_biz@hotmail.com wrote:
Please do not top post. Please keep replies to the list. Please verify whether or not you can reproduce this with OpenLDAP 2.4.35.
Thanks, Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
Quanah Gibson-Mount wrote:
This sounds similar to ITS#7381, which was filed against 2.4.32. I've just tested 2.4.35 and can reproduce the bug (using the scripts from the ITS attachment.)
IvanThanks for checking on 2.4.35 . Is there any way to fix the chaining overlay so it works even after restarting the slapd. I need to initiate a password policy for the directory but the chaining needs to be there for it to take effect. Any help / suggestion is appreciated.
Jeevan
On 30.04.2013. 17:09, jeevan kc wrote:
I can't be of much help here -- I went back to slapd.conf for the time being, since I have an undemanding setup where static configuration and straightforward change management do the job fine. Generally I didn't have problems with cn=config, but as long as there are fragile corner cases such as this one I'm not prepared to use it in production (and unfortunately I don't have time to chase the bug myself.)
On 30.04.2013. 17:09, jeevan kc wrote:
Thanks for checking on 2.4.35 . Is there any way to fix the chaining overlay so it works even after restarting the slapd. I need to initiate a password policy for the directory but the chaining needs to be there for it to take effect. Any help / suggestion is appreciated.
I was having the same issue with the chaining overlay and cn=config. It seems that the issue only affects the first olcChainDatabase entry, which is obviously ignored after a server restart. Any further olcChainDatabase entry seems to be working correctly.
As a workaround, I modified the first olcChainDatabase entry with a dummy olcDBURI (e.g. ldap://127.0.0.1) and created a second olcChainDatabase entry with the correct configuration.
As long as ITS#7381 isn't fixed, you could try this workaround.
Best regards, Manuel
openldap-technical@openldap.org