Hello list.
I have some questions about defining overlays on the frontend database. Documentation (manual pages) is not very consistent about it:
slapd.overlays
| Most of the overlays are only allowed to be configured on | individual databases, but some may also be configured | globally.
slapd.conf
| Note that all of the database's regular settings should be | configured before any overlay settings.
slapd-config
| Settings in the frontend database are inherited by the other | databases, unless they are explicitly overridden in a | specific database.
| Overlays must be configured as child entries of a specific | database.
FAQ
| Starting from OpenLDAP 2.3 they can be stacked on the | frontend as well; this means that they can be executed after | a request is parsed and validated, but right before the | appropriate database is selected.
Are there are some overlays that can be applied on the fronted database (globally)?
What about the inheritance as mentioned in slapd-config? (Maybe I didn't understand this correctly.)
From what I have tried, enabling an overlay on fronted
database makes slapd to segfault due to accessing a null pointer or due to a heap overflow. It seems that there are no verifications of overlay settings, because both slapadd and ldapmodify succeed when enabling the void configuration.
Please, what is the expected behavior?
Regards,
Jan
Hello list.
I have some questions about defining overlays on the frontend database. Documentation (manual pages) is not very consistent about it:
slapd.overlays
| Most of the overlays are only allowed to be configured on | individual databases, but some may also be configured | globally.
slapd.conf
| Note that all of the database's regular settings should be | configured before any overlay settings.
This is no longer strictly required, as far as I recall, but still it's good admin practice (although it's a moot point as slapd.conf(5) should not be used any longer, except possibly for bootstrapping.
slapd-config
| Settings in the frontend database are inherited by the other | databases, unless they are explicitly overridden in a | specific database.
| Overlays must be configured as child entries of a specific | database.
Including the frontend database
FAQ
| Starting from OpenLDAP 2.3 they can be stacked on the | frontend as well; this means that they can be executed after | a request is parsed and validated, but right before the | appropriate database is selected.
Are there are some overlays that can be applied on the fronted database (globally)?
Many. For example, slapo-rwm(5).
What about the inheritance as mentioned in slapd-config? (Maybe I didn't understand this correctly.)
...
From what I have tried, enabling an overlay on fronted
database makes slapd to segfault due to accessing a null pointer or due to a heap overflow. It seems that there are no verifications of overlay settings, because both slapadd and ldapmodify succeed when enabling the void configuration.
Can you be more specific? In general, overlays that cannot be configured on the frontend database should complain somehow, but some checks might be missing. Feel free to file an ITS for specific bugs.
p.
Can you be more specific? In general, overlays that cannot be configured on the frontend database should complain somehow, but some checks might be missing. Feel free to file an ITS for specific bugs.
I isolated the problem to memberof overlay, reported as: http://www.openldap.org/its/index.cgi?findid=7249
Jan
openldap-technical@openldap.org
-
Jan Vcelak -
masaratiļ¼ aero.polimi.it