defaultsearchbase and empty base dn subtree searches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Aleksander Adamowski wrote:
> Hi!
>
> I'm migrating from OpenLDAP to Fedora Directory.
>
> In the OpenLDAP infrastructure, I had used proxy LDAP servers (the 
> slapd-ldap backend) to direct requests to slapd-bdb backend OpenLDAP 
> instances with failover in case of failure.
> In addition to that, using the rwm overlay, the slapd-ldap instance 
> did request rewriting of queries that specify empty base dn.
>
> The configuration for slapd-ldap instance was:
>
> database        ldap
> suffix          ""
> uri           "ldap://localhost:392/,ldaps://otherserver:636/";
> timeout 24
> idle-timeout 16
> overlay rwm
> rwm-rewriteEngine on
> rwm-rewriteContext searchBase
> rwm-rewriteRule   "$" "o=MyDefaultBase" ":"
>
> I've read a thread from 2006-02 on this list 
> (https://www.redhat.com/archives/fedora-directory-users/2006-February/msg00108.html) 
> that it's possible to get a similar behaviour on FDS by modifying 
> dse.ldif.
>
> I've stopped the FDS instance, modified 
> /etc/dirsrv/slapd-instancename/dse.ldif and started FDS again:
>
> dn:
> objectClass: top
> objectClass: extensibleObject
> defaultsearchbase: o=MyDefaultBase
> aci: (targetattr != "aci")(version 3.0; aci "rootdse anon read 
> access"; allow(
> read,search,compare) userdn="ldap:///anyone";;)
> creatorsName: cn=server,cn=plugins,cn=config
> modifiersName: cn=server,cn=plugins,cn=config
> createTimestamp: 20080411165538Z
> modifyTimestamp: 20080411165538Z
>
> However, it still doesn't return anything when clients search with 
> empty base:
>
> # /usr/lib64/mozldap/ldapsearch -b 'o=MyDefaultBase' -s sub uid=olo uid
> version: 1
> dn: uid=olo,ou=People,o=MyDefaultBase
> uid: olo
>
> # /usr/lib64/mozldap/ldapsearch -b '' -s sub uid=olo uid
> ldap_search: No such object
>
> Maybe it's relevant that the host in question takes part in 
> multi-master replication setup of 3 FDS servers.
>
defaultSearchBase is not a server side thing.  It only works if clients 
understand how to use it.  There is no way to make Fedora DS do a 
subtree search from base "" unless you write a C code plugin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20080414/628c411e/attachment.bin
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux