Hi, i try to configure 2 Directory Server with db link. I have first DS that point to second DS that have DB in filesystem. I create a proxy user in second DS: # tproxy, config dn: uid=tproxy,cn=config uid: tproxy givenName: test objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson sn: proxy cn: test proxy userPassword:: ********************************************* and i create in first DS the "Dababase link" that use this user to bind in second DS. In second DS i add the following aci: (targetattr = "*") (target = "ldap:///dc=example,dc=com";) (version 3.0;acl "AciChepermettetutto";allow (all)(userdn = "ldap:///uid=tproxy,cn=config";);) (targetattr = "*") (target = "ldap:///dc=example,dc=com";) (version 3.0;acl "proxy acl";allow (proxy)(userdn = "ldap:///uid=tproxy,cn=config";);) Bu if i try to execute the ldapserach in first directory server i have the following error: dapsearch -h localhost -x -p 20389 -D "cn=Directory Manager" -w ********* -b "dc=example,dc=com" "(objectclass=*)" # extended LDIF # # LDAPv3 # base <dc=example,dc=com> with scope subtree # filter: (objectclass=*) # requesting: ALL # # search result search: 2 result: 53 Server is unwilling to perform text: Proxy dn should not be rootdn # numResponses: 1 If i enable verbose logging in my error log i have: [15/Jul/2009:18:44:47 +0200] - activity on 65r [15/Jul/2009:18:44:47 +0200] - => slapi_reslimit_get_integer_limit() conn=0xb1557d68, handle=3 [15/Jul/2009:18:44:47 +0200] - <= slapi_reslimit_get_integer_limit() returning NO VALUE [15/Jul/2009:18:44:47 +0200] - read activity on 65 [15/Jul/2009:18:44:47 +0200] - add_pb [15/Jul/2009:18:44:47 +0200] - => slapi_reslimit_get_integer_limit() conn=0xb1557c08, handle=3 [15/Jul/2009:18:44:47 +0200] - <= slapi_reslimit_get_integer_limit() returning NO VALUE [15/Jul/2009:18:44:47 +0200] - get_pb [15/Jul/2009:18:44:47 +0200] - conn 1 activity level = 2 [15/Jul/2009:18:44:47 +0200] - conn 1 turbo rank = 2 out of 3 conns [15/Jul/2009:18:44:47 +0200] - do_search [15/Jul/2009:18:44:47 +0200] - => get_filter_internal [15/Jul/2009:18:44:47 +0200] - PRESENT [15/Jul/2009:18:44:47 +0200] - <= get_filter_internal 0 [15/Jul/2009:18:44:47 +0200] get_filter - before optimize: (objectClass=*) [15/Jul/2009:18:44:47 +0200] get_filter - after optimize: (objectClass=*) [15/Jul/2009:18:44:47 +0200] - SRCH base="dc=example,dc=com" scope=2 deref=0 sizelimit=0 timelimit=0 attrsonly=0 filter="(objectClass=*)" attrs=ALL [15/Jul/2009:18:44:47 +0200] - => get_ldapmessage_controls [15/Jul/2009:18:44:47 +0200] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.2) [15/Jul/2009:18:44:47 +0200] - <= slapi_control_present 0 (NOT FOUND) [15/Jul/2009:18:44:47 +0200] - => slapi_control_present (looking for 1.3.6.1.4.1.42.2.27.8.5.1) [15/Jul/2009:18:44:47 +0200] - <= slapi_control_present 0 (NOT FOUND) [15/Jul/2009:18:44:48 +0200] - <= get_ldapmessage_controls 2 controls [15/Jul/2009:18:44:48 +0200] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.3) [15/Jul/2009:18:44:48 +0200] - <= slapi_control_present 0 (NOT FOUND) [15/Jul/2009:18:44:48 +0200] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.20) [15/Jul/2009:18:44:48 +0200] - <= slapi_control_present 0 (NOT FOUND) [15/Jul/2009:18:44:48 +0200] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.14) [15/Jul/2009:18:44:48 +0200] - <= slapi_control_present 0 (NOT FOUND) [15/Jul/2009:18:44:48 +0200] - => slapi_control_present (looking for 1.3.6.1.4.1.42.2.27.9.5.2) [15/Jul/2009:18:44:48 +0200] - <= slapi_control_present 0 (NOT FOUND) [15/Jul/2009:18:44:48 +0200] - mapping tree selected backend : example [15/Jul/2009:18:44:48 +0200] - => slapi_reslimit_get_integer_limit() conn=0xb1557cb8, handle=2 [15/Jul/2009:18:44:48 +0200] - <= slapi_reslimit_get_integer_limit() returning NO VALUE [15/Jul/2009:18:44:48 +0200] - => slapi_reslimit_get_integer_limit() conn=0xb1557cb8, handle=1 [15/Jul/2009:18:44:48 +0200] - <= slapi_reslimit_get_integer_limit() returning NO VALUE [15/Jul/2009:18:44:48 +0200] - => compute_limits: sizelimit=2000, timelimit=3600 [15/Jul/2009:18:44:48 +0200] - Calling plugin 'ACL preoperation' #1 type 403 [15/Jul/2009:18:44:48 +0200] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.12) [15/Jul/2009:18:44:48 +0200] - <= slapi_control_present 1 (FOUND) [15/Jul/2009:18:44:48 +0200] - => send_ldap_result 53::Proxy dn should not be rootdn [15/Jul/2009:18:44:48 +0200] - flush_ber() wrote 43 bytes to socket 65 [15/Jul/2009:18:44:48 +0200] - <= send_ldap_result [15/Jul/2009:18:44:48 +0200] - mapping tree release backend : example [15/Jul/2009:18:44:48 +0200] - slapi_filter_free type 0x87 [15/Jul/2009:18:44:49 +0200] - => slapi_reslimit_get_integer_limit() conn=0xb1557d68, handle=3 [15/Jul/2009:18:44:49 +0200] - <= slapi_reslimit_get_integer_limit() returning NO VALUE [15/Jul/2009:18:44:49 +0200] - => slapi_reslimit_get_integer_limit() conn=0xb1557cb8, handle=3 [15/Jul/2009:18:44:49 +0200] - <= slapi_reslimit_get_integer_limit() returning NO VALUE [15/Jul/2009:18:44:49 +0200] - => slapi_reslimit_get_integer_limit() conn=0xb1557c08, handle=3 [15/Jul/2009:18:44:49 +0200] - <= slapi_reslimit_get_integer_limit() returning NO VALUE [15/Jul/2009:18:44:49 +0200] - listener got signaled [15/Jul/2009:18:44:53 +0200] - Event id a19b958 called at 1247676293 (scheduled for 1247676293) [15/Jul/2009:18:44:55 +0200] - ldbm backend flushing [15/Jul/2009:18:44:55 +0200] - ldbm backend done flushing [15/Jul/2009:18:44:55 +0200] - ldbm backend flushing [15/Jul/2009:18:44:55 +0200] - ldbm backend done flushing The problem seems the "ACL preoperation" plugin. Indeed if i disable this plugin, it WORKS. But i cannot disable this plugin. Any ideas to solve the problem?? Thanks and sorry in advance for my bad English // -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20090715/9bb2b7e1/attachment.html
