Re: defaultsearchbase and empty base dn subtree searches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Aleksander Adamowski wrote:

Hi!

I'm migrating from OpenLDAP to Fedora Directory.
In the OpenLDAP infrastructure, I had used proxy LDAP servers (the slapd-ldap backend) to direct requests to slapd-bdb backend OpenLDAP instances with failover in case of failure. In addition to that, using the rwm overlay, the slapd-ldap instance did request rewriting of queries that specify empty base dn. 

The configuration for slapd-ldap instance was:

database        ldap
suffix          ""
uri           "ldap://localhost:392/,ldaps://otherserver:636/";
timeout 24
idle-timeout 16
overlay rwm
rwm-rewriteEngine on
rwm-rewriteContext searchBase
rwm-rewriteRule   "$" "o=MyDefaultBase" ":"
I've read a thread from 2006-02 on this list (https://www.redhat.com/archives/fedora-directory-users/2006-February/msg00108.html) that it's possible to get a similar behaviour on FDS by modifying dse.ldif.
I've stopped the FDS instance, modified /etc/dirsrv/slapd-instancename/dse.ldif and started FDS again: 

dn:
objectClass: top
objectClass: extensibleObject
defaultsearchbase: o=MyDefaultBase
aci: (targetattr != "aci")(version 3.0; aci "rootdse anon read access"; allow( 
read,search,compare) userdn="ldap:///anyone";;)
creatorsName: cn=server,cn=plugins,cn=config
modifiersName: cn=server,cn=plugins,cn=config
createTimestamp: 20080411165538Z
modifyTimestamp: 20080411165538Z
However, it still doesn't return anything when clients search with empty base: 

# /usr/lib64/mozldap/ldapsearch -b 'o=MyDefaultBase' -s sub uid=olo uid
version: 1
dn: uid=olo,ou=People,o=MyDefaultBase
uid: olo

# /usr/lib64/mozldap/ldapsearch -b '' -s sub uid=olo uid
ldap_search: No such object
Maybe it's relevant that the host in question takes part in multi-master replication setup of 3 FDS servers.
defaultSearchBase is not a server side thing. It only works if clients understand how to use it. There is no way to make Fedora DS do a subtree search from base "" unless you write a C code plugin

<<attachment: smime.p7s>>

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux