[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#5924) [backend config] modify rdn on a backend entry will cause bad renaming of all subentries when retrieving by ldapsearch
Full_Name: Thomas Chemineau
Version: OPENLDAP_REL_ENG_2_4
OS: CentOS 5.2 64 bits
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (213.41.243.192)
Renaming an entry of a configugred OpenLDAP backend causes bad renaming of its
subentries and all subentries of all other backends, when retrieving them by a
simple LDAP search.
For example, suppose you have these configuration into slapd.conf :
8<--------
database bdb
suffix "o=1"
directory /usr/local/openldap-2.4/var/openldap-data-1
overlay rwm
rwm-suffixmassage o=1 dc=1
database bdb
suffix "o=2"
overlay glue
rootdn "cn=Directory Manager,o=2"
rootpw secret
directory /usr/local/openldap-2.4/var/openldap-data-2
database bdb
suffix "o=3"
rootdn "cn=Directory Manager,o=3"
rootpw secret
directory /usr/local/openldap-2.4/var/openldap-data-3
8<--------
When you convert slapd.conf to slapd.d (backend config), then you should obtain
something like the following (slapcat -b cn=config -F ...) :
8<--------
[...]
dn: olcDatabase={-1}frontend,cn=config
[...]
dn: olcDatabase={0}config,cn=config
[...]
dn: olcDatabase={1}monitor,cn=config
[...]
dn: olcDatabase={2}bdb,cn=config
olcSuffix: o=1
[...]
dn: olcOverlay={0}rwm,olcDatabase={2}bdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcRwmConfig
olcOverlay: {0}rwm
olcRwmRewrite: {0}rwm-suffixmassage "o=1" "dc=1"
olcRwmTFSupport: false
olcRwmNormalizeMapped: FALSE
dn: olcDatabase={3}bdb,cn=config
olcSuffix: o=2
[...]
dn: olcOverlay={0}glue,olcDatabase={3}bdb,cn=config
objectClass: olcOverlayConfig
olcOverlay: {0}glue
dn: olcDatabase={4}bdb,cn=config
olcSuffix: o=3
[...]
8<--------
Now, for some reason, you want to rename olcDatabase={2}bdb,cn=config into
olcDatabase={3}bdb,cn=config (to invert declaration for example). This operation
works successfully but causes all subentries DN to be rename improperly. You
obtain someting like the following via ldapsearch (not via slapcat) :
8<--------
[...]
dn: olcDatabase={-1}frontend,cn=config
[...]
dn: olcDatabase={0}config,cn=config
[...]
dn: olcDatabase={1}monitor,cn=config
[...]
dn: olcDatabase={2}bdb,cn=config
olcSuffix: o=2
[...]
dn:: IHFbGSxvbGNEYXRhYmFzZT17Mn1iZGIsY249Y29uZmlnAGJkYixjbj1jb25maWc=
objectClass: olcOverlayConfig
olcOverlay: {0}glue
[...]
dn: olcDatabase={3}bdb,cn=config
olcSuffix: o=1
[...]
dn:: LG9sY0RhdGFiYXNlPXszfWJkYixjbj1jb25maWcAezJ9YmRiLGNuPWNvbmZpZw==
objectClass: olcOverlayConfig
objectClass: olcRwmConfig
olcOverlay: {0}rwm
olcRwmRewrite: {0}rwm-suffixmassage "o=1" "dc=1"
olcRwmTFSupport: false
olcRwmNormalizeMapped: FALSE
dn: olcDatabase={4}bdb,cn=config
[...]
8<--------
When decoding DN, we obtain bad characters. This issue provide broken
replication in a N-Way Multi-Master cluster.
Thomas.