[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: proxycache with error 'no objectClass attribute'

To: ando@sys-net.it
Subject: Re: proxycache with error 'no objectClass attribute'
From: "Jay zh" <jayzh@hotmail.com>
Date: Wed, 03 Nov 2004 17:19:08 +0800
Cc: openldap-software@OpenLDAP.org

Hi:

I mean, remove __ALL__ the proxycache stuff, from "overlay proxycache"
down under; leave th proxy ("database ldap") in place.  The proxy is
supposed to work without proxy cache (it did for years...), which is an
add-on.  Then query the proxy uncached.  Look at the results for the query
that's no longer cached, and post it (if it doesn't contain any sensitive
info).  I suspect the query gives incomplete results for the proxycache
functionality to work properly.


This is the all content of slapd.conf:

include         /usr/local/etc/openldap/schema/core.schema
pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args

database       ldap
suffix         "o=myorg"
uri            "ldap://ldapserver:389";

I use ldapsearch to query through proxy, the result shows only these attributes. There is no objectClass attribute.

cmd: ldapsearch -h ldapproxy -w mypasswd -D "cn=manager,o=myorg" -s sub -b "o=myorg" "cn=h0131"

result attributes:
c:
l:
postalCode:
street:
userPassword:
mail:
cn:

If I query ldapserver directly, I can get all the other attributes that don't show above. Of course, including objectClass attribute.

Here is the log with slapd -d 255:

=> send_search_entry: dn="cn=h0131,ou=Members,o=myorg" => access_allowed: read access to "cn=h0131,ou=Members,o=myorg" "entry" requested => access_allowed: backend default read access granted to "cn=manager,o=myorg" => access_allowed: read access to "cn=h0131,ou=Members,o=myorg" "c" requested => access_allowed: backend default read access granted to "cn=manager,o=myorg" => access_allowed: read access to "cn=h0131,ou=Members,o=myorg" "l" requested => access_allowed: backend default read access granted to "cn=manager,o=myorg" => access_allowed: read access to "cn=h0131,ou=Members,o=myorg" "postalCode" requested => access_allowed: backend default read access granted to "cn=manager,o=myorg" => access_allowed: read access to "cn=h0131,ou=Members,o=myorg" "street" requested => access_allowed: backend default read access granted to "cn=manager,o=myorg" => access_allowed: read access to "cn=h0131,ou=Members,o=myorg" "userPassword" requested => access_allowed: backend default read access granted to "cn=manager,o=myorg" => access_allowed: read access to "cn=h0131,ou=Members,o=myorg" "mail" requested => access_allowed: backend default read access granted to "cn=manager,o=myorg" => access_allowed: read access to "cn=h0131,ou=Members,o=myorg" "cn" requested => access_allowed: backend default read access granted to "cn=manager,o=myorg"

I find that lost attributes are user defined attributes(accountstatus,mailboxdir...), except objectClass. Is it normal? If not, how do I set the config file to make the above two queries return the same attributes sets? ACL in proxy server slapd.conf ?

Thanks.

_________________________________________________________________ Don?t just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/

Prev by Date: Re: proxycache with error 'no objectClass attribute'
Next by Date: Re: Replication Query
Index(es):
- Chronological
- Thread