Jay zh wrote:
Hi:
cmd: ldapsearch -h ldapproxy -w mypasswd -D "cn=manager,o=myorg" -s sub -b "o=myorg" "cn=h0131"
result attributes: c: l: postalCode: street: userPassword: mail: cn:
If I query ldapserver directly, I can get all the other attributes that don't show above. Of course, including objectClass attribute.
I find that lost attributes are user defined attributes(accountstatus,mailboxdir...), except objectClass.
Is it normal? If not, how do I set the config file to make the above two queries return the same attributes sets? ACL in proxy server slapd.conf ?
I add all the other lost attributes into proxy server's schema, and the result is the same as searching the destination server directly.
After putting the original config back and adding my own objectClass schema into proxy server's slapd.conf, the problem is resolved.
That is, LDAP proxy will first translate the results returned from the destination server. If attributes are not defined in proxy server's local schema, they will be removed. Only attributes that proxy server knows return to the client. Is it right? Why not return to the client directly and need to filter? I don't know the original thinking about the design of LDAP proxy. Is there any document or url described about this? I have read http://www.openldap.org/faq/data/cache/532.html and slapd-ldap(5). Do I miss some FAQs?
http://www.openldap.org/pub/kapurva/proxycaching.pdf
p.
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497