Full_Name: Brett Maxfield Version: 2.4.12 release OS: Solaris 5.10 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (203.18.108.167)
There is a bug that stops rwm-map being used to hide attributes, eg : database ldap suffix "c=AU" uri "ldap://<parent ip>:<parent port>/c=AU" overlay rwm lastmod off # attribute maps (ok except for final "rwm-map attribute *" map) rwm-map attribute cn * rwm-map attribute sn * rwm-map attribute mail * rwm-map attribute c * rwm-map attribute o * rwm-map attribute ou * # does not like this, it stops any entries being returned #rwm-map attribute * # objectclass maps (ok) rwm-map objectclass top * rwm-map objectclass country * rwm-map objectclass organization * rwm-map objectclass organizationalRole * rwm-map objectclass organizationalPerson * rwm-map objectclass organizationalUnit * rwm-map objectclass * Comment from the openlda-software list.. > I am trying to setup a ldap backend which is a filtered view of > another larger parent directory, with respect to exposing fewer object > classes and attributes. > > The intent is to present a simpler view of the larger directory, and > the config below works, except for when i uncomment the line > containing "rwm-map attribute *", to hide the attributes i do not want > visible, but after that it stops returning any entries at all for any > query. So may be there is some important openldap attribute i am > nuking ? Yes, I fear that's hiding the objectClass attribute, which is required for internal operations. On the other hand, you can't simply tell back-ldap to preserve that attribute, because mapping objectClass is not allowed. I suggest you file an ITS so that this problem can be fixed. p. Ing. Pierangelo Masarati OpenLDAP Core Team
