[email protected] wrote: > Full_Name: Juergen Sprenger > Version: 2.4.35 > OS: Gentoo Base System release 2.1, Kernel 3.7.10 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (193.5.238.18) > > > mdb dereference aliases problem.
A fix for this is now in git master, please test, thanks. commit fb537d747c6fd43e08986e99b1fe7781660feaf3 > > I use aliases to keep information about a person who has multiple accounts > consistent over all accounts and avoid redundancy, example: > > dn: uid=joe,ou=Account,dc=its,dc=scom > objectClass: alias > objectClass: extensibleObject > uid: joe > aliasedObjectName: uid=joe,ou=Person,dc=its,dc=scom > structuralObjectClass: alias > > When using hdb as backend for slapd everything works fine, and user are > authenticated properly: > # running 'getent passwd' with hdb backend: > Apr 24 09:53:54 openldap-dev slapd[19240]: conn=1000 op=0 BIND > dn="cn=itsAgent,ou=customerAgent,dc=scom" method=128 > Apr 24 09:53:54 openldap-dev slapd[19240]: conn=1000 op=0 BIND > dn="cn=itsAgent,ou=customerAgent,dc=scom" mech=SIMPLE ssf=0 > Apr 24 09:53:54 openldap-dev slapd[19240]: conn=1000 op=0 RESULT tag=97 err=0 > text= > Apr 24 09:53:54 openldap-dev slapd[19240]: conn=1000 op=1 SRCH > base="ou=account,dc=its,dc=scom" scope=1 deref=3 > filter="(objectClass=posixAccount)" > Apr 24 09:53:54 openldap-dev slapd[19240]: conn=1000 op=1 SRCH attr=uid > userPassword uidNumber gidNumber cn homeDirectory x-LinuxLoginShell gecos > description objectClass > Apr 24 09:53:54 openldap-dev slapd[19240]: conn=1000 op=1 SEARCH RESULT > tag=101 > err=0 nentries=656 text= > Apr 24 09:53:54 openldap-dev slapd[19240]: conn=1000 fd=13 closed (connection > lost) > > When using mdb as backend with same directory content, users are no longer > authenticated, search returns nentries=0: > > # running 'getent passwd' with mdb backend: > Apr 24 10:00:17 openldap-dev slapd[19300]: conn=1002 op=0 BIND > dn="cn=itsAgent,ou=customerAgent,dc=scom" method=128 > Apr 24 10:00:17 openldap-dev slapd[19300]: conn=1002 op=0 BIND > dn="cn=itsAgent,ou=customerAgent,dc=scom" mech=SIMPLE ssf=0 > Apr 24 10:00:17 openldap-dev slapd[19300]: conn=1002 op=0 RESULT tag=97 err=0 > text= > Apr 24 10:00:17 openldap-dev slapd[19300]: conn=1002 op=1 SRCH > base="ou=account,dc=its,dc=scom" scope=1 deref=3 > filter="(objectClass=posixAccount)" > Apr 24 10:00:17 openldap-dev slapd[19300]: conn=1002 op=1 SRCH attr=uid > userPassword uidNumber gidNumber cn homeDirectory x-LinuxLoginShell gecos > description objectClass > Apr 24 10:00:17 openldap-dev slapd[19300]: conn=1002 op=1 SEARCH RESULT > tag=101 > err=0 text= > Apr 24 10:00:17 openldap-dev slapd[19300]: conn=1002 fd=13 closed (connection > lost) > > Both setups have identical md5sum of slapcat output, so directory content can > be > assumed identical in my opinion. > > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
