A suffix is defined in the mapping tree and points to a backend implementin this suffix.
In the backend is a nsslapd-suffix attribute, which is multivalued and is mainained in a be_suffixlist.
But this handling id flawed in several ways. Probably once a backend was supposed to contain multiple suffixes, but this no longer works - and we should keep the 1:1 relationship and correct errors.
1] if the dse.ldif contains multiple nsslaps-suffix attributes only the first is used, the others ar ignored silently. The attempt to add another value via ldapmodify is rejected with err=53
2] more severe: the nsslapd-suffix attribute can have any value, there is no check that it matches the suffix in the mapping tree, so it is possible to have a suffix "dc=example,dc=com" pointing to the backend "userroot", but in the backend definition the nsslapd-suffix attr can be "o=tralalala" - and it seem to work, even if the calls to slapi_be_issuffix() return the unexpected result - these calls need extra investigation.
What to do: - clearly document the "one backend - one suffix" rule - reject multivalued configs with specific error message - change implementation from be_suffixlist to be_suffix - check that suffix in mapping tree and backend match
Metadata Update from @mreynolds: - Custom field component adjusted to None - Custom field origin adjusted to None - Custom field reviewstatus adjusted to None - Custom field type adjusted to None - Custom field version adjusted to None - Issue set to the milestone: 1.4.0
Metadata Update from @vashirov: - Issue priority set to: normal - Issue set to the milestone: 1.4.3 (was: 1.4.0)
Metadata Update from @mreynolds: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1859225
Issue linked to Bugzilla: Bug 1859225
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/2526
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.