I created a new connection handler and data view. When I started ldapsearch I got the above error message. Would like to know how caused that and how to fix it.
I tried to roll back all my modification and use the default connection handler and it even gave me the above message.
Thanks!
The error message (which would have been more useful if fully copied from the Error log) indicates that there are 2 different data-views that have been defined to handle Bind requests within the same naming context. This is not allowed by the Directory Proxy Server (6.0) because it may lead to non-deterministic authentication, which is a security issue.
How to fix this is to fully examine the Proxy configuration and remove the handling of the same naming context (suffix) from the data-views.
Regards,
Ludovic
Thanks Ludovic!
It happened when I tried to create two different data views(view1 and view2) and two different connetion handlers (conn1 and conn2).
view1 will view all data under the root suffix, like dc=example,dc=com
view2 will view only part of the subordinate, like ou=test,dc=example,dc=com (not sub-suffix)
I set data-view-atuomatic-routing-mode to limited. So view1 will not have exclude list.
conn1(priority 33) will use view1. I also set bind-dn to be "uid=testmanager,dc=example,dc=com"
conn2 (priority 99) will use view2 with no constraint.
When I started doing ldapsearch using that bind DN of "uid=testmanager,dc=***) and expected to use conn1 (since it fell into the criterial of the bind DN), I encourted this error.
This error kept on existing even I removed the view1 and conn1. I doubt that I should recover the default setting of routing policy (data-view-automatic-routing-mode), but don't know what the default value for that, maybe "automical" or something else.
My questions will be:
1) can i create two different views like one pointing to base and the other one to sub directory?
2) What is the default value fo data-view-automatic-routing-mode?
Thanks!
This error is finally resolved. Basically I restore the data-view-automatic-routing-mode to be the default value of "automatic", then deleted all customized data views and re-create one data view. Update the connection handler to use the new data view (testView). It works now.
So DS 6 does not allow two dataviews pointing to same naming context (if no exclude list) even only one data view is listed on the connection handler.
It will cause some inconvinience if I would like to create two data views, one pointing to the whold database, one only pointing to certain sub. In my connection handler, I would authorize certain binding DN or (IP) use the full data view while the others use sub data view.
Anyway, just came up with some thoughts while playing with DS 6. I think v6 is great, but I prefer playing for a while before it goes alive in our environment.
I could not find many resources except for those docs. If you have any suggestions/corrections, please feel free to post here.
Thanks!
