[Gqclient-discuss] Re: Last resort schema server

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

It looks like the list and development is picking up again, so I'll  
throw this question out. I just tried out 1.0beta2 (with patches) and  
1.0rc1 and I'm still getting this behavior? I've even tried adding  
the following ACLs:

access to dn.base="" by * read
access to dn.base="cn=Subschema" by * read

And it's still not working. Does anyone know what I need to do to  
make these "last resort" schema messages go away?

On Nov 1, 2005, at 9:07 AM, Ti Leggett wrote:

> I read through the archives on this and think I'm getting further,  
> but it's still not working for me. Here's my ACLs:
>
> access to dn.base=""  
> attrs=objectClass,entry,namingContexts,supportedLDAPVersion,supportedS 
> ASLMechanisms
>         by anonymous read
>         by users read
>
> access to dn.base="cn=Subschema" attrs=subschemaSubentry
>         by users read
>
> access  to dn.base="cn=Subschema"  
> attrs=objectClass,entry,ldapSyntaxes,matchingRules,attributeTypes,obje 
> ctClasses
>         by users read
>
> I'm running RHEL4 (OpenLDAP 2.2.13) and I use GSSAPI for just about  
> everything.  Here's logs from my LDAP server when I go to the  
> schema tab in GQ and expand the server:
>
> Nov  1 09:01:53 ldap slapd[26166]: conn=41 fd=14 ACCEPT from  
> IP=192.168.1.2:38141 (IP=0.0.0.0:389)
> Nov  1 09:01:53 ldap slapd[26166]: conn=41 op=1 SRCH base=""  
> scope=0 deref=0 filter="(objectClass=*)"
> Nov  1 09:01:53 ldap slapd[26166]: conn=41 op=1 SRCH  
> attr=supportedSASLMechanisms
> Nov  1 09:01:53 ldap slapd[26166]: conn=41 op=1 SEARCH RESULT  
> tag=101 err=0 nentries=1 text=
> Nov  1 09:01:53 ldap slapd[26166]: conn=41 op=2 BIND dn="" method=163
> Nov  1 09:01:53 ldap slapd[26166]: conn=41 op=3 BIND dn="" method=163
> Nov  1 09:01:53 ldap slapd[26166]: conn=41 op=4 BIND dn="" method=163
> Nov  1 09:01:53 ldap slapd[26166]: SASL [conn=41] Error: unable to  
> open Berkeley db /etc/sasldb2: No such file or directory
> Nov  1 09:01:53 ldap slapd[26166]: conn=41 op=4 BIND authcid="leggett"
> Nov  1 09:01:53 ldap slapd[26166]: conn=41 op=4 BIND  
> dn="uid=leggett,ou=people,o=ci,dc=uchicago,dc=edu" mech=GSSAPI ssf=56
> Nov  1 09:01:53 ldap slapd[26166]: conn=41 op=5 SRCH base=""  
> scope=0 deref=0 filter="(objectClass=*)"
> Nov  1 09:01:53 ldap slapd[26166]: conn=41 op=5 SRCH  
> attr=subschemaSubentry
> Nov  1 09:01:53 ldap slapd[26166]: conn=41 op=5 SEARCH RESULT  
> tag=101 err=0 nentries=1 text=
> Nov  1 09:01:53 ldap slapd[26166]: conn=41 op=6 SRCH  
> base="cn=Subschema" scope=0 deref=0 filter="(objectClass=*)"
> Nov  1 09:01:53 ldap slapd[26166]: conn=41 op=6 SRCH  
> attr=objectClasses attributeTypes matchingRules ldapSyntaxes
> Nov  1 09:01:53 ldap slapd[26166]: conn=41 op=6 SEARCH RESULT  
> tag=101 err=0 nentries=1 text=
> Nov  1 09:01:56 ldap slapd[26166]: conn=41 op=7 UNBIND
> Nov  1 09:01:56 ldap slapd[26166]: conn=41 fd=14 closed
>
> And when I do:
>
> ldapsearch -H ldaps://ldap.example.com -b "cn=Subschema" -s base  
> "(objectClass=*)" objectClasses attributeTypes matchingRules  
> ldapSyntaxes
>
> I get this in the logs:
>
> ldapNov  1 09:04:13 ldap slapd[26166]: conn=42 fd=14 ACCEPT from  
> IP=192.168.1.2:34338 (IP=0.0.0.0:636)
> Nov  1 09:04:13 ldap slapd[26166]: conn=42 op=0 SRCH base=""  
> scope=0 deref=0 filter="(objectClass=*)"
> Nov  1 09:04:13 ldap slapd[26166]: conn=42 op=0 SRCH  
> attr=supportedSASLMechanisms
> Nov  1 09:04:13 ldap slapd[26166]: conn=42 op=0 SEARCH RESULT  
> tag=101 err=0 nentries=1 text=
> Nov  1 09:04:13 ldap slapd[26166]: conn=42 op=1 BIND dn="" method=163
> Nov  1 09:04:13 ldap slapd[26166]: conn=42 op=2 BIND dn="" method=163
> Nov  1 09:04:13 ldap slapd[26166]: conn=42 op=3 BIND dn="" method=163
> Nov  1 09:04:13 ldap slapd[26166]: SASL [conn=42] Error: unable to  
> open Berkeley db /etc/sasldb2: No such file or directory
> Nov  1 09:04:13 ldap slapd[26166]: conn=42 op=3 BIND authcid="leggett"
> Nov  1 09:04:13 ldap slapd[26166]: conn=42 op=3 BIND  
> dn="uid=leggett,ou=people,o=ci,dc=uchicago,dc=edu" mech=GSSAPI ssf=56
> Nov  1 09:04:13 ldap slapd[26166]: conn=42 op=4 SRCH  
> base="cn=Subschema" scope=0 deref=0 filter="(objectClass=*)"
> Nov  1 09:04:13 ldap slapd[26166]: conn=42 op=4 SRCH  
> attr=objectClasses attributeTypes matchingRules ldapSyntaxes
> Nov  1 09:04:13 ldap slapd[26166]: conn=42 op=4 SEARCH RESULT  
> tag=101 err=0 nentries=1 text=
> Nov  1 09:04:13 ldap slapd[26166]: conn=42 op=5 UNBIND
> Nov  1 09:04:13 ldap slapd[26166]: conn=42 fd=14 closed
>
> and I get the listing of everything I asked for.
>
> Any ideas or suggestions on this? As far as my untrained eye can  
> see, everything looks like it should work.