[Gqclient-discuss] Re: Last resort schema server
Status: Beta
Brought to you by:
sur5r
From: Ti L. <le...@ci...> - 2006-04-09 23:11:41
|
It looks like the list and development is picking up again, so I'll throw this question out. I just tried out 1.0beta2 (with patches) and 1.0rc1 and I'm still getting this behavior? I've even tried adding the following ACLs: access to dn.base="" by * read access to dn.base="cn=Subschema" by * read And it's still not working. Does anyone know what I need to do to make these "last resort" schema messages go away? On Nov 1, 2005, at 9:07 AM, Ti Leggett wrote: > I read through the archives on this and think I'm getting further, > but it's still not working for me. Here's my ACLs: > > access to dn.base="" > attrs=objectClass,entry,namingContexts,supportedLDAPVersion,supportedS > ASLMechanisms > by anonymous read > by users read > > access to dn.base="cn=Subschema" attrs=subschemaSubentry > by users read > > access to dn.base="cn=Subschema" > attrs=objectClass,entry,ldapSyntaxes,matchingRules,attributeTypes,obje > ctClasses > by users read > > I'm running RHEL4 (OpenLDAP 2.2.13) and I use GSSAPI for just about > everything. Here's logs from my LDAP server when I go to the > schema tab in GQ and expand the server: > > Nov 1 09:01:53 ldap slapd[26166]: conn=41 fd=14 ACCEPT from > IP=192.168.1.2:38141 (IP=0.0.0.0:389) > Nov 1 09:01:53 ldap slapd[26166]: conn=41 op=1 SRCH base="" > scope=0 deref=0 filter="(objectClass=*)" > Nov 1 09:01:53 ldap slapd[26166]: conn=41 op=1 SRCH > attr=supportedSASLMechanisms > Nov 1 09:01:53 ldap slapd[26166]: conn=41 op=1 SEARCH RESULT > tag=101 err=0 nentries=1 text= > Nov 1 09:01:53 ldap slapd[26166]: conn=41 op=2 BIND dn="" method=163 > Nov 1 09:01:53 ldap slapd[26166]: conn=41 op=3 BIND dn="" method=163 > Nov 1 09:01:53 ldap slapd[26166]: conn=41 op=4 BIND dn="" method=163 > Nov 1 09:01:53 ldap slapd[26166]: SASL [conn=41] Error: unable to > open Berkeley db /etc/sasldb2: No such file or directory > Nov 1 09:01:53 ldap slapd[26166]: conn=41 op=4 BIND authcid="leggett" > Nov 1 09:01:53 ldap slapd[26166]: conn=41 op=4 BIND > dn="uid=leggett,ou=people,o=ci,dc=uchicago,dc=edu" mech=GSSAPI ssf=56 > Nov 1 09:01:53 ldap slapd[26166]: conn=41 op=5 SRCH base="" > scope=0 deref=0 filter="(objectClass=*)" > Nov 1 09:01:53 ldap slapd[26166]: conn=41 op=5 SRCH > attr=subschemaSubentry > Nov 1 09:01:53 ldap slapd[26166]: conn=41 op=5 SEARCH RESULT > tag=101 err=0 nentries=1 text= > Nov 1 09:01:53 ldap slapd[26166]: conn=41 op=6 SRCH > base="cn=Subschema" scope=0 deref=0 filter="(objectClass=*)" > Nov 1 09:01:53 ldap slapd[26166]: conn=41 op=6 SRCH > attr=objectClasses attributeTypes matchingRules ldapSyntaxes > Nov 1 09:01:53 ldap slapd[26166]: conn=41 op=6 SEARCH RESULT > tag=101 err=0 nentries=1 text= > Nov 1 09:01:56 ldap slapd[26166]: conn=41 op=7 UNBIND > Nov 1 09:01:56 ldap slapd[26166]: conn=41 fd=14 closed > > And when I do: > > ldapsearch -H ldaps://ldap.example.com -b "cn=Subschema" -s base > "(objectClass=*)" objectClasses attributeTypes matchingRules > ldapSyntaxes > > I get this in the logs: > > ldapNov 1 09:04:13 ldap slapd[26166]: conn=42 fd=14 ACCEPT from > IP=192.168.1.2:34338 (IP=0.0.0.0:636) > Nov 1 09:04:13 ldap slapd[26166]: conn=42 op=0 SRCH base="" > scope=0 deref=0 filter="(objectClass=*)" > Nov 1 09:04:13 ldap slapd[26166]: conn=42 op=0 SRCH > attr=supportedSASLMechanisms > Nov 1 09:04:13 ldap slapd[26166]: conn=42 op=0 SEARCH RESULT > tag=101 err=0 nentries=1 text= > Nov 1 09:04:13 ldap slapd[26166]: conn=42 op=1 BIND dn="" method=163 > Nov 1 09:04:13 ldap slapd[26166]: conn=42 op=2 BIND dn="" method=163 > Nov 1 09:04:13 ldap slapd[26166]: conn=42 op=3 BIND dn="" method=163 > Nov 1 09:04:13 ldap slapd[26166]: SASL [conn=42] Error: unable to > open Berkeley db /etc/sasldb2: No such file or directory > Nov 1 09:04:13 ldap slapd[26166]: conn=42 op=3 BIND authcid="leggett" > Nov 1 09:04:13 ldap slapd[26166]: conn=42 op=3 BIND > dn="uid=leggett,ou=people,o=ci,dc=uchicago,dc=edu" mech=GSSAPI ssf=56 > Nov 1 09:04:13 ldap slapd[26166]: conn=42 op=4 SRCH > base="cn=Subschema" scope=0 deref=0 filter="(objectClass=*)" > Nov 1 09:04:13 ldap slapd[26166]: conn=42 op=4 SRCH > attr=objectClasses attributeTypes matchingRules ldapSyntaxes > Nov 1 09:04:13 ldap slapd[26166]: conn=42 op=4 SEARCH RESULT > tag=101 err=0 nentries=1 text= > Nov 1 09:04:13 ldap slapd[26166]: conn=42 op=5 UNBIND > Nov 1 09:04:13 ldap slapd[26166]: conn=42 fd=14 closed > > and I get the listing of everything I asked for. > > Any ideas or suggestions on this? As far as my untrained eye can > see, everything looks like it should work. |