I'm using openldap-stable-20100219.tgz build. When I look at cn=Monitor with browsing tools (like Softerra LDAP browser) I do see entries for monitorOpInitiated and monitorOpCompleted in DN cn=Operations,cn=Monitor.
When I look at cn=SubSchema, I do not see any definitions of these two attributes.
Using (unfortunately) Microsoft's VBScript, ADODB, and ADsDSOOBJECT to access to access cn=Monitor, I can access everything that is defined in the subschema (entryDN, modifyTimestamp, etc); however, I cannot access MonitorOpInitiated and such. Looking at the logs, It looks like the query never gets to the ldap server because MS checks it against the cn=subschema.
I saw ITS#4947 and ITS#5576 which sounds like what my problem is (attributes not published). Is there a fix for this and what would that fix be?
My OS for the ldap server is Redhat Enterprise 5.4.
At the end of this email is my redacted slapd.conf file.
---Thanks
Mike Cannady
Information Services
Horry Telephone Cooperative (HTC)
Phone: (843)369-8212
Email: Mike.Cannady@htcinc.net
[root@vmLDAPdev2 openldap]# cat slapd.conf
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/HTC/iaaa-radius.schema
include /usr/local/etc/openldap/HTC/radius.schema
include /usr/local/etc/openldap/HTC/users.schema
# Allow LDAPv2 client connections. This is NOT the default.
allow bind_v2
loglevel 0x100
#loglevel any
sizelimit unlimited
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
ServerID 002
pidfile /usr/local/var/run/slapd.pid
argsfile /usr/local/var/run/slapd.args
access to *
by dn.one="ou=replicants,ou=admin,dc=htc,dc=com" read
by * break
access to dn.subtree="dc=htc,dc=com"
by dn.one="ou=admin,dc=htc,dc=com" manage
by self write
by anonymous auth
access to *
by self write
by users read
by anonymous auth
#######################################################################
# database definitions
#######################################################################
database bdb
suffix "dc=htc,dc=com"
rootdn "cn=Manager,dc=htc,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw secret
# rootpw {crypt}ijFYNcSNctBYg
rootpw {xxxxxxx}xxxxxxxxxxxxxxxxxxxxxxxxxx
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /usr/local/var/openldap-data
cachesize 50000
dncachesize 50000
idlcachesize 150000
checkpoint 1024 5
# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
index entryCSN eq
index entryUUID eq
# Replicas of this database
syncrepl rid=001
provider=ldap://vmldapdev1.htc.external:389
type=refreshAndPersist
retry="5 5 300 +"
searchbase="dc=htc,dc=com"
attrs="*,+"
bindmethod=simple
binddn="uid=vmldapdev2,ou=replicants,ou=admin,dc=htc,dc=com"
credentials=atest2
mirrormode TRUE
overlay syncprov
syncprov-checkpoint 1000 1
database monitor
[root@vmLDAPdev2 openldap]
********************************************************************** HTC Disclaimer: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. **********************************************************************