New subject: cn=monitor attributes (monitorOpInitiated for example) missing in cn=Subschema

23 Apr 2010


      I'm using openldap-stable-20100219.tgz build.  When I look at cn=Monitor
with browsing tools (like Softerra LDAP browser) I do see entries for
monitorOpInitiated and monitorOpCompleted in DN
cn=Operations,cn=Monitor.
When I look at cn=SubSchema, I do not see any definitions of these two
attributes.
Using (unfortunately) Microsoft's VBScript, ADODB, and ADsDSOOBJECT to
access to access cn=Monitor, I can access everything that is defined in
the subschema (entryDN, modifyTimestamp, etc); however, I cannot access
MonitorOpInitiated and such.  Looking at the logs, It looks like the
query never gets to the ldap server because MS checks it against the
cn=subschema.
I saw ITS#4947 and ITS#5576 which sounds like what my problem is
(attributes not published).  Is there a fix for this and what would that
fix be?
My OS for the ldap server is Redhat Enterprise 5.4.
At the end of this email is my redacted slapd.conf file.
---Thanks
Mike Cannady
Information Services
Horry Telephone Cooperative (HTC)
Phone: (843)369-8212
Email: Mike.Cannady@htcinc.net
[root@vmLDAPdev2 openldap]# cat slapd.conf
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include         /usr/local/etc/openldap/schema/core.schema
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/inetorgperson.schema
include         /usr/local/etc/openldap/schema/nis.schema
include         /usr/local/etc/openldap/HTC/iaaa-radius.schema
include         /usr/local/etc/openldap/HTC/radius.schema
include         /usr/local/etc/openldap/HTC/users.schema
# Allow LDAPv2 client connections.  This is NOT the default.
allow bind_v2
loglevel  0x100
#loglevel any
sizelimit unlimited
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral       ldap://root.openldap.org
ServerID 002
pidfile         /usr/local/var/run/slapd.pid
argsfile        /usr/local/var/run/slapd.args
access to *
by dn.one="ou=replicants,ou=admin,dc=htc,dc=com" read
by * break
access to dn.subtree="dc=htc,dc=com"
by dn.one="ou=admin,dc=htc,dc=com" manage
by self write
by anonymous auth
access to *
by self write
by users read
by anonymous auth
#######################################################################
# database definitions
#######################################################################
database        bdb
suffix          "dc=htc,dc=com"
rootdn          "cn=Manager,dc=htc,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw                secret
# rootpw                {crypt}ijFYNcSNctBYg
rootpw                  {xxxxxxx}xxxxxxxxxxxxxxxxxxxxxxxxxx
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory       /usr/local/var/openldap-data
cachesize 50000
dncachesize 50000
idlcachesize 150000
checkpoint 1024 5
# Indices to maintain for this database
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub
index entryCSN                          eq
index entryUUID                         eq
# Replicas of this database
syncrepl rid=001
provider=ldap://vmldapdev1.htc.external:389
type=refreshAndPersist
retry="5 5 300 +"
searchbase="dc=htc,dc=com"
attrs="*,+"
bindmethod=simple
binddn="uid=vmldapdev2,ou=replicants,ou=admin,dc=htc,dc=com"
credentials=atest2
mirrormode TRUE
overlay syncprov
syncprov-checkpoint 1000 1
database monitor
[root@vmLDAPdev2 openldap]
**********************************************************************
HTC Disclaimer:  The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited.  If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer.  Thank you.
**********************************************************************