On Wednesday, 4 July 2007, Brian Gaber wrote:
Took the slapcat output from version 2.0.27 (ldbm) to version 2.3.32 (bdm). Used /usr/local/bin/slapadd on 2.3.32 and am using Berkeley 4.5.20. The slapadd works fine. Then I issued chown ldap:ldap on the /var/lib/ldap-2.3.32 directory and files. Any type of ldapsearch results in a 32 no such object. The identical ldapsearch on the old ldap works fine.
Search: /usr/local/bin/ldapsearch -h 10.16.13.85 -x -b o=pwgsc -s sub uid=gaberb
Slapd.conf: include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/nis.schema include /usr/local/etc/openldap/schema/fw1ng.schema
pidfile /usr/local/var/run/slapd.pid argsfile /usr/local/var/run/slapd.args
allow bind_v2 #loglevel 296
sizelimit 500000 access to * by self write by peername=10.16.13.84 write by peername=10.16.13.81 read by peername=10.16.13.82 read by peername=10.16.13.83 read by peername=10.16.13.85 read by peername=10.16.13.86 read
database bdb suffix "o=pwgsc" rootdn "cn=admin,o=pwgsc" rootpw {CRYPT}iWkhys7q1iVpM directory /var/lib/ldap-2.3.32
# Indices to maintain index objectClass,uid,uidNumber,gidNumber,memberUid eq index cn,mail,surname,givenname eq,subinitial
# Master from which we should accept changes updatedn "cn=admin,o=pwgsc" updateref ldap://10.16.13.84
Log:
do_bind: v3 anonymous bind
To check if your ACLs need to be upgraded to more recent syntax, please try the search as rootdn. If it works, your peername clauses may need adjustment, e.g. to 'by peername.ip=xxx.xxx.xxx.xxx read'
If the search does not succeed as rootdn, then it may be worthwhile doing an ldapsearch from the 2.0.x, and ldapadd'ing this on the 2.3.x, to see if you may have missing data above the data you need (which slapadd may allow in, but slapd won't let out).
Regards, Buchan