Dieter Kluenter wrote:
John Du jjohndu@gmail.com writes:
Hi,
We have been running OpenLDAP 2.2.13 on RHEL4 for a few years without problems. We recently upgraded OpenLDAP to 2.4.11 to use the multi-master capability. After upgrade, we are having 2 problems with the new version.
- We have an attribute c in the ou=People sub-tree. The value can
be either US or CA. Now if we search "c=US" or "c=CA", we do not get any matches. But if we do "c=U*", it finds all the c=US entries. Same thing happens to c=C*.
- LAM 2.5.0 (LDAP Account Manager) cannot browse the schema on the
new server. It says "Unable to retrieve schema". LAM worked fine with OpenLDAP 2.2.13.
I would appreciate any information that would help us resolve the problem.
Please provide some more information, i.e. configuration of indexes and access rules to cn=subschema, as well as examples of search strings.
Thanks to all who have responded to my questions.
I fixed the two problems.
Problem one was fixed by adding an "access to dn.subtree="cn=SubSchema by * read".
Problem 2 was fixed by adding an index: "index c eq,sub"
I thought the root DN is not subject any access control rules but that does not seem to be the case. I do not understand why I have to add the index for the new server but not for the old one.
Anyways, thank you for your help.
-Dieter