Hi Everyone,
I am having an issue accessing attributes that are not in "cn=Subschema"
I'm using openldap-stable-20100219.tgz build. When I look at cn=Monitor with browsing tools (like Softerra LDAP browser) I do see entries for monitorOpInitiated and monitorOpCompleted in DN cn=Operations,cn=Monitor. For example from a ldapsearch result:
# Modify, Operations, Monitor dn: cn=Modify,cn=Operations,cn=Monitor structuralObjectClass: monitorOperation creatorsName: modifiersName: createTimestamp: 20100421205801Z modifyTimestamp: 20100421205801Z monitorOpInitiated: 39 monitorOpCompleted: 39 entryDN: cn=Modify,cn=Operations,cn=Monitor subschemaSubentry: cn=Subschema hasSubordinates: FALSE
When I look at cn=Subschema, I do not see any definitions of these two attributes. Shouldn't they be there?
Using (unfortunately) Microsoft's VBScript, ADODB, and ADsDSOOBJECT to access to access cn=Monitor, I can access everything that is defined in the subschema (entryDN, modifyTimestamp, etc); however, I cannot access MonitorOpInitiated and such. Looking at the logs, It looks like the query never gets to the ldap server because MS checks it against the cn=subschema.
I saw ITS#4947 and ITS#5576 which sounds like what my problem is (attributes not published). Is there a fix for this and what would that fix be?
My OS for the ldap server is Redhat Enterprise 5.4.
At the end of this email is my redacted slapd.conf file.
I had sent this to the bugs mail-list, but they said to post it here.
---Thanks
Mike Cannady
[root@vmLDAPdev2 openldap]# cat slapd.conf
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/HTC/iaaa-radius.schema
include /usr/local/etc/openldap/HTC/radius.schema
include /usr/local/etc/openldap/HTC/users.schema
# Allow LDAPv2 client connections. This is NOT the default.
allow bind_v2
loglevel 0x100
#loglevel any
sizelimit unlimited
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
ServerID 002
pidfile /usr/local/var/run/slapd.pid
argsfile /usr/local/var/run/slapd.args
access to *
by dn.one="ou=replicants,ou=admin,dc=htc,dc=com" read
by * break
access to dn.subtree="dc=htc,dc=com"
by dn.one="ou=admin,dc=htc,dc=com" manage
by self write
by anonymous auth
access to *
by self write
by users read
by anonymous auth
#######################################################################
# database definitions
#######################################################################
database bdb
suffix "dc=htc,dc=com"
rootdn "cn=Manager,dc=htc,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw secret
# rootpw {crypt}ijFYNcSNctBYg
rootpw {xxxxxxx}xxxxxxxxxxxxxxxxxxxxxxxxxx
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /usr/local/var/openldap-data
cachesize 50000
dncachesize 50000
idlcachesize 150000
checkpoint 1024 5
# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
index entryCSN eq
index entryUUID eq
# Replicas of this database
syncrepl rid=001
provider=ldap://vmldapdev1.htc.external:389
type=refreshAndPersist
retry="5 5 300 +"
searchbase="dc=htc,dc=com"
attrs="*,+"
bindmethod=simple
binddn="uid=vmldapdev2,ou=replicants,ou=admin,dc=htc,dc=com"
credentials=atest2
mirrormode TRUE
overlay syncprov
syncprov-checkpoint 1000 1
database monitor
[root@vmLDAPdev2 openldap]