I'm using openldap-stable-20100219.tgz build. When I look at cn=Monitor with browsing tools (like Softerra LDAP browser) I do see entries for monitorOpInitiated and monitorOpCompleted in DN cn=Operations,cn=Monitor. For example from a ldapsearch result:
#
Modify, Operations, Monitor
dn:
cn=Modify,cn=Operations,cn=Monitor
structuralObjectClass:
monitorOperation
creatorsName:
modifiersName:
createTimestamp:
20100421205801Z
modifyTimestamp: 20100421205801Z
monitorOpInitiated:
39
monitorOpCompleted: 39
entryDN:
cn=Modify,cn=Operations,cn=Monitor
subschemaSubentry:
cn=Subschema
hasSubordinates: FALSE
When I look at cn=Subschema, I do not see any definitions of these two attributes. Shouldn't they be there?
Using (unfortunately) Microsoft's VBScript, ADODB, and ADsDSOOBJECT
to access to access cn=Monitor, I can access everything that is defined in the
subschema (entryDN, modifyTimestamp, etc); however, I cannot access
MonitorOpInitiated and such. Looking at the logs, It looks like the query
never gets to the ldap server because MS checks it against the
cn=subschema.
I saw ITS#4947 and ITS#5576 which sounds like what my problem is
(attributes not published). Is there a fix for this and what would that
fix be?
My OS for the ldap server is Redhat Enterprise
5.4.
At the end of this email is my redacted slapd.conf file.
I had sent this to the bugs mail-list, but they said to post it here.
---Thanks
Mike Cannady
[root@vmLDAPdev2 openldap]# cat
slapd.conf
#
# See slapd.conf(5) for details on
configuration options.
# This file should NOT be world
readable.
#
include
/usr/local/etc/openldap/schema/core.schema
include
/usr/local/etc/openldap/schema/cosine.schema
include
/usr/local/etc/openldap/schema/inetorgperson.schema
include
/usr/local/etc/openldap/schema/nis.schema
include
/usr/local/etc/openldap/HTC/iaaa-radius.schema
include
/usr/local/etc/openldap/HTC/radius.schema
include
/usr/local/etc/openldap/HTC/users.schema
# Allow LDAPv2 client
connections. This is NOT the default.
allow
bind_v2
loglevel
0x100
#loglevel any
sizelimit
unlimited
# Do not enable referrals until
AFTER you have a working directory
# service AND an understanding of
referrals.
#referral
ldap://root.openldap.org
ServerID
002
pidfile
/usr/local/var/run/slapd.pid
argsfile
/usr/local/var/run/slapd.args
access to
*
by dn.one="ou=replicants,ou=admin,dc=htc,dc=com"
read
by * break
access to
dn.subtree="dc=htc,dc=com"
by dn.one="ou=admin,dc=htc,dc=com" manage
by self write
by anonymous auth
access to
*
by self write
by users read
by anonymous auth
#######################################################################
# database
definitions
#######################################################################
database
bdb
suffix
"dc=htc,dc=com"
rootdn
"cn=Manager,dc=htc,dc=com"
# Cleartext passwords, especially
for the rootdn, should
# be avoided. See
slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication
encouraged.
#
rootpw
secret
#
rootpw
{crypt}ijFYNcSNctBYg
rootpw
{xxxxxxx}xxxxxxxxxxxxxxxxxxxxxxxxxx
# The database directory MUST exist
prior to running slapd AND
# should only be accessible by the
slapd and slap tools.
# Mode 700
recommended.
directory
/usr/local/var/openldap-data
cachesize
50000
dncachesize
50000
idlcachesize
150000
checkpoint 1024
5
# Indices to maintain for this
database
index
objectClass
eq,pres
index
ou,cn,mail,surname,givenname
eq,pres,sub
index
uidNumber,gidNumber,loginShell
eq,pres
index
uid,memberUid
eq,pres,sub
index
nisMapName,nisMapEntry
eq,pres,sub
index
entryCSN
eq
index
entryUUID
eq
# Replicas of this
database
syncrepl
rid=001
provider=ldap://vmldapdev1.htc.external:389
type=refreshAndPersist
retry="5 5 300 +"
searchbase="dc=htc,dc=com"
attrs="*,+"
bindmethod=simple
binddn="uid=vmldapdev2,ou=replicants,ou=admin,dc=htc,dc=com"
credentials=atest2
mirrormode
TRUE
overlay
syncprov
syncprov-checkpoint 1000
1
database
monitor
[root@vmLDAPdev2
openldap]