Hi Everyone,
 
I am having an issue accessing attributes that are not in "cn=Subschema"  
 

I'm using openldap-stable-20100219.tgz build.  When I look at cn=Monitor with browsing tools (like Softerra LDAP browser) I do see entries for monitorOpInitiated and monitorOpCompleted in DN cn=Operations,cn=Monitor.  For example from a ldapsearch result:

 

# Modify, Operations, Monitor
dn: cn=Modify,cn=Operations,cn=Monitor
structuralObjectClass: monitorOperation
creatorsName:
modifiersName:
createTimestamp: 20100421205801Z
modifyTimestamp: 20100421205801Z
monitorOpInitiated: 39
monitorOpCompleted: 39
entryDN: cn=Modify,cn=Operations,cn=Monitor
subschemaSubentry: cn=Subschema
hasSubordinates: FALSE

 

When I look at cn=Subschema, I do not see any definitions of these two attributes.  Shouldn't they be there?

 

Using (unfortunately) Microsoft's VBScript, ADODB, and ADsDSOOBJECT to access to access cn=Monitor, I can access everything that is defined in the subschema (entryDN, modifyTimestamp, etc); however, I cannot access MonitorOpInitiated and such.  Looking at the logs, It looks like the query never gets to the ldap server because MS checks it against the cn=subschema.

 

I saw ITS#4947 and ITS#5576 which sounds like what my problem is (attributes not published).  Is there a fix for this and what would that fix be?

 

My OS for the ldap server is Redhat Enterprise 5.4.

 

At the end of this email is my redacted slapd.conf file.

 

I had sent this to the bugs mail-list, but they said to post it here.

 

---Thanks

 

Mike Cannady

 

 

 

[root@vmLDAPdev2 openldap]# cat slapd.conf

#

# See slapd.conf(5) for details on configuration options.

# This file should NOT be world readable.

#

include         /usr/local/etc/openldap/schema/core.schema

include         /usr/local/etc/openldap/schema/cosine.schema

include         /usr/local/etc/openldap/schema/inetorgperson.schema

include         /usr/local/etc/openldap/schema/nis.schema

 

include         /usr/local/etc/openldap/HTC/iaaa-radius.schema

include         /usr/local/etc/openldap/HTC/radius.schema

 

include         /usr/local/etc/openldap/HTC/users.schema

 

# Allow LDAPv2 client connections.  This is NOT the default.

allow bind_v2

loglevel  0x100

#loglevel any

sizelimit unlimited

# Do not enable referrals until AFTER you have a working directory

# service AND an understanding of referrals.

#referral       ldap://root.openldap.org

ServerID 002

pidfile         /usr/local/var/run/slapd.pid

argsfile        /usr/local/var/run/slapd.args

 

access to *

        by dn.one="ou=replicants,ou=admin,dc=htc,dc=com" read

        by * break

 

access to dn.subtree="dc=htc,dc=com"

        by dn.one="ou=admin,dc=htc,dc=com" manage

        by self write

        by anonymous auth

 

access to *

        by self write

        by users read

        by anonymous auth

 

 

#######################################################################

# database definitions

#######################################################################

 

database        bdb

suffix          "dc=htc,dc=com"

rootdn          "cn=Manager,dc=htc,dc=com"

# Cleartext passwords, especially for the rootdn, should

# be avoided.  See slappasswd(8) and slapd.conf(5) for details.

# Use of strong authentication encouraged.

# rootpw                secret

# rootpw                {crypt}ijFYNcSNctBYg

rootpw                  {xxxxxxx}xxxxxxxxxxxxxxxxxxxxxxxxxx

 

 

# The database directory MUST exist prior to running slapd AND

# should only be accessible by the slapd and slap tools.

# Mode 700 recommended.

directory       /usr/local/var/openldap-data

cachesize 50000

dncachesize 50000

idlcachesize 150000

checkpoint 1024 5

 

# Indices to maintain for this database

index objectClass                       eq,pres

index ou,cn,mail,surname,givenname      eq,pres,sub

index uidNumber,gidNumber,loginShell    eq,pres

index uid,memberUid                     eq,pres,sub

index nisMapName,nisMapEntry            eq,pres,sub

index entryCSN                          eq

index entryUUID                         eq

 

 

# Replicas of this database

syncrepl rid=001

        provider=ldap://vmldapdev1.htc.external:389

        type=refreshAndPersist

        retry="5 5 300 +"

        searchbase="dc=htc,dc=com"

        attrs="*,+"

        bindmethod=simple

        binddn="uid=vmldapdev2,ou=replicants,ou=admin,dc=htc,dc=com"

        credentials=atest2

 

mirrormode TRUE

 

overlay syncprov

syncprov-checkpoint 1000 1

 

database monitor

 

[root@vmLDAPdev2 openldap]