Back with a further clarification and trying to solve a problem for our programmers.

 

ldapsearch -x -H ldapi:/// -s base -b '' namingContext "*" + -D $ROOTDN -W

Enter LDAP Password:

# extended LDIF

#

# LDAPv3

# base <> with scope baseObject

# filter: (objectclass=*)

# requesting: namingContext * +

#

 

#

dn:

objectClass: top

objectClass: OpenLDAProotDSE

structuralObjectClass: OpenLDAProotDSE

configContext: cn=config

namingContexts: cn=accesslog

namingContexts: dc=example,dc=com

monitorContext: cn=Monitor

supportedControl: 1.3.6.1.4.1.4203.1.9.1.1

supportedControl: 2.16.840.1.113730.3.4.18

supportedControl: 2.16.840.1.113730.3.4.2

supportedControl: 1.3.6.1.4.1.4203.1.10.1

supportedControl: 1.2.840.113556.1.4.319

supportedControl: 1.2.826.0.1.3344810.2.3

supportedControl: 1.3.6.1.1.13.2

supportedControl: 1.3.6.1.1.13.1

supportedControl: 1.3.6.1.1.12

supportedExtension: 1.3.6.1.4.1.1466.20037

supportedExtension: 1.3.6.1.4.1.4203.1.11.1

supportedExtension: 1.3.6.1.4.1.4203.1.11.3

supportedExtension: 1.3.6.1.1.8

supportedFeatures: 1.3.6.1.1.14

supportedFeatures: 1.3.6.1.4.1.4203.1.5.1

supportedFeatures: 1.3.6.1.4.1.4203.1.5.2

supportedFeatures: 1.3.6.1.4.1.4203.1.5.3

supportedFeatures: 1.3.6.1.4.1.4203.1.5.4

supportedFeatures: 1.3.6.1.4.1.4203.1.5.5

supportedLDAPVersion: 3

supportedSASLMechanisms: GSSAPI

supportedSASLMechanisms: PLAIN

supportedSASLMechanisms: LOGIN

supportedSASLMechanisms: EXTERNAL

entryDN:

subschemaSubentry: cn=Subschema

 

# search result

search: 2

result: 0 Success

 

# numResponses: 2

# numEntries: 1

 

So our programmers want me to filter out ‘namingContexts: cn=accesslog’ for them (please don’t ask).

 

# cat naming_context.ldif

dn: olcDatabase={-1}frontend,cn=config

changetype: modify

add: olcAccess

olcAccess: {0}to dn.exact=""

    attrs=namingContext

    val/distinguishedNameMatch="cn=accesslog transitional"

    by * none

 

ldapmodify -H ldapi:/// -Y EXTERNAL -f naming_context.ldif

SASL/EXTERNAL authentication started

SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth

SASL SSF: 0

modifying entry "olcDatabase={-1}frontend,cn=config"

ldap_modify: Other (e.g., implementation specific) error (80)

        additional info: <olcAccess> handler exited with 1

 

Anyone want to hit me with a clue stick so I can hide the ‘cn=accesslog’ database from my programmers so they don’t have to rewrite code?