"John Alexander" jalexander@concentricsky.com schrieb am 06.06.2020 um 18:45
in Nachricht <17901_1591478669_5EDC098C_17901_24_1_20200606164545.849.61910@hypatia.openldap. rg>:
Hi Howard,
Well, that is interesting.
[root@ldap3 ~]# ldapsearch -x -b cn=module{0},cn=config -H ldapi:/// # extended LDIF # # LDAPv3 # base <cn=module{0},cn=config> with scope subtree # filter: (objectclass=*) # requesting: ALL #
# search result search: 2 result: 32 No such object
Could it be that your user is not allowed to search/list that object?
Would this indicate that LDAP does not think that there are any modules loaded? slapcat -n 0 | grep olcModuleLoad shows olcModuleLoad: {0}back_bdb olcModuleLoad: {1}syncprov
I'm out of my depth on path forward now.
John Alexander
Hi Ulrich,
No. It was that I was tired and neglected to include the "-Y EXTERNAL" flag on my search.
And now it is more problems. Slapcat of cn=config indicated that ppolicy module was not loaded while ldapsearch indicated that it was. I applied the ppolicy overlay as follows:
dn: olcOverlay=ppolicy,olcDatabase={2}hdb,cn=config objectClass: olcOverlayConfig objectClass: olcPPolicyConfig olcOverLay: ppolicy olcPPolicyDefault: cn=default,ou=policies,dc=mydomain,dc=com
and now, slapcat -n 0 returns the following:
5ede54b5 UNKNOWN attributeDescription "OLCPPOLICYDEFAULT" inserted. 5ede54b5 config error processing olcOverlay={1}ppolicy,olcDatabase={2}hdb,cn=config: slapcat: bad configuration file!
I assume this is because there is no olcModuleLoad attribute in the ldif for ppolicy. Would it be appropriate to remove the olcOverlay={1}ppolicy,oldDatabase={2}hdb.ldif file - since by my understanding ldapdelete does not work against cn=config
John Alexander
On Sun, Jun 7, 2020 at 10:57 PM Ulrich Windl < Ulrich.Windl@rz.uni-regensburg.de> wrote:
"John Alexander" jalexander@concentricsky.com schrieb am 06.06.2020
um 18:45 in Nachricht
<17901_1591478669_5EDC098C_17901_24_1_20200606164545.849.61910@hypatia.openldap. rg>:
Hi Howard,
Well, that is interesting.
[root@ldap3 ~]# ldapsearch -x -b cn=module{0},cn=config -H ldapi:/// # extended LDIF # # LDAPv3 # base <cn=module{0},cn=config> with scope subtree # filter: (objectclass=*) # requesting: ALL #
# search result search: 2 result: 32 No such object
Could it be that your user is not allowed to search/list that object?
Would this indicate that LDAP does not think that there are any modules loaded? slapcat -n 0 | grep olcModuleLoad shows olcModuleLoad: {0}back_bdb olcModuleLoad: {1}syncprov
I'm out of my depth on path forward now.
John Alexander
--On Monday, June 8, 2020 9:16 AM -0700 John Alexander jalexander@concentricsky.com wrote:
5ede54b5 UNKNOWN attributeDescription "OLCPPOLICYDEFAULT" inserted. 5ede54b5 config error processing olcOverlay={1}ppolicy,olcDatabase={2}hdb,cn=config: slapcat: bad configuration file!
I assume this is because there is no olcModuleLoad attribute in the ldif for ppolicy. Would it be appropriate to remove the olcOverlay={1}ppolicy,oldDatabase={2}hdb.ldif file - since by my understanding ldapdelete does not work against cn=config
You must moduleload the ppolicy module before you can instantiate ppolicy against a database backend.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
openldap-technical@openldap.org
-
John Alexander -
Quanah Gibson-Mount -
Ulrich Windl