10:57 p.m.
>> "John Alexander"
<jalexander(a)concentricsky.com> schrieb am 06.06.2020 um 18:45
in Nachricht
<17901_1591478669_5EDC098C_17901_24_1_20200606164545.849.61910(a)hypatia.openldap.
rg>:
Hi Howard,
Well, that is interesting.
[root@ldap3 ~]# ldapsearch -x -b cn=module{0},cn=config -H ldapi:///
# extended LDIF
#
# LDAPv3
# base <cn=module{0},cn=config> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# search result
search: 2
result: 32 No such object
Could it be that your user is not allowed to search/list that object?
Would this indicate that LDAP does not think that there are any modules
loaded? slapcat -n 0 | grep olcModuleLoad shows
olcModuleLoad: {0}back_bdb
olcModuleLoad: {1}syncprov
I'm out of my depth on path forward now.
John Alexander
8:16 a.m.
New subject: [EXT] Re: ppolicy: attempting to load ppolicy module
Hi Ulrich,
No. It was that I was tired and neglected to include the "-Y EXTERNAL"
flag on my search.
And now it is more problems. Slapcat of cn=config indicated that ppolicy
module was not loaded while ldapsearch indicated that it was. I applied
the ppolicy overlay as follows:
dn: olcOverlay=ppolicy,olcDatabase={2}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcPPolicyConfig
olcOverLay: ppolicy
olcPPolicyDefault: cn=default,ou=policies,dc=mydomain,dc=com
and now, slapcat -n 0 returns the following:
5ede54b5 UNKNOWN attributeDescription "OLCPPOLICYDEFAULT" inserted.
5ede54b5 config error processing
olcOverlay={1}ppolicy,olcDatabase={2}hdb,cn=config:
slapcat: bad configuration file!
I assume this is because there is no olcModuleLoad attribute in the ldif
for ppolicy. Would it be appropriate to remove the
olcOverlay={1}ppolicy,oldDatabase={2}hdb.ldif file - since by my
understanding ldapdelete does not work against cn=config
John Alexander
On Sun, Jun 7, 2020 at 10:57 PM Ulrich Windl <
Ulrich.Windl(a)rz.uni-regensburg.de> wrote:
>>> "John Alexander"
<jalexander(a)concentricsky.com> schrieb am 06.06.2020
um 18:45
in Nachricht
<17901_1591478669_5EDC098C_17901_24_1_20200606164545.849.61910(a)hypatia.openldap.
rg>:
> Hi Howard,
>
> Well, that is interesting.
>
> [root@ldap3 ~]# ldapsearch -x -b cn=module{0},cn=config -H ldapi:///
> # extended LDIF
> #
> # LDAPv3
> # base <cn=module{0},cn=config> with scope subtree
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # search result
> search: 2
> result: 32 No such object
Could it be that your user is not allowed to search/list that object?
>
> Would this indicate that LDAP does not think that there are any modules
> loaded? slapcat -n 0 | grep olcModuleLoad shows
> olcModuleLoad: {0}back_bdb
> olcModuleLoad: {1}syncprov
>
> I'm out of my depth on path forward now.
>
> John Alexander
--
John Alexander
Systems Administrator
E: jalexander(a)concentricsky.com
Concentric Sky, Inc
https://www.concentricsky.com
8:36 a.m.
New subject: [EXT] Re: ppolicy: attempting to load ppolicy module
--On Monday, June 8, 2020 9:16 AM -0700 John Alexander
<jalexander(a)concentricsky.com> wrote:
5ede54b5 UNKNOWN attributeDescription "OLCPPOLICYDEFAULT" inserted.
5ede54b5 config error processing
olcOverlay={1}ppolicy,olcDatabase={2}hdb,cn=config:
slapcat: bad configuration file!
I assume this is because there is no olcModuleLoad attribute in the ldif
for ppolicy. Would it be appropriate to remove the
olcOverlay={1}ppolicy,oldDatabase={2}hdb.ldif file - since by my
understanding ldapdelete does not work against cn=config
You must moduleload the ppolicy module before you can instantiate ppolicy
against a database backend.
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
1089
days inactive
1089
days old
openldap-technical@openldap.org
2 comments
3 participants
participants (3)
-
John Alexander -
Quanah Gibson-Mount -
Ulrich Windl