Hi All,
I'm currently in the progress of moving from v2.3 to 2.4 and have been following the procedure shown in the documentation for switching from the old slapd.conf to the new cn= format, i.e. slaptest -f <path> -F path> .
If I copy over slapd.conf from my old server and run slapd -d 256 , it starts perfectly and answers querires, etc.. If, on the other hand, I run the slaptest command shown above I get the following:
<= str2entry(cn={1}core) -> 0x7fda53d38798 => access_allowed: search access to "cn={1}core,cn=schema,cn=config" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) olcAttributeTypes: value #0 olcAttributeTypes: Duplicate attributeType: "2.5.4.2" config error processing cn={1}core,cn=schema,cn=config: olcAttributeTypes: Duplicate attributeType: "2.5.4.2" send_ldap_result: conn=-1 op=0 p=0 send_ldap_result: err=80 matched="" text="" slapd destroy: freeing system resources. slapd stopped. connections_destroy: nothing to destroy.
I've been around Google and have found no solutions. My slapd.conf is years old and was made according to the smbldap tutorial originally written by IDEALX. The file is shown below and any info is welcome.
Thanks,
Julian
####slapd.conf ####
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/samba.schema
database bdb directory /var/lib/ldap suffix "dc=bordengrammar,dc=kent,dc=sch,dc=uk" rootdn "cn=Administrator,dc=bordengrammar,dc=kent,dc=sch,dc=uk" sizelimit 10000 idletimeout 3700
rootpw {SSHA}<removed>
index objectClass,uidNumber,gidNumber eq index cn,sn,uid,displayName pres,sub,eq index memberUid,mail,givenname eq,subinitial index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
# TLSCertificateFile /etc/openldap/cacerts/ldap.cert # TLSCertificateKeyFile /etc/openldap/cacerts/ldap.key
access to attrs=userPassword,sambaLMPassword,sambaNTPassword by self write by anonymous auth by * none access to * by * read
access to attrs=userPassword,sambaNTPassword,sambaLMPassword,sambaPwdLastSet,sambaPwdMustChange by dn="cn=samba,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write by dn="cn=smbldap-tools,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write by dn="cn=nssldap,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write by self write by anonymous auth by * none access to attrs=objectClass,entry,homeDirectory,uid,uidNumber,gidNumber,memberUid by dn="cn=samba,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write by dn="cn=smbldap-tools,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write by * read access to attrs=description,telephoneNumber,roomNumber,homePhone,loginShell,gecos,cn,sn,givenname by dn="cn=samba,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write by dn="cn=smbldap-tools,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write by self write by * read access to attrs=cn,sambaLMPassword,sambaNTPassword,sambaPwdLastSet,sambaLogonTime,sambaLogoffTime,sambaKickoffTime,sambaPwdCanChange,sambaPwdMustChange,sambaAcctFlags,displayName,sambaHomePath,sambaHomeDrive,sambaLogonScript,sambaProfilePath,description,sambaUserWorkstations,sambaPrimaryGroupSID,sambaDomainName,sambaMungedDial,sambaBadPasswordCount,sambaBadPasswordTime,sambaPasswordHistory,sambaLogonHours,sambaSID,sambaSIDList,sambaTrustFlags,sambaGroupType,sambaNextRid,sambaNextGroupRid,sambaNextUserRid,sambaAlgorithmicRidBase,sambaShareName,sambaOptionName,sambaBoolOption,sambaIntegerOption,sambaStringOption,sambaStringListoption by dn="cn=samba,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write by dn="cn=smbldap-tools,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write by self write by * read access to dn.base="dc=bordengrammar,dc=kent,dc=sch,dc=uk" by dn="cn=samba,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write by dn="cn=smbldap-tools,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write by * none access to dn="ou=Users,dc=bordengrammar,dc=kent,dc=sch,dc=uk" by dn="cn=samba,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write by dn="cn=smbldap-tools,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write by * none access to dn="ou=Groups,dc=bordengrammar,dc=kent,dc=sch,dc=uk" by dn="cn=samba,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write by dn="cn=smbldap-tools,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write by * none access to dn="ou=Computers,dc=bordengrammar,dc=kent,dc=sch,dc=uk" by dn="cn=samba,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write by dn="cn=smbldap-tools,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write by * none access to * by dn="cn=slapmaster,ou=Users,dc=bordengrammar,dc=kent,dc=sch,dc=uk" read by self read by * none
Am Fri, 18 Mar 2011 11:01:50 -0000 (UTC) schrieb jpb@bordengrammar.kent.sch.uk:
Hi All,
I'm currently in the progress of moving from v2.3 to 2.4 and have been following the procedure shown in the documentation for switching from the old slapd.conf to the new cn= format, i.e. slaptest -f <path> -F path> .
If I copy over slapd.conf from my old server and run slapd -d 256 , it starts perfectly and answers querires, etc.. If, on the other hand, I run the slaptest command shown above I get the following:
<= str2entry(cn={1}core) -> 0x7fda53d38798 => access_allowed: search access to "cn={1}core,cn=schema,cn=config" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) olcAttributeTypes: value #0 olcAttributeTypes: Duplicate attributeType: "2.5.4.2" config error processing cn={1}core,cn=schema,cn=config: olcAttributeTypes: Duplicate attributeType: "2.5.4.2" send_ldap_result: conn=-1 op=0 p=0 send_ldap_result: err=80 matched="" text="" slapd destroy: freeing system resources. slapd stopped. connections_destroy: nothing to destroy.
[...]
Check your core.schema and cn={1}core,ch=schemamcn=config it seems that the attribute type knowledgeInformation is ducplicate.
-Dieter
openldap-technical@openldap.org
-
Dieter Kluenter -
jpb@bordengrammar.kent.sch.uk