Hi Everyone, I am having an issue accessing attributes that are not in "cn=Subschema" I'm using openldap-stable-20100219.tgz build. When I look at cn=Monitor with browsing tools (like Softerra LDAP browser) I do see entries for monitorOpInitiated and monitorOpCompleted in DN cn=Operations,cn=Monitor. For example from a ldapsearch result:
# Modify, Operations, Monitor dn: cn=Modify,cn=Operations,cn=Monitor structuralObjectClass: monitorOperation creatorsName: modifiersName: createTimestamp: 20100421205801Z modifyTimestamp: 20100421205801Z monitorOpInitiated: 39 monitorOpCompleted: 39 entryDN: cn=Modify,cn=Operations,cn=Monitor subschemaSubentry: cn=Subschema hasSubordinates: FALSE When I look at cn=Subschema, I do not see any definitions of these two attributes. Shouldn't they be there? Using (unfortunately) Microsoft's VBScript, ADODB, and ADsDSOOBJECT to access to access cn=Monitor, I can access everything that is defined in the subschema (entryDN, modifyTimestamp, etc); however, I cannot access MonitorOpInitiated and such. Looking at the logs, It looks like the query never gets to the ldap server because MS checks it against the cn=subschema. I saw ITS#4947 and ITS#5576 which sounds like what my problem is (attributes not published). Is there a fix for this and what would that fix be? My OS for the ldap server is Redhat Enterprise 5.4. At the end of this email is my redacted slapd.conf file. I had sent this to the bugs mail-list, but they said to post it here. ---Thanks Mike Cannady [r...@vmldapdev2 openldap]# cat slapd.conf # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/nis.schema include /usr/local/etc/openldap/HTC/iaaa-radius.schema include /usr/local/etc/openldap/HTC/radius.schema include /usr/local/etc/openldap/HTC/users.schema # Allow LDAPv2 client connections. This is NOT the default. allow bind_v2 loglevel 0x100 #loglevel any sizelimit unlimited # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org ServerID 002 pidfile /usr/local/var/run/slapd.pid argsfile /usr/local/var/run/slapd.args access to * by dn.one="ou=replicants,ou=admin,dc=htc,dc=com" read by * break access to dn.subtree="dc=htc,dc=com" by dn.one="ou=admin,dc=htc,dc=com" manage by self write by anonymous auth access to * by self write by users read by anonymous auth ####################################################################### # database definitions ####################################################################### database bdb suffix "dc=htc,dc=com" rootdn "cn=Manager,dc=htc,dc=com" # Cleartext passwords, especially for the rootdn, should # be avoided. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. # rootpw secret # rootpw {crypt}ijFYNcSNctBYg rootpw {xxxxxxx}xxxxxxxxxxxxxxxxxxxxxxxxxx # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /usr/local/var/openldap-data cachesize 50000 dncachesize 50000 idlcachesize 150000 checkpoint 1024 5 # Indices to maintain for this database index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub index entryCSN eq index entryUUID eq # Replicas of this database syncrepl rid=001 provider=ldap://vmldapdev1.htc.external:389 type=refreshAndPersist retry="5 5 300 +" searchbase="dc=htc,dc=com" attrs="*,+" bindmethod=simple binddn="uid=vmldapdev2,ou=replicants,ou=admin,dc=htc,dc=com" credentials=atest2 mirrormode TRUE overlay syncprov syncprov-checkpoint 1000 1 database monitor [r...@vmldapdev2 openldap]
