RE: unknown LDAP result code (-30990): using groups to manage ACL's

["Howard Chu" <hyc@highlandsun.com>]

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Chris Paul

> Hello OpenLDAP users,
>
> I'm trying to follow the instructions from the Faq-o-Matic ("How do I
> use groups as manage access controls?").
>
> This is OpenLDAP 2.1.25 with BDB 4.2.52 (RedHat 9). It is a fresh
> database. I just imported all the records. I created a "groupofNames"
> object:
>
> dn: cn=Adminstrators,dc=company,dc=com
> cn: Adminstrators
> objectClass: groupOfNames
> objectClass: top
> member: uid=chris,ou=people,ou=corporate,dc=company,dc=com
>
> I try the following command:
>
> ldapmodify -v -ZZ -x -w password -D \
> uid=chris,ou=people,ou=corporate,dc=company,dc=com -f entry
>
> I get this result:
>
> ldap_initialize( <DEFAULT> )
> replace userPassword:
>         changeme
> modifying entry "uid=test,ou=People,ou=Corporate,dc=company,dc=com"
> ldapmodify: update failed:
> uid=test,ou=People,ou=Corporate,dc=company,dc=com
> ldap_modify: unknown LDAP result code (-30990)

This code -30990 is a BDB error code; the fact that you got it in an LDAP
result indicates that there's a bug in slapd's LDAP Modify handler because it
should only allow legitimate LDAP error codes to reach the client. You should
file an ITS report for that. You should include the backend configuration
section of your slapd.conf along with all the other pertinent info.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support