[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: unable to access schema via LDAP

To: "Wouter Mignon" <wouter.mignon@khleuven.be>
Subject: Re: unable to access schema via LDAP
From: "Pierangelo Masarati" <ando@sys-net.it>
Date: Mon, 6 Sep 2004 10:25:42 +0200 (CEST)
Cc: ando@sys-net.it, openldap-software@OpenLDAP.org
Importance: Normal
In-reply-to: <1094455117.4963.2.camel@sen>
References: <1093950627.4007.21.camel@sen> <36462.131.175.154.56.1093952603.squirrel@131.175.154.56> <36467.131.175.154.56.1093952762.squirrel@131.175.154.56> <1094455117.4963.2.camel@sen>
User-agent: SquirrelMail/1.4.3a-1

> The cn=schema object stays empty when i specify "schemadn cn=schema" or
> in slapd.conf. Any ideas what could be going wrong?

the subschema entry must be searched using "cn=subschema"
("cn=schema" in your case) as search base, a "base" scope,
a filter of "(objectClass=subschema)".  It is made of the
"objectClass" and the "cn" attributes, plus a number of
operational attributes (including "attributeTypes",
"objectClasses" and so) which, being opeartional, must be
explicitly requested for.  You need to explicitly list the
attributes you want, or use "+" (RC3673), or "@extensibleObject"
(draft-zeilenga-ldap-adlist) to get all attributes.

And, of course, you need access to the entry and to its
contents; see slapd.access(5) for details.

p.

>
> On Tue, 2004-08-31 at 13:46, Pierangelo Masarati wrote:
>> >
>> >> Hello,
>> >>
>> >> I want to read the schema of my OpenLDAP server but there doesn't
>> seem
>> >> to be an object called cn=schema. OpenLDAP log extract:
>> >>
>> >> Aug 31 10:50:12 vasco slapd[23739]: conn=253 op=2 SRCH
>> base="cn=schema"
>> >> scope=0 filter="(objectClass=*)"
>> >> Aug 31 10:50:12 vasco slapd[23739]: conn=253 op=2 SRCH
>> >> attr=objectclasses 2.5.21.6 attributetypes 2.5.21.5
>> >> Aug 31 10:50:12 vasco slapd[23739]: conn=253 op=2 RESULT tag=101
>> err=32
>> >> text=
>> >>
>> >> The application that needs to read the schema (IDM2.0.1/dirxml)
>> doesn't
>> >> give any choice wether to search for the schema in a different
>> object.
>> >> How can i make the schema available through cn=schema?
>> >
>> > 1) Fix the application (ask your vendor for support/bugfix); or
>> >
>> > 2) Fix slapd:
>> >   2a) change the definition of the name of the schema entry; or
>>
>> This is quite easy: see "schemadn" in slapd.conf(5).
>>
>> >   2b) proxy the server via back-ldap and suffixmassage cn=schema
>> >       into cn=subschema; or
>> >   2c) use the global overlays feature of slapd in HEAD to
>> >       rename cn=schema into cn=subschema by means of the rwm overlay
>> >
>> > p.
>> >
>> > --
>> > Pierangelo Masarati
>> > mailto:pierangelo.masarati@sys-net.it
>> >
> --
> Wouter Mignon
> Systeembeheerder
>
> ---------- Katholieke Hogeschool Leuven ----------
> ---------------- Departement Rega ----------------
> St.-Maartensstraat 55d - 3000 Leuven - Belgium
> tel: +32 16 298 511 fax: +32 16 204 417
> gsm: +32 495 99 80 05
> --------------------------------------------------
>
>


-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

References:
- Re: unable to access schema via LDAP
  - From: Wouter Mignon <wouter.mignon@khleuven.be>

Prev by Date: Re: two problems when migrating from 2.1.30 to 2.2.15
Next by Date: LDAP Problem
Index(es):
- Chronological
- Thread