[Date Prev][Date Next] [Chronological] [Thread] [Top]

monitor backend ruins operational attributes search?

To: openldap-software@OpenLDAP.org
Subject: monitor backend ruins operational attributes search?
From: Andreas Hasenack <andreas@conectiva.com.br>
Date: Thu, 3 Feb 2005 10:27:08 -0200
Content-disposition: inline
User-agent: Mutt/1.5.6i

I'm seeing a weird behaviour with openldap-2.2.23. Whenever I enable
the backend monitor, this search stops working (that is, no results
are shown):

 ldapsearch -x -LLL -h localhost -s base -b "" supportedSASLMechanisms

This also doesn't work anymore:

ldapsearch -x -LLL -h localhost -s base -b "" +

Server logs show:
slapd[22997]: conn=8 fd=11 ACCEPT from IP=127.0.0.1:34126 (IP=0.0.0.0:389)
slapd[22997]: conn=8 op=0 BIND dn="" method=128
slapd[22997]: conn=8 op=0 RESULT tag=97 err=0 text=
slapd[22997]: conn=8 op=1 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
slapd[22997]: conn=8 op=1 SRCH attr=supportedSASLMechanisms
slapd[22997]: conn=8 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[22997]: conn=8 op=2 UNBIND
slapd[22997]: conn=8 fd=11 closed

My slapd.conf is:
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/java.schema
include         /etc/openldap/schema/misc.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/openldap.schema
include         /etc/openldap/schema/automount.schema
include         /etc/openldap/schema/samba.schema
pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args
database monitor
access to dn.subtree="cn=Monitor"
        by * read
database        bdb
suffix          "dc=exemplo,dc=com,dc=br"
rootdn          "cn=manager,dc=exemplo,dc=com,dc=br"
rootpw          mypassword
directory       /var/lib/openldap-data
cachesize       11000
sasl-regexp uid=([^,]+),cn=[^,]+,cn=auth uid=$1,ou=People,dc=exemplo,dc=com,dc=br
checkpoint 512 30
index   objectClass     eq
index uid,uidNumber,gidNumber,memberUid       eq
index cn,surname,givenname               eq,sub
index mail eq,sub
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
        by anonymous auth
        by self write
        by * none
access to attr=shadowLastChange
        by self write
        by * read
access to *
        by * read

The -b "cn=monitor" search works just fine, however.

If I comment these lines, then everything starts working again:
#database monitor
#access to dn.subtree="cn=Monitor"
#        by * read

Am I doing something wrong syntax-wise or is this a bug?

Follow-Ups:
- Re: monitor backend ruins operational attributes search?
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: OpenLDAP proxy to AD
Next by Date: slapd won't listen on my ipv6 localhost only
Index(es):
- Chronological
- Thread