[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problems in OpenLDAP 2.4.11

To: Dieter Kluenter <dieter@dkluenter.de>
Subject: Re: Problems in OpenLDAP 2.4.11
From: John Du <jjohndu@gmail.com>
Date: Mon, 20 Apr 2009 13:14:02 -0700
Cc: openldap-software@openldap.org
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :content-type; bh=8QZ9fNP+Jg3QrZjXGP1InPX8RUa7FvuWzIHJG/Z7JNQ=; b=fX2Ju/Z71C6AJ2se56aclLulhwOFop9UbhQiJpoptOr1pSmfwZc+gc0JSyh3pJ7d4Q c/fumrePaxLlesZ+TsG2y0iuEyxjP3lM0bwlKYx7RMdE5REikh1Rr2RuGEkdZyQRQGUN +LqEyRKAmsedhrORnXvPaV3B7LxFcCnQNF9/Y=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type; b=WzWJDIgi11BoxhefUslRX4lv6gLwbmnrn9dfN5xJ5JLtUZJ9xqVOewFyUz9aN9f0AU L0P1g5lKqQBp/uNnIz4PFP+Doa9dfwAwTENwkGoZbiYZZ6PehYiDWe+s54mB7HtHafNI QzDQbbvNbbuISUiaHaodN6gRwT2WvVNDAJ548=
In-reply-to: <87prf9ripi.fsf@rubin.l4b.de>
References: <49E762D1.1040709@gmail.com> <87prf9ripi.fsf@rubin.l4b.de>
User-agent: Thunderbird 2.0.0.21 (Windows/20090302)

Dieter Kluenter wrote:

John Du <jjohndu@gmail.com> writes:

Hi,

We have been running OpenLDAP 2.2.13 on RHEL4 for a few years without
problems.  We recently upgraded OpenLDAP to 2.4.11 to use the
multi-master capability.  After upgrade, we are having 2 problems with
the new version.


1.  We have an attribute c in the ou=People sub-tree.  The value can
be either US or CA.  Now if we search "c=US" or "c=CA", we do not get
any matches.  But if we do "c=U*", it finds all the c=US entries. Same
thing happens to c=C*.


2.  LAM  2.5.0 (LDAP Account Manager) cannot browse the schema on the
new server.  It says "Unable to retrieve schema".  LAM worked fine
with OpenLDAP 2.2.13.


I would appreciate any information that would help us resolve the problem.


Please provide some more information, i.e. configuration of indexes
and access rules to cn=subschema, as well as examples of search
strings.

Thanks to all who have responded to my questions.

I fixed the two problems.

Problem one was fixed by adding an "access to dn.subtree="cn=SubSchema by * read".

Problem 2 was fixed by adding an index: "index c eq,sub"

I thought the root DN is not subject any access control rules but that does not seem to be the case. I do not understand why I have to add the index for the new server but not for the old one.

Anyways, thank you for your help.

-Dieter

Follow-Ups:
- Re: Problems in OpenLDAP 2.4.11
  - From: Michael Ströder <michael@stroeder.com>

References:
- Problems in OpenLDAP 2.4.11
  - From: John Du <jjohndu@gmail.com>
- Re: Problems in OpenLDAP 2.4.11
  - From: "Dieter Kluenter" <dieter@dkluenter.de>

Prev by Date: Re: Syncrepl replication be_modify failed (18)
Next by Date: Syncrepl behavior when disk is full
Index(es):
- Chronological
- Thread