[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4192) cn=config rootdn issues

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#4192) cn=config rootdn issues
From: quanah@symas.com
Date: Tue, 22 Nov 2005 08:28:56 GMT


--On Tuesday, November 22, 2005 12:01 AM -0800 Howard Chu <hyc@symas.com> 
wrote:

> No, this has nothing to do with naming contexts. The DN you specified
> caused a syntax error in the normalizer. This happens because it was
> parsing the root entry cn=config, which occurs before user-specified
> schema are loaded. The odd thing is that there should not be any rootdn
> attribute in the cn=config entry. The configuration for the config
> database resides under "olcDatabase={0}config,cn=config" and that's where
> the rootdn belongs. Did you create this config.ldif manually?

Here is the config.ldif file:

dn: cn=config
objectClass: olcGlobal
cn: config
olcConfigFile: /usr/local/etc/openldap/slapd.conf
olcConfigDir: /usr/local/etc/openldap/slapd.d
olcAllows: bind_v2
olcArgsFile: /var/run/slapd.args
olcAuthzPolicy: any
olcAuthzRegexp: {0}"uid=(.*)/cgi,cn=stanford.edu,cn=gssapi,cn=auth" 
"ldap:///c
 n=cgi,cn=applications,dc=stanford,dc=edu??sub?krb5PrincipalName=$1/cgi@stanf
o
 rd.edu"
olcAuthzRegexp: {1}"uid=service/(.*),cn=stanford.edu,cn=gssapi,cn=auth" 
"ldap:
 ///cn=Service,cn=Applications,dc=stanford,dc=edu??sub?krb5PrincipalName=serv
i
 ce/$1@stanford.edu"
olcAuthzRegexp: {2}"uid=webauth/(.*),cn=stanford.edu,cn=gssapi,cn=auth" 
"ldap:
 ///cn=Webauth,cn=Applications,dc=stanford,dc=edu??sub?krb5PrincipalName=weba
u
 th/$1@stanford.edu"
olcAuthzRegexp: {3}"uid=(.*),cn=stanford.edu,cn=gssapi,cn=auth" 
"ldap:///uid=$
 1,cn=Accounts,dc=stanford,dc=edu??sub?suSeasStatus=active"
olcConcurrency: 0
olcConnMaxPending: 100
olcConnMaxPendingAuth: 1000
olcGentleHUP: TRUE
olcIdleTimeout: 30
olcIndexSubstrIfMaxLen: 4
olcIndexSubstrIfMinLen: 2
olcIndexSubstrAnyLen: 3
olcIndexSubstrAnyStep: 2
olcLocalSSF: 71
olcLogLevel: Stats
olcPidFile: /var/run/slapd.pid
olcReadOnly: FALSE
olcReplicationInterval: 0
olcReverseLookup: TRUE
olcSaslRealm: stanford.edu
olcSaslSecProps: noplain,noanonymous
olcSockbufMaxIncoming: 262143
olcSockbufMaxIncomingAuth: 16777215
olcThreads: 20
olcTLSCACertificateFile: /usr/local/etc/openldap/comodo.pem
olcTLSCertificateFile: /usr/local/etc/openldap/stardomain.crt
olcTLSCertificateKeyFile: /usr/local/etc/openldap/stardomain.key
olcTLSCRLCheck: none
olcTLSVerifyClient: never
olcToolThreads: 1
structuralObjectClass: olcGlobal
entryUUID: 791133ac-ef7c-1029-80f9-9dd63ccdecf7
creatorsName: cn=replicator,cn=service,cn=applications,dc=stanford,dc=edu
createTimestamp: 20051122081940Z
entryCSN: 20051122081940Z#000000#00#000000
modifiersName: cn=replicator,cn=service,cn=applications,dc=stanford,dc=edu
modifyTimestamp: 20051122081940Z

--Quanah

--
Quanah Gibson-Mount
Product Engineer
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

Prev by Date: (ITS#4194) slaptest -F works without specifying -f, which should be required
Next by Date: Re: (ITS#4179) slapd-meta seg faults if a time attribute is mal formed
Index(es):
- Chronological
- Thread