[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#4207) cn=config does not accept rootdn's outside of its naming context

To: openldap-its@OpenLDAP.org
Subject: (ITS#4207) cn=config does not accept rootdn's outside of its naming context
From: quanah@stanford.edu
Date: Wed, 23 Nov 2005 21:47:14 GMT

Full_Name: Quanah Gibson-Mount
Version: 2.3.12 + HEAD patches
OS: Solaris 8
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (171.64.19.82)


In continuing to try and set up a replicated cn=config, I find that although I
can specify the rootdn to be something outside of the naming context, actually
trying to do that rootdn gets an access denied message:

#######################################################################
# back-config database definitions
#######################################################################
database                config
rootdn                  "cn=replicator,cn=applications,dc=stanford,dc=edu"


Nov 23 13:44:22 ldap-dev2.Stanford.EDU slapd[16082]: [ID 848112 local4.debug]
conn=1 fd=12 ACCEPT from IP=171.67.16.99:47443 (IP=0.0.0.0:389)
Nov 23 13:44:22 ldap-dev2.Stanford.EDU slapd[16082]: [ID 469902 local4.debug]
conn=1 op=0 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
Nov 23 13:44:22 ldap-dev2.Stanford.EDU slapd[16082]: [ID 744844 local4.debug]
conn=1 op=0 SRCH attr=supportedSASLMechanisms
Nov 23 13:44:22 ldap-dev2.Stanford.EDU slapd[16082]: [ID 167594 local4.debug]
conn=1 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text=
Nov 23 13:44:22 ldap-dev2.Stanford.EDU slapd[16082]: [ID 215403 local4.debug]
conn=1 op=1 BIND dn="" method=163
Nov 23 13:44:22 ldap-dev2.Stanford.EDU slapd[16082]: [ID 588225 local4.debug]
conn=1 op=1 RESULT tag=97 err=14 text=
Nov 23 13:44:22 ldap-dev2.Stanford.EDU slapd[16082]: [ID 215403 local4.debug]
conn=1 op=2 BIND dn="" method=163
Nov 23 13:44:22 ldap-dev2.Stanford.EDU slapd[16082]: [ID 588225 local4.debug]
conn=1 op=2 RESULT tag=97 err=14 text=
Nov 23 13:44:22 ldap-dev2.Stanford.EDU slapd[16082]: [ID 215403 local4.debug]
conn=1 op=3 BIND dn="" method=163
Nov 23 13:44:22 ldap-dev2.Stanford.EDU slapd[16082]: [ID 538062 local4.debug]
conn=1 op=3 BIND authcid="service/ldap@stanford.edu"
authzid="service/ldap@stanford.edu"
Nov 23 13:44:22 ldap-dev2.Stanford.EDU slapd[16082]: [ID 690767 local4.debug]
conn=1 op=3 BIND dn="cn=replicator,cn=service,cn=applications,dc=stanford,dc=edu"
mech=GSSAPI ssf=56
Nov 23 13:44:22 ldap-dev2.Stanford.EDU slapd[16082]: [ID 588225 local4.debug]
conn=1 op=3 RESULT tag=97 err=0 text=
Nov 23 13:44:22 ldap-dev2.Stanford.EDU slapd[16082]: [ID 469902 local4.debug]
conn=1 op=4 SRCH base="cn=config" scope=2 deref=0 filter="(objectClass=*)"
Nov 23 13:44:22 ldap-dev2.Stanford.EDU slapd[16082]: [ID 167594 local4.debug]
conn=1 op=4 SEARCH RESULT tag=101 err=50 nentries=0 text=
Nov 23 13:44:22 ldap-dev2.Stanford.EDU slapd[16082]: [ID 218904 local4.debug]
conn=1 op=5 UNBIND
Nov 23 13:44:22 ldap-dev2.Stanford.EDU slapd[16082]: [ID 952275 local4.debug]
conn=1 fd=12 closed


ldapsearch -LLL -Q -h ldap-dev2 -b "cn=config"
Insufficient access (50)

So this still appears to be impossible to do.

--Quanah

Prev by Date: Re: (ITS#4206) Misnamed Macros Break SASL/EXTERNAL Authentication
Next by Date: (ITS#4208) test044-dynlist fails: overlay "dynlist" not found
Index(es):
- Chronological
- Thread