[Date Prev][Date Next] [Chronological] [Thread] [Top]

help with "referral missing" error



Hi,

Perhaps someone can help me resolve a problem with our LDAP database. I'm running OpenLDAP 2.1.22 with bdb 4.1.25 on on Mac OSX 10.2.6 Server (December dev-tools).

I can use the roodn to make changes, but if I try to use a user account, I cannot make changes to my own record - I get a "LDAP: Error 53 - referral missing" error from my client (LDAPBrowser).

According to my (temporary) ACL's, I should be able to change all the attributes in my user record.

I'm wondering if I'm missing something here... can anyone help shed some light on this for me?

Thanks!

-Matt

Here is my slapd.conf: (comments removed for brevity)

include     	    /usr/local/etc/openldap/schema/core.schema
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/nis.schema
include         /usr/local/etc/openldap/schema/inetorgperson.schema
include         /usr/local/etc/openldap/schema/misc.schema
include         /etc/openldap/schema/netinfo.schema
include         /usr/local/etc/openldap/schema/apple.schema
include         /usr/local/etc/openldap/schema/fandmedu.schema
include         /usr/local/etc/openldap/schema/eduperson.schema
include         /usr/local/etc/openldap/schema/openradius.schema
allows          bind_v2
schemacheck     off
pidfile		/var/run/slapd.pid
argsfile	/var/run/slapd.args
sizelimit 50

database	bdb
directory	/usr/local/var/openldap-data
access to attr=userPassword
        by self write
        by anonymous auth
        by * none
access to *
        by self write
        by * read
index   uid                     pres,eq,approx,sub
index   cn                      pres,eq,approx,sub
index   sn                      pres,eq,approx,sub
index   uidNumber               eq
index   gidNumber               eq
index   memberUid               eq
index   objectClass             pres,eq
suffix		""
updatedn    .removed.
rootdn		.removed.
rootpw		.removed.


Here is the output from when I run 'slapd -d65535':

dnPrettyNormal: <uid=mrichard, cn=users, dc=fandm,dc=edu>
=> ldap_bv2dn(uid=mrichard, cn=users, dc=fandm,dc=edu,0)
<= ldap_bv2dn(uid=mrichard, cn=users, dc=fandm,dc=edu,0)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=mrichard,cn=users,dc=fandm,dc=edu,272)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=mrichard,cn=users,dc=fandm,dc=edu,272)=0
<<< dnPrettyNormal: <uid=mrichard,cn=users,dc=fandm,dc=edu>, <uid=mrichard,cn=users,dc=fandm,dc=edu>
modifications:
replace: apple-user-homequota
one value, length 9
replace: userPassword
one value, length 20
replace: homePostalAddress
one value, length 44
conn=0 op=5 MOD dn="uid=mrichard, cn=users, dc=fandm,dc=edu"
conn=0 op=5 MOD attr=apple-user-homequota userPassword homePostalAddress
bdb_dn2entry_rw("uid=mrichard,cn=users,dc=fandm,dc=edu")
=> bdb_dn2id_matched( "uid=mrichard,cn=users,dc=fandm,dc=edu" )
====> bdb_cache_find_entry_dn2id("uid=mrichard,cn=users,dc=fandm,dc=edu"): 397 (1 tries)
====> bdb_cache_find_entry_id( 397 ) "uid=mrichard,cn=users,dc=fandm,dc=edu" (found) (1 tries)
====> bdb_cache_return_entry_r( 397 ): returned (0)
send_ldap_result: conn=0 op=5 p=3
send_ldap_result: err=53 matched="" text="referral missing"
send_ldap_response: msgid=6 tag=103 err=53
ber_flush: 30 bytes to sd 11
0000: 30 1c 02 01 06 67 17 0a 01 35 04 00 04 10 72 65 0....g...5....re
0010: 66 65 72 72 61 6c 20 6d 69 73 73 69 6e 67 ferral missing
ldap_write: want=30, written=30
0000: 30 1c 02 01 06 67 17 0a 01 35 04 00 04 10 72 65 0....g...5....re
0010: 66 65 72 72 61 6c 20 6d 69 73 73 69 6e 67 ferral missing
conn=0 op=5 RESULT tag=103 err=53 text=referral missing
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
--
Matt Richard
Access and Security Coordinator
Franklin & Marshall College
matt.richard@fandm.edu