[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: No such object error after converting from 2.0.27 to 2.3.32

To: openldap-software@openldap.org
Subject: Re: No such object error after converting from 2.0.27 to 2.3.32
From: Buchan Milne <bgmilne@staff.telkomsa.net>
Date: Wed, 4 Jul 2007 17:40:42 +0200
Cc: Brian Gaber <Brian.Gaber@pwgsc.gc.ca>
In-reply-to: <1C37FBE46418C54F86B1B0157246EFB201718B70@mb-ncr-028.ad.pwgsc-tpsgc.gc.ca>
Organization: Telkom Internet
References: <1C37FBE46418C54F86B1B0157246EFB201718B70@mb-ncr-028.ad.pwgsc-tpsgc.gc.ca>
User-agent: KMail/1.9.6

On Wednesday, 4 July 2007, Brian Gaber wrote:
> Took the slapcat output from version 2.0.27 (ldbm) to version 2.3.32
> (bdm). Used /usr/local/bin/slapadd on 2.3.32 and am using Berkeley
> 4.5.20. The slapadd works fine. Then I issued chown ldap:ldap on the
> /var/lib/ldap-2.3.32 directory and files. Any type of ldapsearch results
> in a 32 no such object. The identical ldapsearch on the old ldap works
> fine.
>
> Search:
> /usr/local/bin/ldapsearch -h 10.16.13.85 -x -b o=pwgsc -s sub uid=gaberb
>
> Slapd.conf:
> include /usr/local/etc/openldap/schema/core.schema
> include /usr/local/etc/openldap/schema/cosine.schema
> include /usr/local/etc/openldap/schema/inetorgperson.schema
> include /usr/local/etc/openldap/schema/nis.schema
> include /usr/local/etc/openldap/schema/fw1ng.schema
>
> pidfile         /usr/local/var/run/slapd.pid
> argsfile        /usr/local/var/run/slapd.args
>
> allow bind_v2
> #loglevel 296
>
> sizelimit 500000
> access	to *
>   by self write
>   by peername=10.16.13.84 write
>   by peername=10.16.13.81 read
>   by peername=10.16.13.82 read
>   by peername=10.16.13.83 read
>   by peername=10.16.13.85 read
>   by peername=10.16.13.86 read
>
> database	   bdb
> suffix		"o=pwgsc"
> rootdn		"cn=admin,o=pwgsc"
> rootpw		{CRYPT}iWkhys7q1iVpM
> directory	/var/lib/ldap-2.3.32
>
> # Indices to maintain
> index	objectClass,uid,uidNumber,gidNumber,memberUid	eq
> index	cn,mail,surname,givenname			eq,subinitial
>
> # Master from which we should accept changes
> updatedn "cn=admin,o=pwgsc"
> updateref ldap://10.16.13.84
>
> Log:
>
> do_bind: v3 anonymous bind

To check if your ACLs need to be upgraded to more recent syntax, please try 
the search as rootdn. If it works, your peername clauses may need adjustment, 
e.g. to 'by peername.ip=xxx.xxx.xxx.xxx read'

If the search does not succeed as rootdn, then it may be worthwhile doing an 
ldapsearch from the 2.0.x, and ldapadd'ing this on the 2.3.x, to see if you 
may have missing data above the data you need (which slapadd may allow in, 
but slapd won't let out).

Regards,
Buchan

-- 
Buchan Milne
ISP Systems Specialist - Monitoring/Authentication Team Leader
B.Eng,RHCE(803004789010797),LPIC-2(LPI000074592)
http://en.wikipedia.org/wiki/List_of_Internet_slang_phrases

Attachment: pgpnZKYFT7XAn.pgp
Description: PGP signature

References:
- No such object error after converting from 2.0.27 to 2.3.32
  - From: "Brian Gaber" <Brian.Gaber@PWGSC.GC.CA>

Prev by Date: Re: cmusaslsecretPLAIN attribute
Next by Date: Re: force use of start_tls: how?
Index(es):
- Chronological
- Thread