Dieter Kluenter wrote:
Thanks to all who have responded to my questions.John Du <email@example.com> writes:Hi, We have been running OpenLDAP 2.2.13 on RHEL4 for a few years without problems. We recently upgraded OpenLDAP to 2.4.11 to use the multi-master capability. After upgrade, we are having 2 problems with the new version. 1. We have an attribute c in the ou=People sub-tree. The value can be either US or CA. Now if we search "c=US" or "c=CA", we do not get any matches. But if we do "c=U*", it finds all the c=US entries. Same thing happens to c=C*. 2. LAM 2.5.0 (LDAP Account Manager) cannot browse the schema on the new server. It says "Unable to retrieve schema". LAM worked fine with OpenLDAP 2.2.13. I would appreciate any information that would help us resolve the problem.Please provide some more information, i.e. configuration of indexes and access rules to cn=subschema, as well as examples of search strings.
I fixed the two problems.
Problem one was fixed by adding an "access to dn.subtree="cn=SubSchema by * read".
Problem 2 was fixed by adding an index: "index c eq,sub"
I thought the root DN is not subject any access control rules but that does not seem to be the case. I do not understand why I have to add the index for the new server but not for the old one.
Anyways, thank you for your help.