[Pkg-openldap-devel] Bug#596049: base DN discovery breaks after slapd.d migration
Christian Hofstaedtler
ch+debian at zeha.at
Wed Sep 8 09:14:16 UTC 2010
Package: slapd
Version: 2.4.23-4
Hi!
After upgrading to 2.4.23-4 and letting the automatic slapd.d upgrade run,
basic slapd operation works, explicit ldapsearch -b basedn works, but my GUI
client (Apache Directory Studio) which uses base DN discovery fails to connect
with 'No such object' messages.
I think it can no longer discover the base DN it needs to use.
Also, when manually setting the base DN, connect works, but the client then
complains that it cannot find some schema definitions.
Both things used to work fine before the upgrade.
As this slapd setup is from 2005 (and does not use debconf), I'm pasting the
results of the config conversion below.
Maybe this is just a configuration/ACL issue, but I'm not so sure right now what
ACLs would be needed, and maybe they should be automatically set during the
upgrade, if this is a new requirement.
Thanks,
Christian
dn: olcDatabase={-1}frontend,cn=config
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: {-1}frontend
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external
,cn=auth manage by * break
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 0
olcReadOnly: FALSE
olcSchemaDN: cn=Subschema
olcSyncUseSubentry: FALSE
olcMonitoring: FALSE
dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external
,cn=auth manage by * break
olcAccess: {1}to * by * none
olcAddContentAcl: TRUE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=config
olcSyncUseSubentry: FALSE
olcMonitoring: FALSE
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=static,dc=at
olcAccess: {0}to dn.base="" by * read
olcAccess: {1}to * by dn.base="cn=admin,dc=static,dc=at" write by group/grou
pOfNames/member.exact="cn=ldap-admin,ou=groups,dc=static,dc=at" write by * +
0 break
olcAccess: {2}to attrs=userPassword,userPKCS12 by dn.base="cn=admin,dc=static
,dc=at" write by group/groupOfNames/member.exact="cn=ldap-admin,ou=groups,dc
=static,dc=at" write by anonymous auth by self write
olcAccess: {3}to attrs=shadowLastChange by dn.base="cn=admin,dc=static,dc=at"
write by self write
olcAccess: {4}to dn.subtree="ou=users,dc=static,dc=at" attrs=objectClass by
users read by * search
olcAccess: {5}to dn.subtree="ou=users,dc=static,dc=at" attrs=uid,cn,entry,mai
l by users read by * none
olcAccess: {6}to dn.subtree="ou=users,dc=static,dc=at" attrs=@posixAccount, at s
hadowAccount by dn.base="cn=public,dc=static,dc=at" read by * none
olcAccess: {7}to dn.subtree="ou=hostgroups,dc=static,dc=at" by dn.base="cn=pu
blic,dc=static,dc=at" read by * none
olcAccess: {8}to dn.subtree="ou=groups,dc=static,dc=at" by dn.base="cn=public
,dc=static,dc=at" read by * none
olcAccess: {9}to * by * none
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=root,dc=static,dc=at
olcSyncUseSubentry: FALSE
olcMonitoring: FALSE
olcDbCacheSize: 1000
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbNoSync: FALSE
olcDbDirtyRead: FALSE
olcDbIDLcacheSize: 0
olcDbIndex: objectClass eq
olcDbIndex: entryUUID eq
olcDbIndex: entryCSN eq
olcDbIndex: cn pres,eq,approx,sub
olcDbIndex: uid pres,eq,sub
olcDbIndex: sn eq,approx,sub
olcDbIndex: member eq
olcDbLinearIndex: FALSE
olcDbMode: 0600
olcDbSearchStack: 16
olcDbShmKey: 0
olcDbCacheFree: 1
olcDbDNcacheSize: 0
dn: olcOverlay={0}refint,olcDatabase={1}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcRefintConfig
olcOverlay: {0}refint
olcRefintAttribute: seeAlso
olcRefintAttribute: uniqueMember
olcRefintAttribute: member
olcRefintNothing: cn=none
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-openvz-amd64 (SMP w/16 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages slapd depends on:
ii adduser 3.112 add and remove users and groups
ii coreutils 8.5-1 GNU core utilities
ii debconf [debconf-2.0] 1.5.35 Debian configuration management sy
ii libc6 2.11.2-2 Embedded GNU C Library: Shared lib
ii libdb4.8 4.8.30-2 Berkeley v4.8 Database Libraries [
ii libgnutls26 2.8.6-1 the GNU TLS library - runtime libr
ii libldap-2.4-2 2.4.23-4 OpenLDAP libraries
ii libltdl7 2.2.6b-2 A system independent dlopen wrappe
ii libperl5.10 5.10.1-14 shared Perl library
ii libsasl2-2 2.1.23.dfsg1-6 Cyrus SASL - authentication abstra
ii libslp1 1.2.1-7.8 OpenSLP libraries
ii libwrap0 7.6.q-19 Wietse Venema's TCP wrappers libra
ii lsb-base 3.2-23.1 Linux Standard Base 3.2 init scrip
ii perl [libmime-base64-perl 5.10.1-14 Larry Wall's Practical Extraction
ii psmisc 22.11-1 utilities that use the proc file s
ii unixodbc 2.2.14p2-1 ODBC tools libraries
Versions of packages slapd recommends:
ii libsasl2-modules 2.1.23.dfsg1-6 Cyrus SASL - pluggable authenticat
Versions of packages slapd suggests:
ii ldap-utils 2.4.23-4 OpenLDAP utilities
-- Configuration Files:
/etc/default/slapd changed:
SLAPD_CONF="/etc/ldap/slapd.d"
SLAPD_USER="openldap"
SLAPD_GROUP="openldap"
SLAPD_PIDFILE=
SLAPD_SERVICES="ldap:/// ldaps:/// ldapi:///"
SLAPD_SENTINEL_FILE=/etc/ldap/noslapd
SLAPD_OPTIONS=""
-- debconf information excluded
More information about the Pkg-openldap-devel
mailing list