Hi,
Perhaps someone can help me resolve a problem with our LDAP database.
I'm running OpenLDAP 2.1.22 with bdb 4.1.25 on on Mac OSX 10.2.6
Server (December dev-tools).
I can use the roodn to make changes, but if I try to use a user
account, I cannot make changes to my own record - I get a "LDAP: Error
53 - referral missing" error from my client (LDAPBrowser).
According to my (temporary) ACL's, I should be able to change all the
attributes in my user record.
I'm wondering if I'm missing something here... can anyone help shed
some light on this for me?
Thanks!
-Matt
Here is my slapd.conf: (comments removed for brevity)
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/misc.schema
include /etc/openldap/schema/netinfo.schema
include /usr/local/etc/openldap/schema/apple.schema
include /usr/local/etc/openldap/schema/fandmedu.schema
include /usr/local/etc/openldap/schema/eduperson.schema
include /usr/local/etc/openldap/schema/openradius.schema
allows bind_v2
schemacheck off
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
sizelimit 50
database bdb
directory /usr/local/var/openldap-data
access to attr=userPassword
by self write
by anonymous auth
by * none
access to *
by self write
by * read
index uid pres,eq,approx,sub
index cn pres,eq,approx,sub
index sn pres,eq,approx,sub
index uidNumber eq
index gidNumber eq
index memberUid eq
index objectClass pres,eq
suffix ""
updatedn .removed.
rootdn .removed.
rootpw .removed.
Here is the output from when I run 'slapd -d65535':
dnPrettyNormal: <uid=mrichard, cn=users, dc=fandm,dc=edu>
=> ldap_bv2dn(uid=mrichard, cn=users, dc=fandm,dc=edu,0)
<= ldap_bv2dn(uid=mrichard, cn=users, dc=fandm,dc=edu,0)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=mrichard,cn=users,dc=fandm,dc=edu,272)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=mrichard,cn=users,dc=fandm,dc=edu,272)=0
<<< dnPrettyNormal: <uid=mrichard,cn=users,dc=fandm,dc=edu>,
<uid=mrichard,cn=users,dc=fandm,dc=edu>
modifications:
replace: apple-user-homequota
one value, length 9
replace: userPassword
one value, length 20
replace: homePostalAddress
one value, length 44
conn=0 op=5 MOD dn="uid=mrichard, cn=users, dc=fandm,dc=edu"
conn=0 op=5 MOD attr=apple-user-homequota userPassword homePostalAddress
bdb_dn2entry_rw("uid=mrichard,cn=users,dc=fandm,dc=edu")
=> bdb_dn2id_matched( "uid=mrichard,cn=users,dc=fandm,dc=edu" )
====>
bdb_cache_find_entry_dn2id("uid=mrichard,cn=users,dc=fandm,dc=edu"):
397 (1 tries)
====> bdb_cache_find_entry_id( 397 )
"uid=mrichard,cn=users,dc=fandm,dc=edu" (found) (1 tries)
====> bdb_cache_return_entry_r( 397 ): returned (0)
send_ldap_result: conn=0 op=5 p=3
send_ldap_result: err=53 matched="" text="referral missing"
send_ldap_response: msgid=6 tag=103 err=53
ber_flush: 30 bytes to sd 11
0000: 30 1c 02 01 06 67 17 0a 01 35 04 00 04 10 72 65
0....g...5....re
0010: 66 65 72 72 61 6c 20 6d 69 73 73 69 6e 67 ferral
missing
ldap_write: want=30, written=30
0000: 30 1c 02 01 06 67 17 0a 01 35 04 00 04 10 72 65
0....g...5....re
0010: 66 65 72 72 61 6c 20 6d 69 73 73 69 6e 67 ferral
missing
conn=0 op=5 RESULT tag=103 err=53 text=referral missing
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL