I'm using openldap-stable-20100219.tgz build. When I look at cn=Monitor with browsing tools (like Softerra LDAP browser) I do see entries for monitorOpInitiated and monitorOpCompleted in DN cn=Operations,cn=Monitor. For example from a ldapsearch result:
#
Modify, Operations, Monitor When I look at cn=Subschema, I do not see any definitions of these two attributes. Shouldn't they be there? Using (unfortunately) Microsoft's _vbscript_, ADODB, and ADsDSOOBJECT
to access to access cn=Monitor, I can access everything that is defined in the
subschema (entryDN, modifyTimestamp, etc); however, I cannot access
MonitorOpInitiated and such. Looking at the logs, It looks like the query
never gets to the ldap server because MS checks it against the
cn=subschema. I saw ITS#4947 and ITS#5576 which sounds like what my problem is
(attributes not published). Is there a fix for this and what would that
fix be? My OS for the ldap server is Redhat Enterprise
5.4. At the end of this email is my redacted slapd.conf file.
I had sent this to the bugs mail-list, but they said to post it here. ---Thanks Mike Cannady
[root@vmLDAPdev2 openldap]# cat
slapd.conf # # See slapd.conf(5) for details on
configuration options. # This file should NOT be world
readable. # include
/usr/local/etc/openldap/schema/core.schema include
/usr/local/etc/openldap/schema/cosine.schema include
/usr/local/etc/openldap/schema/inetorgperson.schema include
/usr/local/etc/openldap/schema/nis.schema include
/usr/local/etc/openldap/HTC/iaaa-radius.schema include
/usr/local/etc/openldap/HTC/radius.schema include
/usr/local/etc/openldap/HTC/users.schema # Allow LDAPv2 client
connections. This is NOT the default. allow
bind_v2 loglevel
0x100 #loglevel any
sizelimit
unlimited # Do not enable referrals until
AFTER you have a working directory # service AND an understanding of
referrals. #referral
ldap://root.openldap.org ServerID
002 pidfile
/usr/local/var/run/slapd.pid argsfile
/usr/local/var/run/slapd.args access to
*
by dn.
read
by * break access to
dn.subtree="dc=htc,dc=com"
by dn. manage
by self write
by anonymous auth access to
*
by self write
by users read
by anonymous auth ####################################################################### # database
definitions ####################################################################### database
bdb suffix
"dc=htc,dc=com" rootdn
"cn=Manager,dc=htc,dc=com" # Cleartext passwords, especially
for the rootdn, should # be avoided. See
slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication
encouraged. #
rootpw
secret #
rootpw
{crypt}ijFYNcSNctBYg rootpw
{xxxxxxx}xxxxxxxxxxxxxxxxxxxxxxxxxx # The database directory MUST exist
prior to running slapd AND # should only be accessible by the
slapd and slap tools. # Mode 700
recommended. directory
/usr/local/var/openldap-data cachesize
50000 dncachesize
50000 idlcachesize
150000 checkpoint 1024
5 # Indices to maintain for this
database index
objectClass
eq,pres index
ou,cn,mail,surname,givenname
eq,pres,sub index
uidNumber,gidNumber,loginShell
eq,pres index
uid,memberUid
eq,pres,sub index
nisMapName,nisMapEntry
eq,pres,sub index
entryCSN
eq index
entryUUID
eq # Replicas of this
database syncrepl
rid=001
provider=ldap://vmldapdev1.htc.external:389
type=refreshAndPersist
retry="5 5 300 +"
searchbase="dc=htc,dc=com"
attrs="*,+"
bindmethod=simple
binddn="uid=vmldapdev2,ou=replicants,ou=admin,dc=htc,dc=com"
credentials=atest2 mirrormode
TRUE overlay
syncprov syncprov-checkpoint 1000
1 database
monitor [root@vmLDAPdev2
openldap] |