Ron Parker wrote: > Still trying to resolve this. Been trying to research. The closest I've > found to this issue is here: > > http://www.nabble.com/Re%3A-JXplorer-Schema-access-tf2193548.html > > "The first thing JXplorer does is try to read the > 'subschemaSubentry' attribute from the root entry of the directory. > Usually > this resolves to be 'cn=schema', but if JX can't find a > subschemaSubentry it > will then default to 'cn=schema' anyway, as this is sort of the defacto > standard. " > > OpenLDAP has no "cn=schema". Only "cn=Subschema". > > "... However from what you've said below, your server looks like it is > using a schema root of 'cn=subSchema', which is perfectly valid, so long as > it is correctly advertising it in the 'subschemaSubentry' attribute of the > root entry? " > > How do I do this? That is, how can I tell if "cn=Subschema" is > correctly advertised in "subschemaSubentry" attribute? And, if it's > not, how do I make it do it? > > "Other possibilities are to try to change your schema entry from > cn=subschema to cn=schema, or if the subschemaSubentry attribute is set > correctly there may be a bug in JXplorer, in which case let me know and > I'll > try to fix it... there were problems a few years ago in recognising the sub > schema sub entry... " > > In OpenLDAP, "cn=schema" returns unknown object. At this point, I don't > know what to do. I would imagine the solution is pretty standard since > both OpenLDAP and JXplorer are farily well used. If someone could > either point me to it or tell me what I need to do, I'd really > appreciate it.
Try ldapsearch -x -s base -b "" "(objectclass=*)" + This should list the rootDSE and it should have a subschemaSubentry: cn=Subschema Then try ldapsearch -x -s base -b "cn=Subschema" "(objectclass=*)" + That should list the attributes. Also make sure that the slapd.conf allows read access to the base access to dn.base="" by * read > > Thanks! > > -ron > > Ron Parker wrote: > >> Hi, >> >> I finally resolved my user login issue by utilizing access control >> correctly. However, now, when users log in, they don't have access to >> the schema (nothing loaded when they click on Schema tab). >> >> In my slapd.conf access control, I have: >> >> access to dn="cn=Subschema" by * read >> access to dn.subtree="cn=Subschema" by * read >> >> I can access this Subschema as a user locally with this command: >> >> ldapsearch -H "ldap://example.com"; -D >> 'cn=Ron,ou=Zimbra,dc=example,dc=com' -x -W -b "cn=Subschema" -s base >> "objectclass=Subschema" >> >> However, when I click on the "Schema" tab in JXplorer, I get nothing. >> When I am logged in as rootdn, however, I get the schema. >> >> So, I guess my question is either: >> a) what is the search used for this Schema tab, or >> b) what do you recommend that I enter into my access control list to >> allow my users to be able to read the server schema when logged into >> JXplorer? >> >> Thanks! >> >> -ron >> > > -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Jxplorer-users mailing list Jxplorer-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jxplorer-users
