I'm using openldap-stable-20100219.tgz build. When I look at cn=Monitor with browsing tools (like Softerra LDAP browser) I do see entries for monitorOpInitiated and monitorOpCompleted in DN cn=Operations,cn=Monitor.
When I look at cn=SubSchema, I do not see any definitions of these two attributes. Using (unfortunately) Microsoft's VBScript, ADODB, and ADsDSOOBJECT to access to access cn=Monitor, I can access everything that is defined in the subschema (entryDN, modifyTimestamp, etc); however, I cannot access MonitorOpInitiated and such. Looking at the logs, It looks like the query never gets to the ldap server because MS checks it against the cn=subschema. I saw ITS#4947 and ITS#5576 which sounds like what my problem is (attributes not published). Is there a fix for this and what would that fix be? My OS for the ldap server is Redhat Enterprise 5.4. At the end of this email is my redacted slapd.conf file. ---Thanks Mike Cannady Information Services Horry Telephone Cooperative (HTC) Phone: (843)369-8212 Email: [email protected] [r...@vmldapdev2 openldap]# cat slapd.conf # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/nis.schema include /usr/local/etc/openldap/HTC/iaaa-radius.schema include /usr/local/etc/openldap/HTC/radius.schema include /usr/local/etc/openldap/HTC/users.schema # Allow LDAPv2 client connections. This is NOT the default. allow bind_v2 loglevel 0x100 #loglevel any sizelimit unlimited # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org ServerID 002 pidfile /usr/local/var/run/slapd.pid argsfile /usr/local/var/run/slapd.args access to * by dn.one="ou=replicants,ou=admin,dc=htc,dc=com" read by * break access to dn.subtree="dc=htc,dc=com" by dn.one="ou=admin,dc=htc,dc=com" manage by self write by anonymous auth access to * by self write by users read by anonymous auth ####################################################################### # database definitions ####################################################################### database bdb suffix "dc=htc,dc=com" rootdn "cn=Manager,dc=htc,dc=com" # Cleartext passwords, especially for the rootdn, should # be avoided. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. # rootpw secret # rootpw {crypt}ijFYNcSNctBYg rootpw {xxxxxxx}xxxxxxxxxxxxxxxxxxxxxxxxxx # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /usr/local/var/openldap-data cachesize 50000 dncachesize 50000 idlcachesize 150000 checkpoint 1024 5 # Indices to maintain for this database index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub index entryCSN eq index entryUUID eq # Replicas of this database syncrepl rid=001 provider=ldap://vmldapdev1.htc.external:389 type=refreshAndPersist retry="5 5 300 +" searchbase="dc=htc,dc=com" attrs="*,+" bindmethod=simple binddn="uid=vmldapdev2,ou=replicants,ou=admin,dc=htc,dc=com" credentials=atest2 mirrormode TRUE overlay syncprov syncprov-checkpoint 1000 1 database monitor [r...@vmldapdev2 openldap] ********************************************************************** HTC Disclaimer: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. **********************************************************************
