Dieter Kluenter wrote:
John Du <[email protected]> writes:
Hi,
We have been running OpenLDAP 2.2.13 on RHEL4 for a few years without
problems. We recently upgraded OpenLDAP to 2.4.11 to use the
multi-master capability. After upgrade, we are having 2 problems with
the new version.
1. We have an attribute c in the ou=People sub-tree. The value can
be either US or CA. Now if we search "c=US" or "c=CA", we do not get
any matches. But if we do "c=U*", it finds all the c=US entries. Same
thing happens to c=C*.
2. LAM 2.5.0 (LDAP Account Manager) cannot browse the schema on the
new server. It says "Unable to retrieve schema". LAM worked fine
with OpenLDAP 2.2.13.
I would appreciate any information that would help us resolve the problem.
Please provide some more information, i.e. configuration of indexes
and access rules to cn=subschema, as well as examples of search
strings.
Thanks to all who have responded to my questions.
I fixed the two problems.
Problem one was fixed by adding an "access to dn.subtree="cn=SubSchema
by * read".
Problem 2 was fixed by adding an index: "index c eq,sub"
I thought the root DN is not subject any access control rules but that
does not seem to be the case. I do not understand why I have to add the
index for the new server but not for the old one.
Anyways, thank you for your help.
-Dieter
