ldap.schema.urlfetch doesn't work anymore since slapd.d migration
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openldap (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
python-ldap (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: slapd
1) Take a working Ubuntu LDAP server using the pre-8.10 configuration file : /etc/ldap/
2) Run the following python script :
#!/usr/bin/python
import ldap.schema
ssse, schema = ldap.schema.
print ssse, schema
it will return something like :
cn=Subschema <ldap.schema.
3) Upgrade to the /etc/ldap/slapd.d/* configuration. Make sure that it works correctly (in my case it was postfix, dovecot, ejabberd, apache and some webapps. Everything is working fine with ldap)
4) Run the above python script :
it returns : " None, None".
This makes it impossible to run certain applications like Mandriva Directory Server or custom python scripts.
Here's the workaround. The bug is caused because the migration seems to forbid anonymous access to subschema which is required by tools like phpldapadmin and urlfetch.
1) Stop your ldap server.
2) modify the slapd.conf file to add the following :
access to dn="cn=subschema"
by * read
# before the first database definition cn=config"
database config
# NOTE: the suffix is hardcoded as cn=config and
# MUST not have a suffix directive
# normal rules apply - rootdn can be anything you want
# but MUST be under cn=config
rootdn "cn=admin,
# use any of the supported password formats e.g. {SSHA} etc
# or plaintext as shown
rootpw config
3) remove the slapd.d folder (but keep a backup)
4) generate a new slapd.d folder :
slaptest -f slapd.conf -F slapd.d
5) change its ownership :
chown -R openldap:openldap slapd.d
6) restart slapd ! It works !
Useful related links : phpldapadmin. sourceforge. net/wiki/ index.php/ FAQ#I_cannot_ view_the_ schema. 2C_or_I_ get_the_ message_ .22Our_ attempts_ to_find_ your_SCHEMA_ for_.27objectcl asses.27_ have_FAILED. .22 www.zytrax. com/books/ ldap/ch6/ slapd-config. html
http://
http://