ldap.schema.urlfetch doesn't work anymore since slapd.d migration

Bug #506317 reported by Lionel Dricot
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openldap (Ubuntu)
New
Undecided
Unassigned
python-ldap (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Binary package hint: slapd

1) Take a working Ubuntu LDAP server using the pre-8.10 configuration file : /etc/ldap/slapd.conf

2) Run the following python script :

#!/usr/bin/python
import ldap.schema
ssse, schema = ldap.schema.urlfetch("ldap://127.0.0.1")
print ssse, schema

it will return something like :
cn=Subschema <ldap.schema.subentry.SubSchema instance at 0xf79c85ac>

3) Upgrade to the /etc/ldap/slapd.d/* configuration. Make sure that it works correctly (in my case it was postfix, dovecot, ejabberd, apache and some webapps. Everything is working fine with ldap)

4) Run the above python script :
it returns : " None, None".

This makes it impossible to run certain applications like Mandriva Directory Server or custom python scripts.

Revision history for this message
Lionel Dricot (ploum-deactivatedaccount) wrote :

Here's the workaround. The bug is caused because the migration seems to forbid anonymous access to subschema which is required by tools like phpldapadmin and urlfetch.

1) Stop your ldap server.

2) modify the slapd.conf file to add the following :

access to dn="cn=subschema"
   by * read

# before the first database definition
database config
# NOTE: the suffix is hardcoded as cn=config and
# MUST not have a suffix directive
# normal rules apply - rootdn can be anything you want
# but MUST be under cn=config
rootdn "cn=admin,cn=config"
# use any of the supported password formats e.g. {SSHA} etc
# or plaintext as shown
rootpw config

3) remove the slapd.d folder (but keep a backup)

4) generate a new slapd.d folder :
slaptest -f slapd.conf -F slapd.d

5) change its ownership :
chown -R openldap:openldap slapd.d

6) restart slapd ! It works !

Useful related links :
http://phpldapadmin.sourceforge.net/wiki/index.php/FAQ#I_cannot_view_the_schema.2C_or_I_get_the_message_.22Our_attempts_to_find_your_SCHEMA_for_.27objectclasses.27_have_FAILED..22
http://www.zytrax.com/books/ldap/ch6/slapd-config.html

Changed in python-ldap (Ubuntu):
status: New → Invalid
Revision history for this message
Mathias Gug (mathiaz) wrote :

 Thank you for taking the time to report this bug and helping to make Ubuntu better. This particular bug has already been reported and is a duplicate of bug 427842, so it is being marked as such. Please look at the other bug report to see if there is any missing information that you can provide, or to see if there is a workaround for the bug. Additionally, any further discussion regarding the bug should occur in the other report. Feel free to continue to report any other bugs you may find.

Revision history for this message
Nathan Stratton Treadway (nathanst) wrote :

Note that the fix committed as part of bug #427842 only changed the settings for new installations, while this bug is actually about permission problems after migrating from an earlier version of the slapd package...

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.