Based on hints found in the documents mentioned in bug #506317 and other places, I think the following three commands can be used to confirm that the permissions are set up correctly to allow various LDAP-related functionality to work:
Naming context discovery (e.g. "ldapvi --discover"): ldapsearch -x -H ldap://testhost/ -LLL -b "" -s base namingContexts Determining supported SASL mechanisms: ldapsearch -x -H ldap://testhost/ -LLL -b "" -s base supportedSASLMechanisms Retrieving the server's schema: ldapsearch -x -Hldap://testhost/ -b 'cn=Subschema' -s base '(objectClass=subschema)' attributetypes I just ran a test and confirmed that those three commands return data when run against a stock Hardy slapd installation, but all three return no records when run against that same server immediately after a Hardy -> Lucid upgrade (when upgrading to slapd 2.4.21-0ubuntu5). After manually adding the two lines olcAccess: {1}to dn.base="" by * read olcAccess: {2}to dn.base="cn=subschema" by * read to the /etc/ldap/slapd.d/cn=config/olcDatabase\=\{-1\}frontend.ldif file (just below the "olcAccess: {0}to * by dn.exact=gidNumber=0...." line) and restarting slapd, all three searches returned data again. -- slapd upgrades don't add frontend ACLs for base="" and cn=subschema https://bugs.launchpad.net/bugs/571752 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in ubuntu. -- Ubuntu-server-bugs mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
