On 04/07/2011 05:32 PM, Barry Sitompul wrote:
Hi All,
I'm testing DS upgrade from 1.2.5 to 1.2.7.5 on RHEL 5
I'm getting a lot of new error messages in the 1.2.7.5 error log (default
logging config). These errors do not appear on the 1.2.5 (default logging
config as well) when doing an LDAP search and mod to a user on a certain
tree:
"NSACLPlugin - acllas__client_match_URL: url [ldap:///ou=something,o=the
university of queensland,c=au??sub?(objectclass=*)] scope is subtree but
dn [ou=something,o=the university of queensland,c=au] is not a suffix of
[uid=modadmin,ou=privileged,o=the university of queensland,c=au]"
Can you
paste the entire aci and the DN of the entry which has the aci?
It's saying that the tree that I am searching is not a suffix of
the user
DN I use to bind. It looks more like a warning because the operation
completed successfully, located the user and modified the attributes. Is
this just a new feature that can be turned off?
No. It always was an error, but
now we log the error so the aci can be
fixed.
Is there anything else I can do to disable these error messages?
Fix the aci?
I've
tried to adjust the error log level from the console as per the RedHat
documentation for DS 8.2 but I couldn't find any functions to do so on
config tab->error log. I have also added nsslapd-errorlog-level: 256 to
the dse.ldif but it didn't do anything.
The error is here:
/* Check the scope */
if ( ludp->lud_scope == LDAP_SCOPE_SUBTREE ) {
if (!slapi_dn_issuffix(n_clientdn, ludp->lud_dn)) {
slapi_log_error( SLAPI_LOG_FATAL, plugin_name,
"acllas__client_match_URL: url [%s] scope
is subtree but dn [%s] "
"is not a suffix of [%s]\n",
normed, ludp->lud_dn, n_clientdn );
it is logged as a fatal error - there is no way to turn it off
Any help is much appreciated!
Thanks,
Baz
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users