[389-users] unable to read schema
Rich Megginson
rmeggins at redhat.com
Mon May 16 16:17:26 UTC 2011
On 05/16/2011 10:13 AM, Stephen Lorenz wrote:
> Hi,
>
> We are trying to set up our 389 DS instance and everything seems to
> work except that LDAP browsers cannot seem to access the schema. For
> example, in the LDAPSort LDAP Admin Tool we receive the error message:
>
> "Unable to read schema!!" Unable to read schema, please login/bind
> with an account which has access to schema - You can also rebind with
> any entry using the right-click menu and selecting rebind.
>
> However, we are not trying to access the directory anonymously; we
> receive this error even when binding as Directory Manager.
>
> We also cannot browser the schema using a standard ldapsearch command.
>
> Any ideas of how to enable schema reading?
ldapsearch -x -D "cn=directory manager" -W -s base -b "cn=schema"
"objectclass=*" attributeTypes objectClasses matchingRules ......
Look in the directory server access log in
/var/log/dirsrv/slapd-INSTNAME/access
to see what search the client is doing
1) it's not searching cn=schema
2) it's not requesting the attributes attributeTypes objectClasses etc.
explicitly - these attributes are operational attributes and must be
explicitly requested in the ldap search request
>
> Thanks,
> Stephen
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20110516/feed42ae/attachment.html>
More information about the 389-users
mailing list