[389-users] help with 'no such attribute' error?
brandon
bjg at solv.com
Wed Nov 2 21:49:28 UTC 2011
So I'm hoping somebody can assist with a confusing problem I am having.
I am running 389-ds-1.2.1-1. I have nodes in a subtree where I am
unable to modify the userPassword attribute through perl-LDAP, but I can
through the 389-console. However, this same exact perl-LDAP code /can/
make changes to objects in a different subtree (works in ou=People,
fails in ou=Special Users).
The perl script uses an administrative account to make the changes
(admin in ou=Administrators,ou=TopologyManagement,o=NetscapeRoot), which
should have access to the entire tree. ACI's on the subtrees are
identical, I have even compared them in the ldif export of the tree.
The commit works if I use ldapmodify (same user/password), it works if I
do it with 389-console, but it fails when I use perl-LDAP.
I am current on perl-LDAP as well.
The only reason I am still poking at the directory server, is because
the directory server is returning the 'no such attribute' error 16, even
in the logfiles.
Is there any way to get some more .. readable logs from the directory
server? Is there a way to filter the ds logs, perhaps? Specify that
logs regarding specific nodes are sent at different levels?
I suspect that perl-LDAP is committing the change in a manner
differently than ldapmodify/389-console, but I cannot figure out how.
What really confuses me is that perl-LDAP /works/ fine on ou=People, but
not ou=Special Users.
Thoughts? Help? Suggested directions to look?
Thanks,
-Brandon
More information about the 389-users
mailing list