[389-users] help with 'no such attribute' error?

Wed Nov 2 22:27:31 UTC 2011

On 11/02/2011 03:56 PM, Rich Megginson wrote:
> On 11/02/2011 03:49 PM, brandon wrote:
>> So I'm hoping somebody can assist with a confusing problem I am having.
>>
>> I am running 389-ds-1.2.1-1.
>
> What platform?  What version of 389-ds-base?

Redhat Server 5.7; kernel 2.6.18-274.3.1.el5

389-ds-base-1.2.9.9-1

> Start with the access log.  This will tell you your bind identity and 
> the operations invoked by the client.  It won't give the exact modify 
> arguments for modify operations - use the errorlog level 4 (ARGS) for 
> that - see http://directory.fedoraproject.org/wiki/FAQ#Troubleshooting 
> (4 Heavy trace output debugging).

My biggest difficulty with the access log is the noise (today alone is 
500M of logs).

A very nice feature (tangent) would be to be able to qualify logs by 
object and a unique tag, along with log level.  So you could say any log 
regarding this object/node should be tagged with 'Special Call out' and 
runs at a higher log level (if not into an alternate file).

I will look into higher level debugging, to see if I can digup more 
info.  The log info so far:

[02/Nov/2011:18:58:39 +0000] conn=74 fd=69 slot=69 SSL connection from 
55.55.55.10 to 55.55.55.10
[02/Nov/2011:18:58:39 +0000] conn=74 SSL 256-bit AES
[02/Nov/2011:18:58:39 +0000] conn=74 op=0 BIND 
dn="uid=GIR.Interface,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" 
method=128 version=3
[02/Nov/2011:18:58:39 +0000] conn=74 op=0 RESULT err=0 tag=97 nentries=0 
etime=0 
dn="uid=gir.interface,ou=administrators,ou=topologymanagement,o=netscaperoot"
[02/Nov/2011:18:58:39 +0000] conn=74 op=1 SRCH base="ou=Special 
Users,dc=alt" scope=2 filter="(&(uid=test)(objectClass=posixAccount))" 
attrs=ALL
[02/Nov/2011:18:58:39 +0000] conn=74 op=1 RESULT err=0 tag=101 
nentries=1 etime=0
[02/Nov/2011:18:58:39 +0000] conn=74 op=2 MOD dn="uid=test,ou=Special 
Users,dc=alt"
[02/Nov/2011:18:58:39 +0000] conn=74 op=2 RESULT err=16 tag=103 
nentries=0 etime=0 csn=4eb192df0000000a0000
[02/Nov/2011:18:58:39 +0000] conn=74 op=3 MOD dn="uid=test,ou=Special 
Users,dc=alt"
[02/Nov/2011:18:58:39 +0000] conn=74 op=3 RESULT err=16 tag=103 
nentries=0 etime=0 csn=4eb192df0001000a0000
[02/Nov/2011:18:58:39 +0000] conn=74 op=4 MOD dn="uid=test,ou=Special 
Users,dc=alt"
[02/Nov/2011:18:58:39 +0000] conn=74 op=4 RESULT err=16 tag=103 
nentries=0 etime=0 csn=4eb192df0002000a0000
[02/Nov/2011:18:58:39 +0000] conn=74 op=5 UNBIND
[02/Nov/2011:18:58:39 +0000] conn=74 op=5 fd=69 closed - U1

There are three modifications that happen at this time, around setting 
the password, allowed change time, etc.

Is there a document somewhere which helps decipher some of these codes?  
what is a csn? etc...

The objectClasses on the object in both sides of the tree are identical 
(at least last I checked), so the inheritance of parameters should be 
the same (and I can set these attributes with ldapmodify).  I will 
review/verify again tomorrow.

What is the definition of no such attribute, in the context of a 
modify?  If the attribute is allowed on the class, but is not defined on 
the object, should it just set it anyway?

 >
 > If all else fails, you could use wireshark/tcpdump to inspect the 
packets received and sent by the directory server.
 >

Unfortunately, it is all encrypted.

Thanks guys, I do help the assist.

-Brandon