Re: [389-users] help with 'no such attribute' error?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 11/02/2011 03:49 PM, brandon wrote:
> So I'm hoping somebody can assist with a confusing problem I am having.
>
> I am running 389-ds-1.2.1-1.

What platform?  What version of 389-ds-base?

> I have nodes in a subtree where I am
> unable to modify the userPassword attribute through perl-LDAP, but I can
> through the 389-console.  However, this same exact perl-LDAP code /can/
> make changes to objects in a different subtree (works in ou=People,
> fails in ou=Special Users).
>
> The perl script uses an administrative account to make the changes
> (admin in ou=Administrators,ou=TopologyManagement,o=NetscapeRoot), which
> should have access to the entire tree. ACI's on the subtrees are
> identical, I have even compared them in the ldif export of the tree.
>
> The commit works if I use ldapmodify (same user/password), it works if I
> do it with 389-console, but it fails when I use perl-LDAP.
>
> I am current on perl-LDAP as well.
>
> The only reason I am still poking at the directory server, is because
> the directory server is returning the 'no such attribute' error 16, even
> in the logfiles.
>
> Is there any way to get some more .. readable logs from the directory
> server?

Start with the access log.  This will tell you your bind identity and 
the operations invoked by the client.  It won't give the exact modify 
arguments for modify operations - use the errorlog level 4 (ARGS) for 
that - see http://directory.fedoraproject.org/wiki/FAQ#Troubleshooting 
(4 Heavy trace output debugging).

> Is there a way to filter the ds logs, perhaps?  Specify that
> logs regarding specific nodes are sent at different levels?
>
> I suspect that perl-LDAP is committing the change in a manner
> differently than ldapmodify/389-console, but I cannot figure out how.
> What really confuses me is that perl-LDAP /works/ fine on ou=People, but
> not ou=Special Users.
If all else fails, you could use wireshark/tcpdump to inspect the 
packets received and sent by the directory server.
> Thoughts?  Help?  Suggested directions to look?
>
> Thanks,
>
> -Brandon
> --
> 389 users mailing list
> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux