I'm having a really weird issue where any new user I create in 389 DS is not able to
browse the directory.
What I mean is that the user binds without any issue, but when you use any directory
browser client the user sees nothing in the tree. Also, I've been collaborating with a
few in house developers who are writing LDAP auth into their applications - and for both
(Java and Perl using the LDAP libraries) they get the same behavior - they are able to
bind but the directory is empty.
Now if you use any user account that was created before (maybe a week or two ago - I'm
not sure) then everything suceeds without any issue.
Also, I have a replication consumer and if I connect to it with the new credential
everything works fine as well.
Using Apache Directory Studio (it's mainly what I use for troubleshooting when
389-console breaks) when I try to connect the error I get is:
"Missing schema location in RootDSE, using default schema"
Apparently it is referring to the subschemaSubentry attribute in the RootDSE - I can
verify that it is there however and seems to be readable by all including anonymous.
If I use the JNDI provider for apacheDS then I get the same error followed by 4 LDAP error
53s (unwilling to perform).
Any ideas? This is our production LDAP server and I'm getting a bit desperate, I have
backups from every week and I'm considering just turning it back until the issue
disappears - but it would forever trouble me not to figure out what happenned and how to
fix it in the future.
Thanks in advance for any input.
Andrei Wasylyk
Systems Analyst
Show replies by date