[dev] LDAP prefs issue

Martin Fraer mdf at darksnow.net
Tue Oct 9 10:12:14 UTC 2007 

Incidently, the reason for all this ACL madness is so I don't have to 
bind as admin or supply a password to bind as my normal user. It is 
working brilliantly, apart form this error message. The odd thing is, it 
looks like it is trying to add objectclass to my LDAP entry while it is 
saving the changes, but it exists, hence the error.

It is getting modified fine, so I don't understand the reason for the 
error. Looking further it might be a Horde issue rather than the ACL's.

Currently an annoyance but I would like to firstly, understand what is 
happening and secondly, get rid of the error.

Cheers.
Martin Fraser.

Martin Fraer wrote:
> Hello all.
> 
> I'm setting up Horde FRAMEWORK_3 again and I've hit on a small snag with 
> my LDAP setup.
> 
> When trying to save any preferences I'm getting an error;
> 
> Warning: ldap_mod_add() [function.ldap-mod-add]: Modify: Type or value 
> exists in /usr/share/php/Horde/Prefs/ldap.php on line 491
> 
> My syslog for LDAP is showing something up with objectClass
> 
> 
> Oct  4 15:39:21 hostname imapd: Connection, ip=[::ffff:127.0.0.1]
> Oct  4 15:39:21 hostname imapd: LOGIN, user=user, ip=[::ffff:127.0.0.1], 
> protocol=IMAP
> Oct  4 15:39:21 hostname slapd[13385]: conn=14 fd=13 ACCEPT from 
> IP=127.0.0.1:57727 (IP=0.0.0.0:389)
> Oct  4 15:39:21 hostname slapd[13385]: conn=14 op=0 SRCH 
> base="ou=People,dc=domain,dc=local" scope=2 deref=0 filter="(uid=user)"
> Oct  4 15:39:21 hostname slapd[13385]: conn=14 op=0 SRCH attr=dn
> Oct  4 15:39:21 hostname slapd[13385]: <= bdb_equality_candidates: (uid) 
> index_param failed (18)
> Oct  4 15:39:21 hostname slapd[13385]: conn=14 op=0 SEARCH RESULT 
> tag=101 err=0 nentries=1 text=
> Oct  4 15:39:21 hostname slapd[13385]: conn=14 op=1 BIND 
> dn="uid=user,ou=People,dc=domain,dc=local" method=128
> Oct  4 15:39:21 hostname slapd[13385]: conn=14 op=1 BIND 
> dn="uid=user,ou=People,dc=domain,dc=local" mech=SIMPLE ssf=0
> Oct  4 15:39:21 hostname slapd[13385]: conn=14 op=1 RESULT tag=97 err=0 
> text=
> Oct  4 15:39:21 hostname slapd[13385]: conn=14 op=2 SRCH 
> base="ou=People,dc=domain,dc=local" scope=2 deref=0 filter="(uid=user)"
> Oct  4 15:39:21 hostname slapd[13385]: conn=14 op=2 SRCH attr=objectclass
> Oct  4 15:39:21 hostname slapd[13385]: <= bdb_equality_candidates: (uid) 
> index_param failed (18)
> Oct  4 15:39:21 hostname slapd[13385]: conn=14 op=2 SEARCH RESULT 
> tag=101 err=0 nentries=1 text=
> Oct  4 15:39:21 hostname slapd[13385]: conn=14 op=3 MOD 
> dn="uid=user,ou=People,dc=domain,dc=local"
> Oct  4 15:39:21 hostname slapd[13385]: conn=14 op=3 MOD attr=objectclass
> Oct  4 15:39:21 hostname slapd[13385]: conn=14 op=3 RESULT tag=103 
> err=20 text=modify/add: objectClass: value #0 already exists
> Oct  4 15:39:21 hostname slapd[13385]: conn=14 op=4 MOD 
> dn="uid=user,ou=People,dc=domain,dc=local"
> Oct  4 15:39:21 hostname slapd[13385]: conn=14 op=4 MOD attr=hordePrefs 
> impPrefs
> Oct  4 15:39:21 hostname slapd[13385]: conn=14 op=4 RESULT tag=103 err=0 
> text=
> Oct  4 15:39:21 hostname imapd: LOGOUT, user=user, 
> ip=[::ffff:127.0.0.1], headers=0, body=0, rcvd=76, sent=567, time=0
> Oct  4 15:39:21 hostname slapd[13385]: conn=14 op=5 UNBIND
> Oct  4 15:39:21 hostname slapd[13385]: conn=14 fd=13 closed
> 
> 
> So, I thought this might be an ACL issue. The relevant parts of my ACL 
> are as follows.
> 
> # Horde prefs
> access to 
> attrs=hordePrefs,impPrefs,turbaPrefs,gollemPrefs,kronolithPrefs,mnemoPrefs,trollPrefs,nagPrefs,klutzPrefs,jonahPrefs,hermesPrefs,junoPrefs,treanPrefs,whupsPrefs,ingoPrefs,geniePrefs,scryPrefs,anselPrefs,wickedPrefs,choraPrefs,agoraPrefs,goopsPrefs,merkPrefs,volosPrefs,mimpPrefs,mottlePrefs,nicPrefs,occamPrefs,odinPrefs,rakimPrefs,seshaPrefs,swooshPrefs,thorPrefs,ulaformPrefs
>          by self write
> 
> access to attrs=objectclass
>          by dn="cn=admin,dc=domain,dc=local" write
>          by self write
>          by * read
> 
> # The admin dn has full write access, everyone else
> # can read everything.
> access to *
>          by dn="cn=admin,dc=domain,dc=local" write
>          by * read
> 
> 
> Most of that stuff directly to do with objectclass was me trying to 
> resolve this issue. I originally had objectclass under the self write 
> thing above, which worked fine for Horde but killed everything else (all 
> my PAM auth went down).
> 
> So I'm pretty sure it is an ACL issue. Any of you LDAP experts have 
> anything to suggest.
> 
> Thanks in advance for any help or advice you can give.
> 
> Martin Fraser.
> 
>

More information about the dev mailing list