I've recently discovered a problem with the LDAP server on one of my
servers. It was a 5.1 server originally and I did an in-place upgrade to
6.5 a year ago. I hadn't noticed the LDAP problem until late last year when
I was trying to get Apache to do user authentication.
The problem looks to me like the LDAP schema is somehow broken. As an
example of the problems I'm having, I can't login to the Apache
Administration tool using the username cn=admin,o=hamilton but I can login
using commonname=admin,o=hamilton
The first username gives NDS error: no such entry (-601) in the DSTrace,
while the second version works fine. I'm using SSL on port 636 to connect
to the server.
I tried uninstalling LDAP, Tomcat & Apache on the server & re-installing
them but that didn't fix the problem.

Below is the DStrace of me logging onto the apche admin tool, first with
cn=admin and then with commonname=admin. At the end, you can see that it
also tries to find the group "cn=Apache Group,o=hamilton", which exists,
but it fails because it's not using commonname=
My other servers all work just fine with LDAP. I want to fix this because
the server holds the master replica and I'm trying to install an OES Linux
server into the tree and don't want problems with it talking to this server.

Wednesday, 24 Jan 2007
15:46:36 92B17560 LDAP: New TLS connection 0x92cc88c0 from
10.61.40.52:30448, monitor = 0x280, index = 7
15:46:36 9713D300 LDAP: Monitor 0x280 initiating TLS handshake on
connection 0x92cc88c0
15:46:36 9715F240 LDAP: (10.61.40.52:30448)(0x0000:0x00) DoTLSHandshake on
connection 0x92cc88c0
15:46:36 9715F240 LDAP: (10.61.40.52:30448)(0x0000:0x00) Completed TLS
handshake on connection 0x92cc88c0
15:46:36 9715F240 LDAP: (10.61.40.52:30448)(0x0001:0x60) DoBind on
connection 0x92cc88c0
15:46:36 9715F240 LDAP: (10.61.40.52:30448)(0x0001:0x60) Bind
name:cn=admin,o=hamilton, version:3, authentication:simple
15:46:36 9715F240 LDAP: (10.61.40.52:30448)(0x0001:0x60) Failed to resolve
full context on connection 0x92cc88c0, err = no such entry (-601)
15:46:36 9715F240 LDAP: (10.61.40.52:30448)(0x0001:0x60) Failed to
authenticate full context on connection 0x92cc88c0, err = no such entry (-601)
15:46:36 9715F240 LDAP: (10.61.40.52:30448)(0x0001:0x60) Sending operation
result 32:"":"NDS error: no such entry (-601)" to connection 0x92cc88c0
15:46:49 92B17560 LDAP: New TLS connection 0x9d107d20 from
10.61.40.52:30449, monitor = 0x280, index = 8
15:46:49 9713D300 LDAP: Monitor 0x280 found connection 0x92cc88c0 ending
TLS session
15:46:49 9715F240 LDAP: (10.61.40.52:30448)(0x0000:0x00) DoTLSShutdown on
connection 0x92cc88c0
15:46:49 9713D300 LDAP: Monitor 0x280 initiating TLS handshake on
connection 0x9d107d20
15:46:49 9715F240 LDAP: (10.61.40.52:30449)(0x0000:0x00) DoTLSHandshake on
connection 0x9d107d20
15:46:49 9713D300 LDAP: Monitor 0x280 found connection 0x92cc88c0 socket
closed, err = -5871, 0 of 0 bytes read
15:46:49 9713D300 LDAP: Monitor 0x280 initiating close for connection
0x92cc88c0
15:46:49 9BDDF520 LDAP: Server closing connection 0x92cc88c0, socket error
= -5871
15:46:49 9BDDF520 LDAP: Connection 0x92cc88c0 closed
15:46:49 9715F240 LDAP: (10.61.40.52:30449)(0x0000:0x00) Completed TLS
handshake on connection 0x9d107d20
15:46:49 9715F240 LDAP: (10.61.40.52:30449)(0x0001:0x60) DoBind on
connection 0x9d107d20
15:46:49 9715F240 LDAP: (10.61.40.52:30449)(0x0001:0x60) Bind
name:commonname=admin,o=hamilton, version:3, authentication:simple
15:46:49 9715F240 LDAP: (10.61.40.52:30449)(0x0001:0x60) Sending operation
result 0:"":"" to connection 0x9d107d20
15:46:49 9715F240 LDAP: (10.61.40.52:30449)(0x0002:0x63) DoSearch on
connection 0x9d107d20
15:46:49 9715F240 LDAP: (10.61.40.52:30449)(0x0002:0x63) Search request:
base: "commonname=admin,o=hamilton"
scope:0 dereference:3 sizelimit:0 timelimit:0 attrsonly:0
filter: "(objectClass=*)"
no attributes
15:46:49 9715F240 LDAP: (10.61.40.52:30449)(0x0002:0x63) Empty attribute
list implies all user attributes
15:46:49 9715F240 LDAP: (10.61.40.52:30449)(0x0002:0x63) Sending search
result entry "commonName=Admin,o=Hamilton" to connection 0x9d107d20
15:46:49 9715F240 LDAP: (10.61.40.52:30449)(0x0002:0x63) Sending operation
result 0:"":"" to connection 0x9d107d20
15:46:49 9715F240 LDAP: (10.61.40.52:30449)(0x0003:0x63) DoSearch on
connection 0x9d107d20
15:46:49 9715F240 LDAP: (10.61.40.52:30449)(0x0003:0x63) Search request:
base: "commonname=admin,o=hamilton"
scope:0 dereference:3 sizelimit:0 timelimit:0 attrsonly:0
filter: "(objectClass=*)"
no attributes
15:46:49 9715F240 LDAP: (10.61.40.52:30449)(0x0003:0x63) Empty attribute
list implies all user attributes
15:46:49 9715F240 LDAP: (10.61.40.52:30449)(0x0003:0x63) Sending search
result entry "commonName=Admin,o=Hamilton" to connection 0x9d107d20
15:46:49 9715F240 LDAP: (10.61.40.52:30449)(0x0003:0x63) Sending operation
result 0:"":"" to connection 0x9d107d20
15:46:49 9715F240 LDAP: (10.61.40.52:30449)(0x0004:0x63) DoSearch on
connection 0x9d107d20
15:46:49 9715F240 LDAP: (10.61.40.52:30449)(0x0004:0x63) Search request:
base: "o=hamilton"
scope:0 dereference:3 sizelimit:0 timelimit:0 attrsonly:0
filter: "(objectClass=*)"
no attributes
15:46:49 9715F240 LDAP: (10.61.40.52:30449)(0x0004:0x63) Empty attribute
list implies all user attributes
15:46:49 9715F240 LDAP: (10.61.40.52:30449)(0x0004:0x63) Sending search
result entry "o=Hamilton" to connection 0x9d107d20
15:46:49 9715F240 LDAP: (10.61.40.52:30449)(0x0004:0x63) Sending operation
result 0:"":"" to connection 0x9d107d20
15:46:50 9715F240 LDAP: (10.61.40.52:30449)(0x0005:0x63) DoSearch on
connection 0x9d107d20
15:46:50 9715F240 LDAP: (10.61.40.52:30449)(0x0005:0x63) Search request:
base: "cn=Apache Group,o=hamilton"
scope:0 dereference:3 sizelimit:0 timelimit:0 attrsonly:0
filter: "(objectClass=*)"
no attributes
15:46:50 9715F240 LDAP: (10.61.40.52:30449)(0x0005:0x63) Cannot resolve NDS
name 'Full Name=Apache Group.O=hamilton' in ResolveAndAuthNDSName, err = no
such entry (-601)
15:46:50 9715F240 LDAP: (10.61.40.52:30449)(0x0005:0x63) Base "cn=Apache
Group,o=hamilton" not found, err = no such entry (-601)
15:46:50 9715F240 LDAP: (10.61.40.52:30449)(0x0005:0x63) Sending operation
result 32:"o=hamilton":"NDS error: no such entry (-601)" to connection
0x9d107d20