Today was the second time I had to research the same problem with OpenLDAP and ActiveLdap. I have no idea what happened to the solution that I found and employed, but it’s gone. Can’t find it. No love from grep.
The problem is this error in ActiveLdap
undefined method `' for nil:NilClass - (NoMethodError) ../active_ldap/adapter/base.rb:99:in `schema'
The solution is to add two ACL lines to my slapd.conf or one of its includes:
access to dn.base="" by * read access to dn.base="cn=Subschema" by * read
The reason why come is that ActiveLdap apparently queries anonymously for the schema, and my acls are too mean and stingy. If you start your development with strict ACLs, you hit the problem early. If you wait until near deployment-time to tighten up the security, you will be surprised when stuff just stops working.
You can see whether your ACLs are preventing access to the schema by running the following ldapsearch command:
ldapsearch -xh http://www.example.com -b '' -s base subschemaSubentry
If the result doesn’t look something like the example below, then you can try adding the two ACL lines above. The important section is the second, where you see that the value of subschemaSubentry is ‘cn=Subschema’
# extended LDIF # # LDAPv3 # base with scope base # filter: (objectclass=*) # requesting: subschemaSubentry # # dn: subschemaSubentry: cn=Subschema # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1