October 2012 - openldap-bugs

(ITS#7420) Way to bypass overlay unique and constranit

by kmenshikov＠hostcomm.ru

Full_Name: Konstantin Menshikov Version: 2.4.33 OS: FreeBSD 8.2-RELEASE-p4 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (212.116.101.94) Overlay unique and constraint use list attributes for check. If we use restriction by rdn (attribute cn for example), and don`t add attribute cn in ldif-file, we can bypass restriction. Overlay unique look list attributes in op->ora_e->e_attrs, if this list not contain attribute cn, checks isn`t running. IMHO: problem not in overlays, but in slapd code, that allow add object without explicit set rdn. Example configuration: [root(a)rdn.problem openldap]# cat slapd.conf # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/corba.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/dyngroup.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/java.schema include /usr/local/etc/openldap/schema/misc.schema include /usr/local/etc/openldap/schema/nis.schema include /usr/local/etc/openldap/schema/openldap.schema include /usr/local/etc/openldap/schema/ppolicy.schema include /usr/local/etc/openldap/schema/sudo.schema include /usr/local/etc/openldap/schema/samba.schema include /usr/local/etc/openldap/schema/spamassassin.schema include /usr/local/etc/openldap/schema/openssh-lpk.schema include /usr/local/etc/openldap/schema/vega-base.schema include /usr/local/etc/openldap/schema/vega-corp.schema include /usr/local/etc/openldap/schema/vega-net.schema include /usr/local/etc/openldap/schema/oversun-base.schema include /usr/local/etc/openldap/schema/oversun-corp.schema include /usr/local/etc/openldap/schema/oversun-mail.schema include /usr/local/etc/openldap/schema/oversun-net.schema include /usr/local/etc/openldap/schema/asterisk.schema # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args loglevel config stats sync trace # Load dynamic backend modules: modulepath /usr/local/libexec/openldap moduleload back_hdb database hdb suffix "o=company" rootdn "cn=ldapadm,o=company" rootpw password directory /var/db/openldap-data/o=company overlay unique unique_uri ldap:///ou=groups,o=company?cn?sub How to repeat: [root(a)rdn.problem openldap]# ldapadd -D cn=ldapadm,o=company -wpassword -H ldap://127.0.0.5:389 -f /root/add.ldif.false adding new entry "cn=test,ou=system,ou=groups,o=company" ldap_add: Constraint violation (19) additional info: some attributes not unique [root(a)rdn.problem openldap]# cat /root/add.ldif.false dn: cn=test,ou=system,ou=groups,o=company changetype: add objectClass: posixGroup description: test cn: test gidNumber: 1000 [root(a)rdn.problem openldap]# ldapadd -D cn=ldapadm,o=company -wpassword -H ldap://127.0.0.5:389 -f /root/add.ldif.true adding new entry "cn=test,ou=system,ou=groups,o=company" [root(a)rdn.problem openldap]# cat /root/add.ldif.true dn: cn=test,ou=system,ou=groups,o=company changetype: add objectClass: posixGroup description: test gidNumber: 1000 [root(a)rdn.problem openldap]# diff -U 3 /root/add.ldif.false /root/add.ldif.true --- /root/add.ldif.false 2012-10-23 06:22:16.000000000 +0000 +++ /root/add.ldif.true 2012-10-23 06:22:25.000000000 +0000 @@ -2,5 +2,4 @@ changetype: add objectClass: posixGroup description: test -cn: test gidNumber: 1000 Log file records: Oct 23 06:23:21 rdn slapd[44326]: slap_listener_activate(6): Oct 23 06:23:21 rdn slapd[44326]: >>> slap_listener(ldap://) Oct 23 06:23:21 rdn slapd[44326]: conn=1006 fd=10 ACCEPT from IP=127.0.0.5:17098 (IP=0.0.0.0:389) Oct 23 06:23:21 rdn slapd[44326]: connection_get(10): got connid=1006 Oct 23 06:23:21 rdn slapd[44326]: connection_read(10): checking for input on id=1006 Oct 23 06:23:21 rdn slapd[44326]: op tag 0x60, time 1350973401 Oct 23 06:23:21 rdn slapd[44326]: conn=1006 op=0 do_bind Oct 23 06:23:21 rdn slapd[44326]: >>> dnPrettyNormal: <cn=ldapadm,o=company> Oct 23 06:23:21 rdn slapd[44326]: <<< dnPrettyNormal: <cn=ldapadm,o=company>, <cn=ldapadm,o=company> Oct 23 06:23:21 rdn slapd[44326]: conn=1006 op=0 BIND dn="cn=ldapadm,o=company" method=128 Oct 23 06:23:21 rdn slapd[44326]: do_bind: version=3 dn="cn=ldapadm,o=company" method=128 Oct 23 06:23:21 rdn slapd[44326]: conn=1006 op=0 BIND dn="cn=ldapadm,o=company" mech=SIMPLE ssf=0 Oct 23 06:23:21 rdn slapd[44326]: do_bind: v3 bind: "cn=ldapadm,o=company" to "cn=ldapadm,o=company" Oct 23 06:23:21 rdn slapd[44326]: send_ldap_result: conn=1006 op=0 p=3 Oct 23 06:23:21 rdn slapd[44326]: send_ldap_response: msgid=1 tag=97 err=0 Oct 23 06:23:21 rdn slapd[44326]: conn=1006 op=0 RESULT tag=97 err=0 text= Oct 23 06:23:21 rdn slapd[44326]: connection_get(10): got connid=1006 Oct 23 06:23:21 rdn slapd[44326]: connection_read(10): checking for input on id=1006 Oct 23 06:23:21 rdn slapd[44326]: op tag 0x68, time 1350973401 Oct 23 06:23:21 rdn slapd[44326]: connection_input: conn=1006 deferring operation: binding Oct 23 06:23:21 rdn slapd[44326]: conn=1006 op=1 do_add Oct 23 06:23:21 rdn slapd[44326]: >>> dnPrettyNormal: <cn=test,ou=system,ou=groups,o=company> Oct 23 06:23:21 rdn slapd[44326]: <<< dnPrettyNormal: <cn=test,ou=system,ou=groups,o=company>, <cn=test,ou=system,ou=groups,o=company> Oct 23 06:23:21 rdn slapd[44326]: conn=1006 op=1 ADD dn="cn=test,ou=system,ou=groups,o=company" Oct 23 06:23:21 rdn slapd[44326]: bdb_dn2entry("cn=test,ou=system,ou=groups,o=company") Oct 23 06:23:21 rdn slapd[44326]: => hdb_dn2id("cn=test,ou=system,ou=groups,o=company") Oct 23 06:23:21 rdn slapd[44326]: <= hdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30989) Oct 23 06:23:21 rdn slapd[44326]: hdb_referrals: tag=104 target="cn=test,ou=system,ou=groups,o=company" matched="ou=system,ou=groups,o=company" Oct 23 06:23:21 rdn slapd[44326]: ==> unique_add <cn=test,ou=system,ou=groups,o=company> Oct 23 06:23:21 rdn slapd[44326]: ==> unique_search (|(cn=test)) Oct 23 06:23:21 rdn slapd[44326]: => hdb_search Oct 23 06:23:21 rdn slapd[44326]: bdb_dn2entry("ou=groups,o=company") Oct 23 06:23:21 rdn slapd[44326]: search_candidates: base="ou=groups,o=company" (0x00000002) scope=2 Oct 23 06:23:21 rdn slapd[44326]: => hdb_dn2idl("ou=groups,o=company") Oct 23 06:23:21 rdn slapd[44326]: => bdb_equality_candidates (objectClass) Oct 23 06:23:21 rdn slapd[44326]: <= bdb_equality_candidates: (objectClass) not indexed Oct 23 06:23:21 rdn slapd[44326]: => bdb_equality_candidates (cn) Oct 23 06:23:21 rdn slapd[44326]: <= bdb_equality_candidates: (cn) not indexed Oct 23 06:23:21 rdn slapd[44326]: bdb_search_candidates: id=-1 first=2 last=5 Oct 23 06:23:21 rdn slapd[44326]: hdb_search: 2 does not match filter Oct 23 06:23:21 rdn slapd[44326]: hdb_search: 3 does not match filter Oct 23 06:23:21 rdn slapd[44326]: hdb_search: 4 does not match filter Oct 23 06:23:21 rdn slapd[44326]: ==> count_attr_cb <cn=test,ou=personal,ou=groups,o=company> Oct 23 06:23:21 rdn slapd[44326]: send_ldap_result: conn=1006 op=1 p=3 Oct 23 06:23:21 rdn slapd[44326]: => unique_search found 1 records Oct 23 06:23:21 rdn slapd[44326]: send_ldap_result: conn=1006 op=1 p=3 Oct 23 06:23:21 rdn slapd[44326]: send_ldap_response: msgid=2 tag=105 err=19 Oct 23 06:23:21 rdn slapd[44326]: conn=1006 op=1 RESULT tag=105 err=19 text=some attributes not unique Oct 23 06:23:21 rdn slapd[44326]: connection_get(10): got connid=1006 Oct 23 06:23:21 rdn slapd[44326]: connection_read(10): checking for input on id=1006 Oct 23 06:23:21 rdn slapd[44326]: op tag 0x42, time 1350973401 Oct 23 06:23:21 rdn slapd[44326]: ber_get_next on fd 10 failed errno=0 (Undefined error: 0) Oct 23 06:23:21 rdn slapd[44326]: conn=1006 op=2 do_unbind Oct 23 06:23:21 rdn slapd[44326]: conn=1006 op=2 UNBIND Oct 23 06:23:21 rdn slapd[44326]: connection_close: conn=1006 sd=10 Oct 23 06:23:21 rdn slapd[44326]: conn=1006 fd=10 closed Oct 23 06:23:52 rdn slapd[44326]: slap_listener_activate(6): Oct 23 06:23:52 rdn slapd[44326]: >>> slap_listener(ldap://) Oct 23 06:23:52 rdn slapd[44326]: conn=1007 fd=10 ACCEPT from IP=127.0.0.5:20738 (IP=0.0.0.0:389) Oct 23 06:23:52 rdn slapd[44326]: connection_get(10): got connid=1007 Oct 23 06:23:52 rdn slapd[44326]: connection_read(10): checking for input on id=1007 Oct 23 06:23:52 rdn slapd[44326]: op tag 0x60, time 1350973432 Oct 23 06:23:52 rdn slapd[44326]: conn=1007 op=0 do_bind Oct 23 06:23:52 rdn slapd[44326]: >>> dnPrettyNormal: <cn=ldapadm,o=company> Oct 23 06:23:52 rdn slapd[44326]: <<< dnPrettyNormal: <cn=ldapadm,o=company>, <cn=ldapadm,o=company> Oct 23 06:23:52 rdn slapd[44326]: conn=1007 op=0 BIND dn="cn=ldapadm,o=company" method=128 Oct 23 06:23:52 rdn slapd[44326]: do_bind: version=3 dn="cn=ldapadm,o=company" method=128 Oct 23 06:23:52 rdn slapd[44326]: conn=1007 op=0 BIND dn="cn=ldapadm,o=company" mech=SIMPLE ssf=0 Oct 23 06:23:52 rdn slapd[44326]: do_bind: v3 bind: "cn=ldapadm,o=company" to "cn=ldapadm,o=company" Oct 23 06:23:52 rdn slapd[44326]: send_ldap_result: conn=1007 op=0 p=3 Oct 23 06:23:52 rdn slapd[44326]: send_ldap_response: msgid=1 tag=97 err=0 Oct 23 06:23:52 rdn slapd[44326]: conn=1007 op=0 RESULT tag=97 err=0 text= Oct 23 06:23:52 rdn slapd[44326]: connection_get(10): got connid=1007 Oct 23 06:23:52 rdn slapd[44326]: connection_read(10): checking for input on id=1007 Oct 23 06:23:52 rdn slapd[44326]: op tag 0x68, time 1350973432 Oct 23 06:23:52 rdn slapd[44326]: connection_input: conn=1007 deferring operation: binding Oct 23 06:23:52 rdn slapd[44326]: conn=1007 op=1 do_add Oct 23 06:23:52 rdn slapd[44326]: >>> dnPrettyNormal: <cn=test,ou=system,ou=groups,o=company> Oct 23 06:23:52 rdn slapd[44326]: <<< dnPrettyNormal: <cn=test,ou=system,ou=groups,o=company>, <cn=test,ou=system,ou=groups,o=company> Oct 23 06:23:52 rdn slapd[44326]: conn=1007 op=1 ADD dn="cn=test,ou=system,ou=groups,o=company" Oct 23 06:23:52 rdn slapd[44326]: bdb_dn2entry("cn=test,ou=system,ou=groups,o=company") Oct 23 06:23:52 rdn slapd[44326]: => hdb_dn2id("cn=test,ou=system,ou=groups,o=company") Oct 23 06:23:52 rdn slapd[44326]: <= hdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30989) Oct 23 06:23:52 rdn slapd[44326]: hdb_referrals: tag=104 target="cn=test,ou=system,ou=groups,o=company" matched="ou=system,ou=groups,o=company" Oct 23 06:23:52 rdn slapd[44326]: ==> unique_add <cn=test,ou=system,ou=groups,o=company> Oct 23 06:23:52 rdn slapd[44326]: oc_check_required entry (cn=test,ou=system,ou=groups,o=company), objectClass "posixGroup" Oct 23 06:23:52 rdn slapd[44326]: oc_check_allowed type "objectClass" Oct 23 06:23:52 rdn slapd[44326]: oc_check_allowed type "description" Oct 23 06:23:52 rdn slapd[44326]: oc_check_allowed type "gidNumber" Oct 23 06:23:52 rdn slapd[44326]: oc_check_allowed type "structuralObjectClass" Oct 23 06:23:52 rdn slapd[44326]: oc_check_allowed type "cn" Oct 23 06:23:52 rdn slapd[44326]: slap_queue_csn: queing 0x7ffffebfc160 20121023062352.127471Z#000000#000#000000 Oct 23 06:23:52 rdn slapd[44326]: bdb_dn2entry("cn=test,ou=system,ou=groups,o=company") Oct 23 06:23:52 rdn slapd[44326]: => hdb_dn2id("cn=test,ou=system,ou=groups,o=company") Oct 23 06:23:52 rdn slapd[44326]: <= hdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30989) Oct 23 06:23:52 rdn slapd[44326]: => hdb_dn2id_add 0x6: "cn=test,ou=system,ou=groups,o=company" Oct 23 06:23:52 rdn slapd[44326]: <= hdb_dn2id_add 0x6: 0 Oct 23 06:23:52 rdn slapd[44326]: => index_entry_add( 6, "cn=test,ou=system,ou=groups,o=company" ) Oct 23 06:23:52 rdn slapd[44326]: <= index_entry_add( 6, "cn=test,ou=system,ou=groups,o=company" ) success Oct 23 06:23:52 rdn slapd[44326]: => entry_encode(0x00000006): Oct 23 06:23:52 rdn slapd[44326]: <= entry_encode(0x00000006): Oct 23 06:23:52 rdn slapd[44326]: hdb_add: added id=00000006 dn="cn=test,ou=system,ou=groups,o=company" Oct 23 06:23:52 rdn slapd[44326]: send_ldap_result: conn=1007 op=1 p=3 Oct 23 06:23:52 rdn slapd[44326]: send_ldap_response: msgid=2 tag=105 err=0 Oct 23 06:23:52 rdn slapd[44326]: conn=1007 op=1 RESULT tag=105 err=0 text= Oct 23 06:23:52 rdn slapd[44326]: slap_graduate_commit_csn: removing 0x80197aeb0 20121023062352.127471Z#000000#000#000000 Oct 23 06:23:52 rdn slapd[44326]: connection_get(10): got connid=1007 Oct 23 06:23:52 rdn slapd[44326]: connection_read(10): checking for input on id=1007 Oct 23 06:23:52 rdn slapd[44326]: op tag 0x42, time 1350973432 Oct 23 06:23:52 rdn slapd[44326]: ber_get_next on fd 10 failed errno=0 (Undefined error: 0) Oct 23 06:23:52 rdn slapd[44326]: conn=1007 op=2 do_unbind Oct 23 06:23:52 rdn slapd[44326]: conn=1007 op=2 UNBIND Oct 23 06:23:52 rdn slapd[44326]: connection_close: conn=1007 sd=10 Oct 23 06:23:52 rdn slapd[44326]: conn=1007 fd=10 closed

10 years, 11 months

1
0
0 / 0

Re: AW: (ITS#7418) slapo-constraint are broken

by jsynacek＠redhat.com

On 10/22/2012 09:19 PM, quanah(a)zimbra.com wrote: > --On Monday, October 22, 2012 7:14 PM +0000 Sascha.Kuehndel(a)deka.de wrote: > >> --_004_F12A906A1F17554CB9CDFC8F4779F3C469A046FAB9EXCCREX9dekag_ >> Content-Type: text/plain; charset="iso-8859-1" >> Content-Transfer-Encoding: quoted-printable >> >> Hello, >> >> i have reduced the configuration and the DIT to a minium. >> So i can now send the slapd.conf, the initial dit and the test-change. >> >> I hope you can reproduce the error, with it. > > Hi Jan, > > It appears your changes to slapo-constraint broke at least one > configuration option. Can you please review the information in this ITS > and update your changes. Thanks. > Hi, those changes were made by me (different Jan). I will look into it and update the testcases. -- Jan Synacek Software Engineer, BaseOS team Brno, Red Hat

10 years, 11 months

1
0
0 / 0

Re: AW: (ITS#7418) slapo-constraint are broken

by quanah＠zimbra.com

--On Monday, October 22, 2012 7:14 PM +0000 Sascha.Kuehndel(a)deka.de wrote: > --_004_F12A906A1F17554CB9CDFC8F4779F3C469A046FAB9EXCCREX9dekag_ > Content-Type: text/plain; charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > Hello, > > i have reduced the configuration and the DIT to a minium. > So i can now send the slapd.conf, the initial dit and the test-change. > > I hope you can reproduce the error, with it. Hi Jan, It appears your changes to slapo-constraint broke at least one configuration option. Can you please review the information in this ITS and update your changes. Thanks. --Quanah -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration

10 years, 11 months

1
0
0 / 0

AW: (ITS#7418) slapo-constraint are broken

by Sascha.Kuehndel＠deka.de

--_004_F12A906A1F17554CB9CDFC8F4779F3C469A046FAB9EXCCREX9dekag_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hello, i have reduced the configuration and the DIT to a minium. So i can now send the slapd.conf, the initial dit and the test-change. I hope you can reproduce the error, with it. The uses software: OpenLDAP: 2.4.33 BDB: 5.3.21 OpenSSL: 1.0.1c Thanks, Sascha Kuehndel --_004_F12A906A1F17554CB9CDFC8F4779F3C469A046FAB9EXCCREX9dekag_ Content-Type: application/octet-stream; name="initial.ldif" Content-Description: initial.ldif Content-Disposition: attachment; filename="initial.ldif"; size=1490; creation-date="Mon, 22 Oct 2012 19:06:34 GMT"; modification-date="Mon, 22 Oct 2012 18:41:40 GMT" Content-Transfer-Encoding: base64 ZG46IG91PWRla2EsZGM9ZXhhbXBsZSxkYz1jb20Kb3U6IGRla2FuZXQKb2JqZWN0Q2xhc3M6IG9y Z2FuaXphdGlvbmFsVW5pdApzdHJ1Y3R1cmFsT2JqZWN0Q2xhc3M6IG9yZ2FuaXphdGlvbmFsVW5p dAplbnRyeVVVSUQ6IDdiOWRkOWQyLWIwYmMtMTAzMS05ZjI1LTA1OWJlYjBiYjUzYwplbnRyeUNT TjogMjAxMjEwMjIxNzQ4NTAuODEwNDY3WiMwMDAwMDAjMDAwIzAwMDAwMAoKZG46IG91PWdyb3Vw LG91PWRla2EsZGM9ZXhhbXBsZSxkYz1jb20Kb3U6IFppZWxncnVwcGVuCmRlc2NyaXB0aW9uOiBD b250YWluZXIgZnVlciBaaWVsZ3J1cHBlbmVpbnRyYWVnZQpvYmplY3RDbGFzczogb3JnYW5pemF0 aW9uYWxVbml0CnN0cnVjdHVyYWxPYmplY3RDbGFzczogb3JnYW5pemF0aW9uYWxVbml0CmVudHJ5 VVVJRDogODQwNTExMTItYjBiYy0xMDMxLTlmMjYtMDU5YmViMGJiNTNjCmVudHJ5Q1NOOiAyMDEy MTAyMjE3NDkwNC45MDg2NjBaIzAwMDAwMCMwMDAjMDAwMDAwCgpkbjogdWlkPTE0LG91PWdyb3Vw LG91PWRla2EsZGM9ZXhhbXBsZSxkYz1jb20KdWlkOiAxNApvYmplY3RDbGFzczogYWNjb3VudApv YmplY3RDbGFzczogdG9wCnN0cnVjdHVyYWxPYmplY3RDbGFzczogYWNjb3VudAplbnRyeVVVSUQ6 IDg0N2VhYzVjLWIwYmMtMTAzMS05ZjM2LTA1OWJlYjBiYjUzYwplbnRyeUNTTjogMjAxMjEwMjIx NzUxMjcuNzIyNzQ3WiMwMDAwMDAjMDAwIzAwMDAwMAoKZG46IG91PXVzZXIsb3U9ZGVrYSxkYz1l eGFtcGxlLGRjPWNvbQpvdTogQmVudXR6ZXIKb2JqZWN0Q2xhc3M6IG9yZ2FuaXphdGlvbmFsVW5p dApzdHJ1Y3R1cmFsT2JqZWN0Q2xhc3M6IG9yZ2FuaXphdGlvbmFsVW5pdAplbnRyeVVVSUQ6IDhh ZDhjYTEwLWIwYmMtMTAzMS05ZjNhLTA1OWJlYjBiYjUzYwplbnRyeUNTTjogMjAxMjEwMjIxNzQ5 MTYuMzYyNTU1WiMwMDAwMDAjMDAwIzAwMDAwMAoKZG46IGRjPTEsb3U9dXNlcixvdT1kZWthLGRj PWV4YW1wbGUsZGM9Y29tCmRjOiAxCm9iamVjdENsYXNzOiBkb21haW4Kb2JqZWN0Q2xhc3M6IHRv cAphc3NvY2lhdGVkTmFtZTogdWlkPTE0LG91PWdyb3VwLG91PWRla2EsZGM9ZXhhbXBsZSxkYz1j b20Kc3RydWN0dXJhbE9iamVjdENsYXNzOiBkb21haW4KZW50cnlVVUlEOiA3ODgwZDBlNi1iMGMy LTEwMzEtODk1Yi1hMWEzZjJmYmFjYjcKZW50cnlDU046IDIwMTIxMDIyMTgzMTQyLjU2NzI3OVoj MDAwMDAwIzAwMCMwMDAwMDAKCmRuOiBkYz0yLG91PXVzZXIsb3U9ZGVrYSxkYz1leGFtcGxlLGRj PWNvbQpkYzogMgpvYmplY3RDbGFzczogZG9tYWluCm9iamVjdENsYXNzOiB0b3AKYXNzb2NpYXRl ZE5hbWU6IHVpZD0xNCxvdT1ncm91cCxvdT1kZWthLGRjPWV4YW1wbGUsZGM9Y29tCnN0cnVjdHVy YWxPYmplY3RDbGFzczogZG9tYWluCmVudHJ5VVVJRDogODA0MTUyNTYtYjBjMi0xMDMxLTg5NWMt YTFhM2YyZmJhY2I3CmVudHJ5Q1NOOiAyMDEyMTAyMjE4MzE1NS41NzMwNThaIzAwMDAwMCMwMDAj MDAwMDAwCgo= --_004_F12A906A1F17554CB9CDFC8F4779F3C469A046FAB9EXCCREX9dekag_ Content-Type: application/octet-stream; name="slapd.conf" Content-Description: slapd.conf Content-Disposition: attachment; filename="slapd.conf"; size=818; creation-date="Mon, 22 Oct 2012 19:06:27 GMT"; modification-date="Mon, 22 Oct 2012 19:05:29 GMT" Content-Transfer-Encoding: base64 IyBTY2hlbWF0YSBhdXMgZGVyIE9wZW5MREFQLURpc3RyaWJ1dGlvbgppbmNsdWRlCSAgICAgICAg ICAgICAgICAgc2xhcGQvZXRjL29wZW5sZGFwL3NjaGVtYS9jb3JlLnNjaGVtYQppbmNsdWRlCSAg ICAgICAgICAgICAgICAgc2xhcGQvZXRjL29wZW5sZGFwL3NjaGVtYS9jb3NpbmUuc2NoZW1hCgoj IExvYWQgbW9kdWxlcwptb2R1bGVwYXRoICAgICAgICAgICAgICAgc2xhcGQvbGliZXhlYy9vcGVu bGRhcAptb2R1bGVsb2FkICAgICAgICAgICAgICAgYmFja19oZGIubGEKbW9kdWxlbG9hZCAgICAg ICAgICAgICAgIGNvbnN0cmFpbnQubGEKCiMgQmFzZSBrb25maWd1cmF0aW9uCnBpZGZpbGUgICAg ICAgICAgICAgICAgICBzbGFwZC5waWQKYXJnc2ZpbGUgICAgICAgICAgICAgICAgIHNsYXBkLmFy Z3MKCiMgRGF0YWJhc2UKZGF0YWJhc2UgICAgICAgICAgICAgICAgIGhkYgoKc3VmZml4ICAgICAg ICAgICAgICAgICAgICJvdT1kZWthLGRjPWV4YW1wbGUsZGM9Y29tIgpkaXJlY3RvcnkgICAgICAg ICAgICAgICAgZXhhbXBsZQpyb290ZG4gICAgICAgICAgICAgICAgICAgImNuPXJvb3Qsb3U9ZGVr YSxkYz1leGFtcGxlLGRjPWNvbSIKcm9vdHB3ICAgICAgICAgICAgICAgICAgIHJvb3QKCm92ZXJs YXkgY29uc3RyYWludApjb25zdHJhaW50X2F0dHJpYnV0ZSBhc3NvY2lhdGVkTmFtZSB1cmkKICBs ZGFwOi8vL291PWdyb3VwLG91PWRla2EsZGM9ZXhhbXBsZSxkYz1jb20/ZW50cnlETj9vbmU/KG9i amVjdENsYXNzPWFjY291bnQpCiAgcmVzdHJpY3Q9bGRhcDovLy9vdT11c2VyLG91PWRla2EsZGM9 ZXhhbXBsZSxkYz1jb20/P29uZQo= --_004_F12A906A1F17554CB9CDFC8F4779F3C469A046FAB9EXCCREX9dekag_ Content-Type: application/octet-stream; name="test.ldif" Content-Description: test.ldif Content-Disposition: attachment; filename="test.ldif"; size=96; creation-date="Mon, 22 Oct 2012 19:07:18 GMT"; modification-date="Mon, 22 Oct 2012 19:07:00 GMT" Content-Transfer-Encoding: base64 ZG46IGRjPTIsb3U9dXNlcixvdT1kZWthLGRjPWV4YW1wbGUsZGM9Y29tCmNoYW5nZXR5cGU6IG1v ZGlmeQphZGQ6IGRlc2NyaXB0aW9uCmRlc2NyaXB0aW9uOiBhCi0K --_004_F12A906A1F17554CB9CDFC8F4779F3C469A046FAB9EXCCREX9dekag_--

10 years, 11 months

1
0
0 / 0

Re: (ITS#7367) [PATCH] MozNSS: update list of supported cipher suites

by quanah＠zimbra.com

--On Monday, October 08, 2012 9:49 AM +0200 Jan Včelák <jvcelak(a)redhat.com> wrote: > I would like to see newer OpenLDAP in RHEL because it would be easier for > me to maintain it. But I'm not sure if the advantages will outweight the > disadvantages and if our customers will benefit from it rather than be > forced to deal with new problems. The lack of a current version of OpenLDAP exposes your customers to numerous significant issues, whether or not you choose acknowledge that. >> Ok. One thing I do with Debian is help triage issues that are reported >> there with the upstream ITS system if the issues do not appear to be due >> to the usage of an old version. If there is a simple way to do that >> with Red Hat, I could help there as well. > > When there is a new bug report, I usualy try to reproduce with the > package from RHEL or Fedora. And then with the newest OpenLDAP from git > master. If I'm able to reproduce, I always create a report in your ITS. I was curious more in a list like pkg-openldap-devel w/ Debian, which also gets cc'd on all ldap related tickets. But it sounds like you are already doing what I was thinking of. --Quanah -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration

10 years, 11 months

1
0
0 / 0

Re: (ITS#7418) slapo-constraint are broken

by michael＠stroeder.com

This is a cryptographically signed message in MIME format. --------------ms060905030203070305090206 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable I suspect this is related to changes because of fix for ITS#7168 similar or same like ITS#7340. Ciao, Michael. --------------ms060905030203070305090206 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIILHzCC BT8wggQnoAMCAQICDwCmSwABAAIAivjZQ8SBvzANBgkqhkiG9w0BAQUFADB8MQswCQYDVQQG EwJERTEcMBoGA1UEChMTVEMgVHJ1c3RDZW50ZXIgR21iSDElMCMGA1UECxMcVEMgVHJ1c3RD ZW50ZXIgQ2xhc3MgMSBMMSBDQTEoMCYGA1UEAxMfVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMSBM MSBDQSBJWDAeFw0xMjA2MDYxOTAyMTZaFw0xMzA2MDcxOTAyMTZaMCgxCzAJBgNVBAYTAkRF MRkwFwYDVQQDDBBNaWNoYWVsIFN0csO2ZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEAxXZGav40rnGNLxEggBW94MILWHlfC8a23Jew5U1gPlfRTXOjjzmoaZ1uCyGdgF6M VvuO9T1aTQNGH+OdeGe3P7Tfc/NsLJFJ2wtd8blvhmodUgse2eypiWjNOd4gZuhalBhgsQ0K b5D6/1foghII4E264iZlJ7AJ+UYcO+GxvFWT0YMTbLckgDkZk7c3qwTozdhYvXarvqx+8Ou/ kuxpQQhac/ebzxpu0N+RHSf2KIUS0g0tEGnPtGv6iL+9QNHc4JKo9Y9KKVw3tQy+Re+FQLxB 1fPE5F+qxuD3AUENpOwkMsqWLM94ohtx3CFqLpxfUPrnKFLAHOhHEbByYGvFPwIDAQABo4IC EDCCAgwwgaUGCCsGAQUFBwEBBIGYMIGVMFEGCCsGAQUFBzAChkVodHRwOi8vd3d3LnRydXN0 Y2VudGVyLmRlL2NlcnRzZXJ2aWNlcy9jYWNlcnRzL3RjX2NsYXNzMV9MMV9DQV9JWC5jcnQw QAYIKwYBBQUHMAGGNGh0dHA6Ly9vY3NwLml4LnRjY2xhc3MxLnRjdW5pdmVyc2FsLWkudHJ1 c3RjZW50ZXIuZGUwHwYDVR0jBBgwFoAU6bgoHUbP/M34TpvF7ktg69g7P9EwDAYDVR0TAQH/ BAIwADBKBgNVHSAEQzBBMD8GCSqCFAAsAQEBATAyMDAGCCsGAQUFBwIBFiRodHRwOi8vd3d3 LnRydXN0Y2VudGVyLmRlL2d1aWRlbGluZXMwDgYDVR0PAQH/BAQDAgTwMB0GA1UdDgQWBBS2 KAWfTfgJ/JQ63qLGwTXYLnI+LzBiBgNVHR8EWzBZMFegVaBThlFodHRwOi8vY3JsLml4LnRj Y2xhc3MxLnRjdW5pdmVyc2FsLWkudHJ1c3RjZW50ZXIuZGUvY3JsL3YyL3RjX0NsYXNzMV9M MV9DQV9JWC5jcmwwMwYDVR0lBCwwKgYIKwYBBQUHAwIGCCsGAQUFBwMEBggrBgEFBQcDBwYK KwYBBAGCNxQCAjAfBgNVHREEGDAWgRRtaWNoYWVsQHN0cm9lZGVyLmNvbTANBgkqhkiG9w0B AQUFAAOCAQEAQ3bvVUpEq+cQrLpcogyt5BJNk/WvUvOHqhzyj28M9pg9hcDl1+MYl5qqj6tR GSTLPQZyf287pcmbMwbcTGZO/gbW9v7RYcut6RauWdwKMCUmKC3J4fVfDq9ZETA2WOV68ef4 B3Gzdhghsbp3Rhp5dDmrCVKAHlafm6ZwJrEQ9P76fxnQZzRLgeKpZep5ePH5YHUB3+YaOQvJ FG0bOXvfHhRiRG7/HW2G+yDgjHSxDz8AFzMWL/RFePqZ4pn6T/SM/qU6WEpW39MWyJNoH/Kx QDYK8gGYuesn1ciMCTnjrvZQj0fonGTO4SfWekJRkuGrJ7dYSZRjYbDcWBBkdFLWzzCCBdgw ggTAoAMCAQICDgboAAEAAkqWLSQM/sXJMA0GCSqGSIb3DQEBBQUAMHkxCzAJBgNVBAYTAkRF MRwwGgYDVQQKExNUQyBUcnVzdENlbnRlciBHbWJIMSQwIgYDVQQLExtUQyBUcnVzdENlbnRl ciBVbml2ZXJzYWwgQ0ExJjAkBgNVBAMTHVRDIFRydXN0Q2VudGVyIFVuaXZlcnNhbCBDQSBJ MB4XDTA5MTEwMzE0MDgxOVoXDTI1MTIzMTIxNTk1OVowfDELMAkGA1UEBhMCREUxHDAaBgNV BAoTE1RDIFRydXN0Q2VudGVyIEdtYkgxJTAjBgNVBAsTHFRDIFRydXN0Q2VudGVyIENsYXNz IDEgTDEgQ0ExKDAmBgNVBAMTH1RDIFRydXN0Q2VudGVyIENsYXNzIDEgTDEgQ0EgSVgwggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC75pBuz2Lp6QuqthDVR+V8XSsncZpozVVt 5KLv5P7yemMRwleKyH3PjmYfZUVL64Biab1GjovFblqVGCrep/EfdRonq20yU+P7TVhiLP8Z 5cegDZotIYhZhM0d8cPIij6w5d4IJM/8QCy6QSOUu4ASiTVItoYE4AFPjLqpmPwcie0fiqHH hpgmHnJla/7PZdkMZEsaCfVDEWBmJuMzVprJPT40anjG5VBLyM2I5DlsUCaeQCy2O3w3sqf1 3dyzUcv03IICuNc63towXA31Qt0TaVNU6YAmQjMepdfMbspmCZ+G8D2+xophEPPR/1vkstst smUMqX0XrLonTUJczglPAgMBAAGjggJZMIICVTCBmgYIKwYBBQUHAQEEgY0wgYowUgYIKwYB BQUHMAKGRmh0dHA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvY2VydHNlcnZpY2VzL2NhY2VydHMv dGNfdW5pdmVyc2FsX3Jvb3RfSS5jcnQwNAYIKwYBBQUHMAGGKGh0dHA6Ly9vY3NwLnRjdW5p dmVyc2FsLUkudHJ1c3RjZW50ZXIuZGUwHwYDVR0jBBgwFoAUkqR1LKSevoFE63n8isWVpesQ dXMwEgYDVR0TAQH/BAgwBgEB/wIBADBSBgNVHSAESzBJMAYGBFUdIAAwPwYJKoIUACwBAQEB MDIwMAYIKwYBBQUHAgEWJGh0dHA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5lczAO BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFOm4KB1Gz/zN+E6bxe5LYOvYOz/RMIH9BgNVHR8E gfUwgfIwge+ggeyggemGRmh0dHA6Ly9jcmwudGN1bml2ZXJzYWwtSS50cnVzdGNlbnRlci5k ZS9jcmwvdjIvdGNfdW5pdmVyc2FsX3Jvb3RfSS5jcmyGgZ5sZGFwOi8vd3d3LnRydXN0Y2Vu dGVyLmRlL0NOPVRDJTIwVHJ1c3RDZW50ZXIlMjBVbml2ZXJzYWwlMjBDQSUyMEksTz1UQyUy MFRydXN0Q2VudGVyJTIwR21iSCxPVT1yb290Y2VydHMsREM9dHJ1c3RjZW50ZXIsREM9ZGU/ Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlPzANBgkqhkiG9w0BAQUFAAOCAQEAOcjE m+6+mO5Icm+N53G2DpCM07LBFSGoRpBoX0oE8TrJaIQh2KXmBHVdn9LU8kt3QzLclctgvwJV 0KwcsMUUl5tlCsMPpR3s2Ek5lbWpvvr0HqtW56blAQiINV9nBd1EJFASIkRjefGbV2nOq9Yz UU+N8HA7jq1ROhd/NZZraGhjthwKyfjfHV7PKxGlY+3M0MbTIG+q/GhIfm0euDpFqhKG88e9 ALXr/uoSn3MzeOcoOWjTpW3adtFO4VWVgKbgG7jNrFbvRVlHmFLbOm4msjE5aXWxLiTwpJ2X iF4zKca1vAdAOgw9us90jEtOeiH6GzjNxEMvb7TfeO6Zkuc6HDGCA84wggPKAgEBMIGPMHwx CzAJBgNVBAYTAkRFMRwwGgYDVQQKExNUQyBUcnVzdENlbnRlciBHbWJIMSUwIwYDVQQLExxU QyBUcnVzdENlbnRlciBDbGFzcyAxIEwxIENBMSgwJgYDVQQDEx9UQyBUcnVzdENlbnRlciBD bGFzcyAxIEwxIENBIElYAg8ApksAAQACAIr42UPEgb8wCQYFKw4DAhoFAKCCAhMwGAYJKoZI hvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTIxMDE4MTkyNjAyWjAjBgkq hkiG9w0BCQQxFgQU7QCgPPclKaMhoNwC33a+he0n9jAwbAYJKoZIhvcNAQkPMV8wXTALBglg hkgBZQMEASowCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggq hkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDCBoAYJKwYBBAGCNxAEMYGSMIGP MHwxCzAJBgNVBAYTAkRFMRwwGgYDVQQKExNUQyBUcnVzdENlbnRlciBHbWJIMSUwIwYDVQQL ExxUQyBUcnVzdENlbnRlciBDbGFzcyAxIEwxIENBMSgwJgYDVQQDEx9UQyBUcnVzdENlbnRl ciBDbGFzcyAxIEwxIENBIElYAg8ApksAAQACAIr42UPEgb8wgaIGCyqGSIb3DQEJEAILMYGS oIGPMHwxCzAJBgNVBAYTAkRFMRwwGgYDVQQKExNUQyBUcnVzdENlbnRlciBHbWJIMSUwIwYD VQQLExxUQyBUcnVzdENlbnRlciBDbGFzcyAxIEwxIENBMSgwJgYDVQQDEx9UQyBUcnVzdENl bnRlciBDbGFzcyAxIEwxIENBIElYAg8ApksAAQACAIr42UPEgb8wDQYJKoZIhvcNAQEBBQAE ggEAYODTh49NYBcdsAkvO9kTYc/VjSVJrTgQbiau0T8JPupHvjrFuHTFfrKRUSrw3gVYR9Fq DhLx/lw0yM6Ced86B7v/GVMjAo4hEE/UV41hCvSd4WXn5DsDRTNQFX3YCSNpTb8fQALJDcRw SL1IRMbGnZdVDHIQGtZ+WR9+0yKLn1m/Bitgh25pZJhdbW+QaRNCEKFuUuqM039BzvVIy+3I yihMjC64xY4dIJplhoedtCJ8JzJaHJgOoetrgcJBkDPmNb0yEA7mjZCEyu+BBizstu5886j/ AygwwHn6NB+Av7Dz2SIl2sOmN0BsPIA2Yu2htDOZqDQjtGfh0LRDenyyBAAAAAAAAA== --------------ms060905030203070305090206--

10 years, 11 months

1
0
0 / 0

(ITS#7418) slapo-constraint are broken

by sascha.kuehndel＠deka.de

Full_Name: Sascha Kuehndel Version: 2.4.33 OS: HP-UX 11.31 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (192.166.104.102) After upgrade slapd from 2.4.32 to 2.4.33, same contraints fails always. Any change on an entry in restricted tree is not possible. 1. Comment out the contraints helps. 2. I have downgraded the constraint.c, only. After rebuild, the slapds works fine again. Constraint: constraint_attribute dekanetZielgruppenDN uri ldap:///ou=Zielgruppen,ou=dekanet,dc=dekager,dc=dekabank,dc=extern?entryDN?one?(objectClass=dekanetZielgruppe) restrict=ldap:///ou=Benutzer,ou=dekanet,dc=dekager,dc=dekabank,dc=extern??one Change: #!RESULT ERROR #!CONNECTION ldap://dk-ketos:6418 #!DATE 2012-10-18T18:29:02.840 #!ERROR [LDAP: error code 19 - modify breaks constraint on dekanetEmailAdr] dn: dekanetObjLID=74386878,ou=Benutzer,ou=dekanet,dc=dekager,dc=dekabank,dc=ex tern changetype: modify replace: dekanetEmailAdr dekanetEmailAdr: test1234(a)deka.de - Greatings, Sascha

10 years, 11 months

1
0
0 / 0

Re: (ITS#7417) Why is there no schema add utility?

by jerrac＠gmail.com

--f46d04447dffae07bd04cc34c745 Content-Type: text/plain; charset=ISO-8859-1 Really? How? Also, the method described by Zytrax is pretty much what all the search results said. Including https://help.ubuntu.com/12.04/serverguide/openldap-server.html And I couldn't find anything different in the Openldap.org documentation. Again, maybe because I didn't search for the right things... With slapadd and ldapadd, can you add a .schema file? Or does it have to be in LDIF syntax? *goes to check the man page* --David Reagan On Tue, Oct 16, 2012 at 1:31 PM, Howard Chu <hyc(a)symas.com> wrote: > jerrac(a)gmail.com wrote: > >> Full_Name: David Reagan >> Version: 2.4 >> OS: Ubuntu 12.04 >> URL: ftp://ftp.openldap.org/**incoming/<ftp://ftp.openldap.org/incoming/> >> Submission from: (NULL) (163.41.112.5) >> >> >> Why is there no simple way to add new schema's to cn=Config? As in, >> something >> like "slapadd --schema newschema.schema". >> > > Eh? New schemas can be added directly using slapadd, or using ldapadd. > > The best explanation I found on how to add a new schema is >> http://www.zytrax.com/books/**ldap/ch6/slapd-config.html#**use-schemas<http://www.zytrax.com/books/ldap/ch6/slapd-config.html#use-schemas>. >> You have to >> create a conf file, a new directory, run a command, edit a file, and then >> run >> another command. That's a lot of places where user error could break >> things. >> > > Your first mistake is in trusting anything that Zytrax says. Most of their > information is out of date or flat wrong. > > -- > -- Howard Chu > CTO, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP http://www.openldap.org/**project/<http://www.openldap.org/project/> > --f46d04447dffae07bd04cc34c745 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Really? How? Also, the method described by Zytrax is pretty much wh= at all the search results said. Including <a href=3D"https://help.ubuntu.co= m/12.04/serverguide/openldap-server.html">https://help.ubuntu.com/12.04/ser= verguide/openldap-server.html</a> And I couldn't find anything different in the Openldap.org document= ation. Again, maybe because I didn't search for the right things... = With slapadd and ldapadd, can you add a .schema file? Or does it have t= o be in LDIF syntax? *goes to check the man page* --David Reagan <div class=3D"gmail_quote">On Tue, Oct 16, 2012 at 1:31 PM, Howard = Chu <<a href=3D"mailto:hyc@symas.com" target=3D"_blank= ">hyc(a)symas.com</a>> wrote: <blockquote class=3D"gmail_quote" = style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <a href=3D"mailto:jerrac@gmail.com" target=3D"_blank">jerrac(a)gmail.com</a> = wrote: <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p= x #ccc solid;padding-left:1ex"> Full_Name: David Reagan Version: 2.4 OS: Ubuntu 12.04 URL: <a href=3D"ftp://ftp.openldap.org/incoming/" target=3D"_blank">ftp://f= tp.openldap.org/incoming/</a> Submission from: (NULL) (163.41.112.5) Why is there no simple way to add new schema's to cn=3DConfig? As in, s= omething like "slapadd --schema newschema.schema". </blockquote> Eh? New schemas can be added directly using slapadd, or using ldapadd. <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p= x #ccc solid;padding-left:1ex"> The best explanation I found on how to add a new schema is <a href=3D"http://www.zytrax.com/books/ldap/ch6/slapd-config.html#use-schem= as" target=3D"_blank">http://www.zytrax.com/books/ldap/ch6/slapd-con= fig.html#use-schemas</a>. You have to create a conf file, a new directory, run a command, edit a file, and then r= un another command. That's a lot of places where user error could break th= ings. </blockquote> Your first mistake is in trusting anything that Zytrax says. Most of their = information is out of date or flat wrong. -- =A0 -- Howard Chu =A0 CTO, Symas Corp. =A0 =A0 =A0 =A0 =A0 <a href=3D"http://www.symas.com" t= arget=3D"_blank">http://www.symas.com</a> =A0 Director, Highland Sun =A0 =A0 <a href=3D"http://highlandsun.com/hyc/" = target=3D"_blank">http://highlandsun.com/hyc/</a> =A0 Chief Architect, OpenLDAP =A0<a href=3D"http://www.openldap.org/project= /" target=3D"_blank">http://www.openldap.org/project/</a> </blockquote></div> --f46d04447dffae07bd04cc34c745--

10 years, 11 months

1
0
0 / 0

Re: (ITS#7417) Why is there no schema add utility?

by hyc＠symas.com

jerrac(a)gmail.com wrote: > Full_Name: David Reagan > Version: 2.4 > OS: Ubuntu 12.04 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (163.41.112.5) > > > Why is there no simple way to add new schema's to cn=Config? As in, something > like "slapadd --schema newschema.schema". Eh? New schemas can be added directly using slapadd, or using ldapadd. > The best explanation I found on how to add a new schema is > http://www.zytrax.com/books/ldap/ch6/slapd-config.html#use-schemas. You have to > create a conf file, a new directory, run a command, edit a file, and then run > another command. That's a lot of places where user error could break things. Your first mistake is in trusting anything that Zytrax says. Most of their information is out of date or flat wrong. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

10 years, 11 months

1
0
0 / 0

(ITS#7417) Why is there no schema add utility?

by jerrac＠gmail.com

Full_Name: David Reagan Version: 2.4 OS: Ubuntu 12.04 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (163.41.112.5) Why is there no simple way to add new schema's to cn=Config? As in, something like "slapadd --schema newschema.schema". The best explanation I found on how to add a new schema is http://www.zytrax.com/books/ldap/ch6/slapd-config.html#use-schemas. You have to create a conf file, a new directory, run a command, edit a file, and then run another command. That's a lot of places where user error could break things. So, is there a utility in the works, or are there other reasons this would be a bad idea? I'm curious. I did search Google, the tickets, and the mailing lists. But either there isn't anything there, or my search terms were bad. If this has already be discussed, I apologize for bringing it up again, and would appreciate a link to the discussion.

10 years, 11 months

1
0
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs October 2012