From Rochette_Jean-Louis@emc.com Thu Dec 27 10:41:40 2007
From: Rochette_Jean-Louis@emc.com
To: openldap-bugs@openldap.org
Subject: Re: (ITS#5296) Search netgroup by triple don't report existing entry
Date: Thu, 27 Dec 2007 10:41:40 +0000
Message-ID: <200712271041.lBRAfewK087968@boole.openldap.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============3868731871790562888=="
--===============3868731871790562888==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
This is a multi-part message in MIME format.
------_=3D_NextPart_001_01C84874.F71A55E7
Content-Type: multipart/alternative;
boundary=3D"----_=3D_NextPart_002_01C84874.F71A55E7"
------_=3D_NextPart_002_01C84874.F71A55E7
Content-Type: text/plain;
charset=3D"us-ascii"
Content-Transfer-Encoding: quoted-printable
Hi Howard,
=3D20
thank you for your answer, though I found it severe and not very
constructive.
I finally found the solution at:
http://www.openldap.org/lists/openldap-software/200501/msg00309.html
=3D20
Since people have been having problems with this case for at least 2
years now, I think it's worth to put the solution in this ITS entry:
To allow searching for netgroups by triple, possibly using wildcards,
you have to change the nis.schema which comes with openldap as follows:
attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple'
DESC 'Netgroup triple'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
# EQUALITY and SUBSTR directives added, SYNTAX changed.
Jean-Louis.
=3D20
=3D20
------_=3D_NextPart_002_01C84874.F71A55E7
Content-Type: text/html;
charset=3D"us-ascii"
Content-Transfer-Encoding: quoted-printable
Hi=3D=
20
Howard,
thank=
=3D
you for your=3D20
answer, though I found it severe and not very =3D
constructive.
I =3D
finally found the=3D20
solution at:
http://www.openldap.org/lists/openldap-software/200501/msg00309.html=3D
Since=
=3D
people have=3D20
been having problems with this case for at least 2 years now, I think =3D
it's worth=3D20
to put the solution in this ITS entry:
To =3D
allow searching=3D20
for netgroups by triple, possibly using wildcards, you have to change =3D
the=3D20
nis.schema which comes with openldap as follows:
attributetype ( 1.3.6.1.1.1.1.14 NAME=3D20
'nisNetgroupTriple'
=3D
DESC=3D20
'Netgroup triple'
=3D
EQUALITY=3D20
caseIgnoreIA5Match
=3D
SUBSTR=3D20
caseIgnoreIA5SubstringsMatch
=3D
; =3D20
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 =3D
)
# EQUALITY and =
=3D
SUBSTR=3D20
directives added, SYNTAX changed.
Jean-Louis.
------_=3D_NextPart_002_01C84874.F71A55E7--
------_=3D_NextPart_001_01C84874.F71A55E7
Content-Type: message/rfc822
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft Exchange V6.5
Received: from corpussmtp3.corp.emc.com ([10.254.64.53]) by CORPUSMX40A.corp=
.emc.com with Microsoft SMTPSVC(6.0.3790.1830); Sat, 22 Dec 2007 14:37:19 -05=
00
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=3D"----_=3D_NextPart_003_01C844D2.10754180"
Received: from mexforwardwc.lss.emc.com ([137.69.224.88]) by corpussmtp3.cor=
p.emc.com with Microsoft SMTPSVC(6.0.3790.1830); Sat, 22 Dec 2007 14:37:18 -0=
500
Received: from mailhubwc.lss.emc.com (buto.lss.emc.com [137.69.224.85]) by m=
exforwardwc.lss.emc.com (Switch-3.2.5/Switch-3.1.7) with ESMTP id lBMJbHUf027=
151 for ; Sat, 22 Dec 2007 11:37:18 =
-0800 (PST)
Received: from wcigw.emc.com (mania.lss.emc.com [137.69.120.85]) by mailhubw=
c.lss.emc.com (Switch-3.2.5/Switch-3.1.7) with ESMTP id lBMJbGv6004264 for ; Sat, 22 Dec 2007 11:37:16 -0800 =
(PST)
Received: from mail223-sin-R.bigfish.com (mail-sin.bigfish.com [207.46.51.74=
]) by wcigw.emc.com (Switch-3.2.5/Switch-3.1.7) with ESMTP id lBMJbEUj029749 =
for ; Sat, 22 Dec 2007 11:37:14 -0800
Received: from mail223-sin (localhost.localdomain [127.0.0.1]) by mail223-si=
n-R.bigfish.com (Postfix) with ESMTP id 3A57E13D8164 for ; Sat, 22 Dec 2007 19:35:31 +0000 (UTC)
Received: by mail223-sin (MessageSwitch) id 1198352127927900_27242; Sat, 22 =
Dec 2007 19:35:27 +0000 (UCT)
Received: from highlandsun.propagation.net (highlandsun.propagation.net [66.=
221.212.168]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No=
client certificate requested) by mail223-sin.bigfish.com (Postfix) with ESMT=
P id 231FF1830077 for ; Sat, 22 Dec 2007 19:35=
:22 +0000 (UTC)
Received: from [127.0.0.1] (highlandsun.com [66.221.212.169]) by highlandsun=
.propagation.net (8.13.3/8.13.3) with ESMTP id lBMJacMH015224; Sat, 22 Dec 20=
07 13:36:39 -0600
Content-class: urn:content-classes:message
Subject: Re: (ITS#5296) Search netgroup by triple don't report existing entry
Date: Sat, 22 Dec 2007 14:29:35 -0500
Message-ID: <476D659F.3070508(a)symas.com>
In-Reply-To: <200712211137.lBLBbcIP071531(a)boole.openldap.org>
X-MS-Has-Attach:=20
X-MS-TNEF-Correlator:=20
Thread-Topic: (ITS#5296) Search netgroup by triple don't report existing entry
thread-index: AchE0hDhl1cnpViATYaYO5itS8oD6g=3D=3D
References: <200712211137.lBLBbcIP071531(a)boole.openldap.org>
From:
To:
Cc:
This is a multi-part message in MIME format.
------_=3D_NextPart_003_01C844D2.10754180
Content-Type: text/plain;
charset=3D"iso-8859-1"
Content-Transfer-Encoding: quoted-printable
rochette_jean-louis(a)emc.com wrote:
> Full_Name: Jean-Louis ROCHETTE
> Version: 2.3.39
> OS: Linux Fedora
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (152.62.109.163)
>=3D20
>=3D20
> Brief description of the problem
> --------------------------------
> Lookup of a netgroup by triple doesn't work in last stable release =3D
slapd 2.3.39,
> though it worked well with slapd 2.3.27.
> This looks like a regression in slapd.
> This should be easy to reproduce.
> The problem was first noticed in slapd 2.3.30.
> The lookup by triple succeeds with a iPlanet server.
There are no matching rules defined for nisNetgroupTriple in nis.schema. =3D
There=3D20
have never been, since RFC2307 doesn't define any. As such, filtering by =3D
nisNetgroupTriple is totally undefined. Any server that returns your =3D
expected=3D20
result using the search filter you provide is broken.
There is no regression here. Your distro vendor may have hacked their =3D
own=3D20
schema files to provide one, that's an issue for you to discuss with =3D
your=3D20
vendor. This ITS will be closed.
--=3D20
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
------_=3D_NextPart_003_01C844D2.10754180
Content-Type: text/html;
charset=3D"iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Re: (ITS#5296) Search netgroup by triple don't report existing =3D
entry
rochette_jean-louis(a)emc.com wrote:
> Full_Name: Jean-Louis ROCHETTE
> Version: 2.3.39
> OS: Linux Fedora
> URL: ftp://ftp.openldap.org/incoming=3D
/
> Submission from: (NULL) (152.62.109.163)
>
>
> Brief description of the problem
> --------------------------------
> Lookup of a netgroup by triple doesn't work in last stable release =3D
slapd 2.3.39,
> though it worked well with slapd 2.3.27.
> This looks like a regression in slapd.
> This should be easy to reproduce.
> The problem was first noticed in slapd 2.3.30.
> The lookup by triple succeeds with a iPlanet server.
There are no matching rules defined for nisNetgroupTriple in nis.schema. =3D
There
have never been, since RFC2307 doesn't define any. As such, filtering =3D
by
nisNetgroupTriple is totally undefined. Any server that returns your =3D
expected
result using the search filter you provide is broken.
There is no regression here. Your distro vendor may have hacked their =3D
own
schema files to provide one, that's an issue for you to discuss with =3D
your
vendor. This ITS will be closed.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland =3D
Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project=3D
/
------_=3D_NextPart_003_01C844D2.10754180--
------_=3D_NextPart_001_01C84874.F71A55E7--
--===============3868731871790562888==--