Pierangelo Masarati wrote:
michael@stroeder.com wrote:
Looking at the logs slapo-constraint seems to generate a filter which is considered bad by slapd:
constraint_violation uri filter = (&((objectClass=organizationalUnit))(|(ou=Abteilung 1)))
This filter would work and finds the correct entry containing the valid attribute value: (&(objectClass=organizationalUnit)(|(ou=Abteilung 1)))
The overlay assumes you don't put brackets around your filter. This is now fixed in HEAD; please test. p.
First this raises the question what to do if filters are not valid in configuration. I'd prefer if slapo-constraint would cause invalidFilter with an appropriate diagnosticMessage pointing to slapo-constraint configuration to be returned instead of silently assuming the attribute value is wrong.
Still it does not work for me. The filter seems to be ok now and returns the correct search result. But still the attribute value "Abteilung 1" is not accepted.
Ciao, Michael.
--------------------------------- snip --------------------------------- ==> constraint_violation uri filter = (&(objectClass=organizationalUnit)(|(ou=Abteilung 1))) put_filter: "(&(objectClass=organizationalUnit)(|(ou=Abteilung 1)))" put_filter: AND put_filter_list "(objectClass=organizationalUnit)(|(ou=Abteilung 1))" put_filter: "(objectClass=organizationalUnit)" put_filter: simple put_simple_filter: "objectClass=organizationalUnit" put_filter: "(|(ou=Abteilung 1))" put_filter: OR put_filter_list "(ou=Abteilung 1)" put_filter: "(ou=Abteilung 1)" put_filter: simple put_simple_filter: "ou=Abteilung 1" ber_scanf fmt ({mm}) ber: ber_scanf fmt ({mm}) ber: => hdb_search bdb_dn2entry("ou=Departments,ou=schulung,dc=stroeder,dc=local") => hdb_dn2id("ou=Departments,ou=schulung,dc=stroeder,dc=local") <= hdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30989) => access_allowed: disclose access to "ou=schulung,dc=stroeder,dc=local" "entry" requested <= root access granted => access_allowed: disclose access granted by manage(=mwrscxd) send_ldap_result: conn=1 op=28 p=3 send_ldap_result: err=10 matched="ou=schulung,dc=stroeder,dc=local" text="" ==> constraint_violation uri rc = 32, found = 0 send_ldap_result: conn=1 op=28 p=3 send_ldap_result: err=19 matched="" text="modify breaks constraint on departmentNumber" send_ldap_response: msgid=29 tag=103 err=19 ber_flush2: 58 bytes to sd 17 conn=1 op=28 RESULT tag=103 err=19 text=modify breaks constraint on departmentNumber