Re: (ITS#5609) slapo-constraint with typ 'uri' rejects valid attribute values - openldap-bugs

13 Jul 2008


      ando@sys-net.it wrote:
...
michael@stroeder.com wrote:
...
First this raises the question what to do if filters are not valid in 
configuration. I'd prefer if slapo-constraint would cause invalidFilter 
with an appropriate diagnosticMessage pointing to slapo-constraint 
configuration to be returned instead of silently assuming the attribute 
value is wrong.
AFAIK, an invalid filter in the configuration would prevent slapd from 
starting, although right now checks are not that tight.
ldap:///ou=Departments,ou=schulung,dc=stroeder,dc=local?ou?one?(objectClass=organizationalUnit))
obviously contains an invalid filter. But slapd starts without complaining.
...
...
Still it does not work for me. The filter seems to be ok now and returns 
the correct search result. But still the attribute value "Abteilung 1" 
is not accepted.
Can you provide the filter, the relevant data (or an excerpt of it) and 
the operation you're trying to perform?
I could provide a complete canned config in a personal e-mail if you want.
Just for the ITS:
---------------------- excerpt slapd.conf ----------------------
overlay constraint
constraint_attribute gender regex ^[0129]?$
constraint_attribute departmentNumber uri 
ldap:///ou=Departments,ou=schulung,dc=stroeder,dc=local?ou?one?(objectClass=organizationalUnit)
constraint_attribute manager uri 
ldap:///ou=Managers,ou=schulung,dc=stroeder,dc=local?entryDN?one?(objectClass=inetOrgPerson)
---------------------- entry to be modified ----------------------
dn: cn=Michael Stroeder,ou=People,ou=schulung,dc=stroeder,dc=local
cn: Michael Stroeder
givenName: Michael
hasSubordinates: FALSE
objectClass: inetOrgPerson
sn: Stroeder
---------------------- modification operation ----------------------
dn: cn=Michael Stroeder,ou=People,ou=schulung,dc=stroeder,dc=local
changetype: modify
add: departmentNumber
departmentNumber: Abteilung 1
-
---------------------- departments ----------------------
dn: ou=Departments,ou=schulung,dc=stroeder,dc=local
objectClass: organizationalUnit
ou: Departments
dn: ou=Abteilung 1,ou=Departments,ou=schulung,dc=stroeder,dc=local
objectClass: organizationalUnit
ou: Abteilung 1
dn: ou=Abteilung 2,ou=Departments,ou=schulung,dc=stroeder,dc=local
objectClass: organizationalUnit
ou: Abteilung 2
--------------------------------------------------------------
Ciao, Michael