I don't want to sabotage this thread with my inaccuracies -- I do appreciate folk's interest in helping out -- this is indeed the same entry, I just stupidly didn't edit out all the *real* info -- too many e-mails and things to do and I got careless.
The main point is that an attribute is absent from the main DB entry in a slapcat, and instead appears attached to an accesslog DB entry. ldapsearch shows *all* the attributes.
Since yanking out the accesslog overlay directives, slapcat behaves as expected. I'm disappointed because accesslog was useful but my confidence in reinstantiating the overlay has been disrupted. I am not eager to be in a mess like yesterday.
I'm interested to know what kind of environments others are using accesslog in -- how many changes daily, etc.
Robert
Karsten Künne wrote:
On Wednesday 04 October 2006 11:28, Robert Petkus wrote:
I provided an example but it was the wrong one. You can see that the sshPublicKey attribute is shown in ldapsearch but isn't attached to the main DB entry produced from a slapcat.
***********ldapsearch results*****************
# rpetkus, People, racf.bnl.gov dn: uid=rpetkus,ou=People,dc=stuff,dc=bnl,dc=gov uid: rpetkus cn: Robert Petkus objectClass: inetOrgPerson objectClass: posixAccount objectClass: top objectClass: racf objectClass: ldapPublicKey uidNumber: number gidNumber: number homeDirectory: /somewhere/rpetkus loginShell: /bin/bash gidNumberAtlas: number homeDirectoryAtlas: /somewhere/rpetkus experiment: RHIC/USATLAS sn: rapetkus employeeNumber: number loginShellGateway: /bin/rbash employeeStatus: Active gecos: Robert Petkus sshPublicKey: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA36Y8jfKTKJgphUO30oaI9W5QVRUg
8+fM0FFYIkaiZUuaXBYpKaIiguUcQsy+3P+KjBTI0g1Qr3gewO20S0T4i8pDX1XasdfasdftDvN xbz3w se4V+PPGQ/Bm4DXTjGRoMVNBABIoqWo3vYOVCvKasdfasdfId5q6oStWrNuNmpV48=
******Here is the slapcat for my user**************
dn: uid=rpetkus,ou=People,dc=racf,dc=bnl,dc=gov uid: rpetkus cn: Robert Petkus objectClass: inetOrgPerson objectClass: posixAccount objectClass: top objectClass: racf uidNumber: number gidNumber: number homeDirectory: /somewhere/rpetkus loginShell: /bin/bash gidNumberAtlas: number homeDirectoryAtlas: /somewhere/rpetkus experiment: RHIC/USATLAS structuralObjectClass: inetOrgPerson entryUUID: 689ce5e4-010f-102a-8eef-9882d4436e05 creatorsName: cn=account,dc=bnl,dc=gov createTimestamp: 20051214170418Z sn: rapetkus userPassword:: employeeNumber: number loginShellGateway: /bin/rbash employeeStatus: Active gecos: Robert Petkus 1 entryCSN: 20060906145341Z#000000#00#000000 modifiersName: cn=Manager,dc=bnl,dc=gov modifyTimestamp: 20060906145341Z
The DN's are different, the first one is "...,dc=stuff,...", the second one is "...,dc=racf,...". Also the gecos attributes are different ("Robert Petkus" versus "Robert Petkus 1"). Are you sure you're looking at the same entries? Maybe you should also get the operations attributes via ldapsearch and compare the entryUUID's?
dn: reqStart=20060920134512.000000Z,cn=changelog objectClass: auditModify structuralObjectClass: auditModify reqStart: 20060920134512.000000Z reqEnd: 20060920134512.000001Z reqType: modify reqSession: 423 reqAuthzID: cn=Manager,dc=bnl,dc=gov reqDN: uid=rpetkus,ou=People,dc=racf,dc=bnl,dc=gov reqResult: 0 reqMod: sshPublicKey:= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA36Y8jfKTKJgphUO30oaI9W5QVRUg 8+fM0FFYIkaiZUuaXBYpKaIiguUcQsy+3P+KjBTI0g1Qr3gewO20S0T4i8pDXasdfasdftDvNxb z3w se4V+PPGQ/Bm4DXTjGRoMVNBABIoqWo3vYOVCvKasdfasdfId5q6oStWrNuNmpV48= reqMod: entryCSN:= 20060920134512Z#000000#00#000000 reqMod: modifiersName:= cn=account,dc=bnl,dc=gov reqMod: modifyTimestamp:= 20060920134512Z entryUUID: fb865d9c-dcf9-102a-8a91-e5d2e62e4f1a creatorsName: cn=changelog createTimestamp: 20060920134512Z entryCSN: 20060920134512Z#000000#00#000000 modifiersName: cn=changelog modifyTimestamp: 20060920134512Z
That was a modification to the "racf" entry, not the "stuff" entry.
Karsten.