I had created a custom attribute sldMailForwardTo describe mail recipients for a given alias. As sldMailForwardTo is just an email address I made it inherits from mail.
The problem is that now, whenever I do a search on mail=foo, entries having foo on sldMailForwardTo are matched too.
Do exists a way to avoid that? If no, what are the effective benefits then of having inherited attributes?
Using OL 2.3.38.
Regards, maykel
Maykel Moya writes:
I had created a custom attribute sldMailForwardTo describe mail recipients for a given alias. As sldMailForwardTo is just an email address I made it inherits from mail.
The problem is that now, whenever I do a search on mail=foo, entries having foo on sldMailForwardTo are matched too.
That is how the LDAP standard says it should work. Also if the client includes mail in the list of attributes to return, the server will return sldMailForwardTo attributes too.
I suggest you (1) stop slapd, (2) dump your database with slapcat, (3) remove the inheritance and copy the meat of 'mail's definition into 'sldMailForwardTo' instead, (4) slapadd the database back, and (5) restart slapd. Or if you don't want slapd to be down that long, you can rebuild the database in a separate directory - and change the database directory on the fly too, if you are using the config backend.
It might be sufficient to run slapindex instead of slapcat-slapadd in this case, I don't know. The simplest rule to remember is that if you mess with the definition of attributes that already exist in your database, you need to dump first and reload afterwards.
Do exists a way to avoid that? If no, what are the effective benefits then of having inherited attributes?
That _is_ one of the benefits of inheritance. Except RFC 4519 says "Client implementations MUST NOT assume that LDAP servers are capable of performing attribute subtyping", so you are still limiting yourself to implementations that do support it. Anyway:
It rarely makes sense to inherit from an attribute which is itself intended to be used in directory entries, because of the problem you've just encountered.
You can define an attribute which is _only_ intended as a supertype of other attributes. That gives you a group of attributes with the same properties (syntaxes, matching rules) unless you override those, and you can search for them all at once by searching for the supertype. Examples in the standard are 'name' (supertype of 'cn', 'o', 'ou', 'title' and some more standard attributes), and 'distinguishedName'. See RFC 4519.
El dom, 04-11-2007 a las 23:21 +0100, Hallvard B Furuseth escribió:
I suggest you (1) stop slapd, (2) dump your database with slapcat, (3) remove the inheritance and copy the meat of 'mail's definition into 'sldMailForwardTo' instead, (4) slapadd the database back, and (5) restart slapd. Or if you don't want slapd to be down that long, you can rebuild the database in a separate directory - and change the database directory on the fly too, if you are using the config backend.
It might be sufficient to run slapindex instead of slapcat-slapadd in this case, I don't know. The simplest rule to remember is that if you mess with the definition of attributes that already exist in your database, you need to dump first and reload afterwards.
Thank you for your explicative answer.
What I did was: - stop slapd. - edit the schema file under slapd.d/cn=config/cn=schema - start slapd
and the problem went away.
Now that you mention the necessity of dump/reload after attribute definition change, I wonder if my data is corrupted in some way.
Regards, maykel
Maykel Moya writes:
What I did was:
- stop slapd.
- edit the schema file under slapd.d/cn=config/cn=schema
- start slapd
and the problem went away.
Now that you mention the necessity of dump/reload after attribute definition change, I wonder if my data is corrupted in some way.
Well, if nobody else is answering:
I don't know, but if it seems to work (for data which was already in the database) I suppose not. Except, if mail (and sldMailForwardTo?) is indexed in slapd.conf you need to stop slapd and run sbin/slapindex.
openldap-software@openldap.org
-
Hallvard B Furuseth -
Maykel Moya