Hi,
Installed version:
OpenLDAP: slapd 2.3.30
My problem is that multi-valued attributes become single-valued attribtues with the values as comma separated list without any observable reason.
An entry should look like this (as it is entered into the directory): ... mail: testing1@test.com mail: testing2@test.com
After a while the entry suddenly looks like this: mail: testing1@test.com, testing2@test.com
Does anybody know, what the reason of this behaviour could be? I cannot find any cron-jobs modifying the ldap-directory, or any application with write-permission. The modification seems to happen accidentally.
Thanks in advance, Alex Bruckner
Alexander Bruckner bruckner@universaledition.com writes:
Hi,
Installed version:
OpenLDAP: slapd 2.3.30
My problem is that multi-valued attributes become single-valued attribtues with the values as comma separated list without any observable reason.
An entry should look like this (as it is entered into the directory): ... mail: testing1@test.com mail: testing2@test.com
After a while the entry suddenly looks like this: mail: testing1@test.com, testing2@test.com
What client are you using?
-Dieter
Alexander Bruckner wrote:
An entry should look like this (as it is entered into the directory): .... mail: testing1@test.com mail: testing2@test.com
What does "should look like" mean? Is it really added like this? Can you confirm that with OpenLDAP's command-line tool ldapsearch?
After a while the entry suddenly looks like this: mail: testing1@test.com, testing2@test.com
This is not a server issue for sure. Either a client is modifying the data or the client producing the second LDIF output is misbehaving on multi-valued attributes. Please verify your directory content by looking at the LDIF output generated by OpenLDAP's command-line tool ldapsearch.
I cannot find any cron-jobs modifying the ldap-directory, or any application with write-permission. The modification seems to happen accidentally.
If really the content of the entry changed you have to search harder... ;-)
Ciao, Michael.
On Wednesday 23 January 2008 17:58:39 Michael Ströder wrote:
Alexander Bruckner wrote:
I cannot find any cron-jobs modifying the ldap-directory, or any application with write-permission. The modification seems to happen accidentally.
If really the content of the entry changed you have to search harder... ;-)
Not necessarily ... just differently, i.e. in the server's logs (after looking at the modifyTimeStamp/entryCSN/modifiersName attributes - some of which may be sufficient on their own).
Regards, Buchan
Zitat von Michael Ströder michael@stroeder.com:
Alexander Bruckner wrote:
An entry should look like this (as it is entered into the directory): .... mail: testing1@test.com mail: testing2@test.com
What does "should look like" mean? Is it really added like this? Can you confirm that with OpenLDAP's command-line tool ldapsearch?
The entry is initially created with ldapadd from an ldif-file with only one mail-attribute. The second mail-attribute is added with phpldapadmin. ldapsearch then shows the entry as posted above (with two mail attributes), and everthing works fine.
This is not a server issue for sure. Either a client is modifying the data or the client producing the second LDIF output is misbehaving on multi-valued attributes. Please verify your directory content by looking at the LDIF output generated by OpenLDAP's command-line tool ldapsearch.
If really the content of the entry changed you have to search harder... ;-)
I found out that the saslauthd is configured with write-access to the ldap directory. I will now change this to anonymous bind and turn an logging again.
Thanks for your help, Alex Bruckner
openldap-software@openldap.org
-
Alexander Bruckner -
Buchan Milne -
Dieter Kluenter -
Michael Ströder