Hi all,
I'm attempting to migrate an openldap implementation from a 2.0.27 server running the Red Hat Enterprise 3 rpm to a new box running the 2.3.34 Fedora 7 rpm. I'm a bit of an LDAP noob, but I've managed to account for most of the difficulties, but still have one I can't seem to get around:
There are a handful of users in the old database that have errors being migrated via ldif. These users are erroring out in their uidNumber field. These users have uidNumbers beginning with leading zeros, for example, "0001111114". I'm assuming that's a syntax no-no. I believe uidNumber is one of the fields hardcoded into Openldap now (I don't see non-commented definitions for it in any of the schema files I have). Is there a way to doctor the syntax for this field short of editing and compiling via source? It is apparently important that the leading zeros be there, else I would just take them out.
Thanks,
Scott Lacy Mercer University
--On Friday, August 24, 2007 10:59 AM -0400 Scott Lacy LACY_S@mercer.edu wrote:
Hi all,
I'm attempting to migrate an openldap implementation from a 2.0.27 server running the Red Hat Enterprise 3 rpm to a new box running the 2.3.34 Fedora 7 rpm. I'm a bit of an LDAP noob, but I've managed to account for most of the difficulties, but still have one I can't seem to get around:
There are a handful of users in the old database that have errors being migrated via ldif. These users are erroring out in their uidNumber field. These users have uidNumbers beginning with leading zeros, for example, "0001111114". I'm assuming that's a syntax no-no. I believe uidNumber is one of the fields hardcoded into Openldap now (I don't see non-commented definitions for it in any of the schema files I have). Is there a way to doctor the syntax for this field short of editing and compiling via source? It is apparently important that the leading zeros be there, else I would just take them out.
Hi Scott,
There's an interesting discussion about this somewhere I'm trying to find, but you are correct -- uidNumber should not have leading 0's, having them is broken, and you will have to remove them to get the data to import. Whatever client depends on them needs to be fixed.
Alternatively, you could create your own attribute to store that data, since those don't look like unix UID's anyway, and tell the client to read them from there instead. When I worked at Stanford, we had a university ID, which we stored in a "suUnivID" attribute. That may be similar to addressing to what you are running into.
BTW, uidNumber is defined in nis.schema, but as you noted, hard coded into slapd.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
Quanah Gibson-Mount wrote:
but you are correct -- uidNumber should not have leading 0's, having them is broken, and you will have to remove them to get the data to import. Whatever client depends on them needs to be fixed.
Hmm, I'd rather consider this to be a bug in Integer syntax implementation of slapd. IMO slapd SHOULD (and easily could) normalize integer attribute values with leading zeros.
Ciao, Michael.
Michael Ströder wrote:
Quanah Gibson-Mount wrote:
but you are correct -- uidNumber should not have leading 0's, having them is broken, and you will have to remove them to get the data to import. Whatever client depends on them needs to be fixed.
Hmm, I'd rather consider this to be a bug in Integer syntax implementation of slapd. IMO slapd SHOULD (and easily could) normalize integer attribute values with leading zeros.
Nope. It may be a bug in the Integer syntax definition in LDAP, but slapd just implements the spec. The Integer syntax is defined in RFC4517 as Integer = ( HYPHEN LDIGIT *DIGIT ) / number So there is an explicit distinction between leading digits (LDIGIT) and arbitrary digits (DIGIT). And LDIGIT is defined in RFC4512 to explicitly exclude zero, i.e., leading zeroes are explicitly disallowed.
So - to comply with the spec, clients should not be generating integer values with leading zeroes. If you don't like this, you have to change the LDAP spec first.
Howard Chu wrote:
So - to comply with the spec, clients should not be generating integer values with leading zeroes. If you don't like this, you have to change the LDAP spec first.
Never mind, the Integer definition comes from ASN.1, and it's defined there with leading zeroes prohibited as well. There's no way anyone is going to get that changed...
Howard Chu wrote:
Howard Chu wrote:
So - to comply with the spec, clients should not be generating integer values with leading zeroes. If you don't like this, you have to change the LDAP spec first.
Never mind, the Integer definition comes from ASN.1, and it's defined there with leading zeroes prohibited as well. There's no way anyone is going to get that changed...
Sorry, my fault. Well, then ASN.1 might be considered broken here...
Maybe the original intention was to force the client to do the normalization step. Added this to web2ldap now...
Ciao, Michael.
openldap-software@openldap.org
-
Howard Chu -
Michael Ströder -
Quanah Gibson-Mount -
Scott Lacy