Interesting.
First, thanks for the reply. Second, I apologize for "sanitizing" my example with fake names in the nisNetgroupTriples because it dodged the actual problem.
It appears the problem is with underscores in the triples' values:
nisNetgroupTriple: (-,foo_bar,)
Apparently an underscore is not valid in a 'keystring'?
This is OpenLDAP 2.4.9
Pierangelo Masarati wrote:
Jeff Blaine wrote:
I've come across the same problem as the original poster found here:
http://www.openldap.org/lists/openldap-technical/200804/msg00127.html
The only reply to him indicated that his syntax was incorrect for nisnetgrouptriple according to RFC 2307.
I cannot see how it is invalid based on the syntax definition from RFC 2307.
My example:
dn: cn=users1,ou=Netgroup,dc=rcf,dc=foo,dc=com objectClass: nisNetgroup objectClass: top cn: users1 nisNetgroupTriple: (-,asgen2m,) nisNetgroupTriple: (-,apdons,) nisNetgroupTriple: (-,ffeins,) nisNetgroupTriple: (-,faullton,)
The syntax definition:
nisnetgrouptriple = "(" hostname "," username "," domainname ")" hostname = "" / "-" / keystring username = "" / "-" / keystring domainname = "" / "-" / keystring
Does that not state that hostname, username, domainname can each be ANY of:
empty - keystring??
Your example loads seamlessly on OpenLDAP 2.4. What version are you using? What's the exact issue you're encountering?
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it
Office: +39 02 23998309 Mobile: +39 333 4963172 Email: ando@sys-net.it