On Mon, Jan 21, 2013 at 1:09 PM, Michael Ströder michael@stroeder.com wrote:
Ori Bani wrote:
On Mon, Jan 21, 2013 at 12:50 PM, Michael Ströder michael@stroeder.com wrote:
Ori Bani wrote:
On Mon, Jan 21, 2013 at 12:42 PM, Michael Ströder michael@stroeder.com wrote:
Ori Bani wrote:
Thanks so much for the reply. Can you please clarify --
>> Am I doing something wrong? Here is an example: >> >> $ ldapmodify -c -x -D 'cn=config' -W >> Enter LDAP Password: <password> >> dn: olcDatabase={0}config,cn=config >> changetype: modify >> delete: olcSizeLimit >> - >> modifying entry "olcDatabase={0}config,cn=config" >> ldap_modify: No such attribute (16) >> additional info: modify/delete: olcSizeLimit: no such attribute > > Option -c does not mean that you can override any server-side checking. It > just means that processing the LDIF input is continued. > > In your case entry olcDatabase={0}config,cn=config simply does not contain > attribute 'olcSizeLimit' which is what the error message says.
I'd be fine if that was the case, but I'm not seeing it work as you suggest (processing does NOT continue). Surely I'm doing something wrong. Here is an example of a situation where the subsequest action in the LDIF is ignored after the error:
$ ldapmodify -c -x -D 'cn=config' -W Enter LDAP Password: <password> dn: olcDatabase={0}config,cn=config changetype: modify delete: olcSizeLimit
add: olcSizeLimit olcSizeLimit: 250
modifying entry "olcDatabase={0}config,cn=config" ldap_modify: No such attribute (16) additional info: modify/delete: olcSizeLimit: no such attribute
Why don't you just use this if attribute 'olcSizeLimit' is not in the entry yet?
Part of an automated system.
Then fix that system.
Spare the snide comments.
This was good advice and not a snide comment.
OK. But I hope you can see how that can be read both ways. Because I am clearly already trying to create that system in the correct way (i.e., "fix" it), the comment could only be interpreted as snide. I just hope we can interact with common respect here.
If -c worked as the man page states, this should not be a problem.
You misinterpret completely what the man page says about option -c.
It's easy to interpret it as I have given the vague quality of the man page.
-c Continuous operation mode. Errors are reported, but ldapmodify will continue with modifications. The default is to exit after reporting an error.
It says nothing about *where* it will continue. Next line, next entry, what? As I've said in my last email, by trial and error, I determined that it continues with the next entry.
Well, because of the LDAP functional model a single LDAP write operation will completely succeed or completely fail. And a single LDIF change record piped to ldapmodify will result in a *single* write operation.
OK, thank you for the good explanation. I'm not sure if there would be a better way to encapsulate that into the man page or not.
Read RFC 2849 about how LDIF is structured. And then understand that your LDIF change record leads to a *single* modify request which obviously fails because of 'olcSizeLimit' not existing (which is a feature not a bug).
Is your answer to all OpenLDAP users coming here for assistance really to read the RFC to clarify vague man pages and other misunderstandings?
If you're aim is to write an automated system - as you wrote before - you have to understand how LDIF input data is structured and how LDAP operations are processed. Reading RFCs is simply helpful for understanding. So this is simply meant as good advice.
Appreciated. Thanks again for being generous with your time.