All,
New ldap server, running OpenLDAP (v 2.4.40), running CentOS 7.
Trying to add/modify the Netgroup.
# ldapmodify -d 4 -x -W -H ldap://ldapserver.ldap.net
Enter Password
Dn: cn=admin,ou=Netgroup,dc=ldap,dc=net
Changetype: modify
Add: nisNetgroupTriple
nisNetgroupTriple: (lenldap,,)
.
Ldap_modify: Inappropriate matching(18)
Additional info: modify/add: nisNetgroupTriple: no equality matching rule
I've been googling, one suggestion was to restart slapd, which was done to no avail.
Any help would be appreciated.
John D. Borresen (Dave)
Linux/Unix Systems Administrator
MIT Lincoln Laboratory
Email: mailto:john.borresen@ll.mit.edu john.borresen@ll.mit.edu
Borresen, John - 0444 - MITLL wrote:
Trying to add/modify the Netgroup. [..] Additional info: modify/add: nisNetgroupTriple: no equality matching rule
Look at the attribute type description for 'nisNetgroupTriple': There's no EQUALITY matching rule defined for it (as said in the error message above). And therefore you cannot add or remove distinct attribute values. You can only add/delete/replace all values at once.
(I really wonder why you still need this today but that's another topic.)
Ciao, Michael.
Thanks Michael;
I will take a look at the attribute for nisNetgroupTriple. The configuration was brought over from a legacy NIS server; which used netgroups extensively. Would you recommend something other than this attribute or something beside netgroups?
John D. Borresen (Dave) Email: john.borresen@ll.mit.edu
-----Original Message----- From: openldap-technical [mailto:openldap-technical-bounces@openldap.org] On Behalf Of Michael Ströder Sent: Wednesday, February 17, 2016 3:53 PM To: Borresen, John - 0444 - MITLL; openldap-technical@openldap.org Subject: Re: LDAPMODIFY Error
Borresen, John - 0444 - MITLL wrote:
Trying to add/modify the Netgroup. [..] Additional info: modify/add: nisNetgroupTriple: no equality matching rule
Look at the attribute type description for 'nisNetgroupTriple': There's no EQUALITY matching rule defined for it (as said in the error message above). And therefore you cannot add or remove distinct attribute values. You can only add/delete/replace all values at once.
(I really wonder why you still need this today but that's another topic.)
Ciao, Michael.
Borresen, John - 0444 - MITLL wrote:
I will take a look at the attribute for nisNetgroupTriple. The configuration was brought over from a legacy NIS server; which used netgroups extensively. Would you recommend something other than this attribute or something beside netgroups?
Personally I'd prefer to get rid of netgroups. YMMV and it's a longer discussion possibly not appropriate for this list.
Ciao, Michael.
openldap-technical@openldap.org
-
Borresen, John - 0444 - MITLL -
Michael Ströder