I have an amost philosophical question about LDIF and OenLDAP:
Considering dn: olcDatabase={1}mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: {1}mdb # ...
I wonder why olcDatabase needs the "{1}" when olcDatabase is a single-valued attribute. I understand that "olcDatabase={1}mdb" is needed for ordering the databases within cn=config, But why is the "{1}" repeated for the actual attribute?
When I tried to remove it, I saw that after a slapcat it's there again.
Kind regards, Ulrich
On Tue, Mar 25, 2025 at 10:57:11AM +0000, Windl, Ulrich wrote:
I have an amost philosophical question about LDIF and OenLDAP:
Considering dn: olcDatabase={1}mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: {1}mdb # ...
I wonder why olcDatabase needs the "{1}" when olcDatabase is a single-valued attribute. I understand that "olcDatabase={1}mdb" is needed for ordering the databases within cn=config, But why is the "{1}" repeated for the actual attribute?
It is a "naming attribute" and it has to be present in the entry as per the RFC451x series[0].
[0]. e.g. https://datatracker.ietf.org/doc/html/rfc4512#section-2.3.1
Regards,
-----Original Message----- From: Ondřej Kuzník ondra@mistotebe.net Sent: Tuesday, March 25, 2025 2:57 PM To: Windl, Ulrich u.windl@ukr.de Cc: openldap-technical@openldap.org Subject: [EXT] Re: Q: "olcDatabase: {1}mdb" from slapcat: why "{1}"?
On Tue, Mar 25, 2025 at 10:57:11AM +0000, Windl, Ulrich wrote:
I have an amost philosophical question about LDIF and OenLDAP:
Considering dn: olcDatabase={1}mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: {1}mdb # ...
I wonder why olcDatabase needs the "{1}" when olcDatabase is a single-
valued attribute.
I understand that "olcDatabase={1}mdb" is needed for ordering the
databases within cn=config,
But why is the "{1}" repeated for the actual attribute?
It is a "naming attribute" and it has to be present in the entry as per the RFC451x series[0].
[0]. e.g. https://datatracker.ietf.org/doc/html/rfc4512#section-2.3.1
Actually it's not explained clearly there: I had been looking for "brace" and "curly", and it only talks about string length to be specified using curly braces...
Kind regards, Ulrich
On Thu, Mar 27, 2025 at 09:40:45AM +0000, Windl, Ulrich wrote:
From: Ondřej Kuzník ondra@mistotebe.net
On Tue, Mar 25, 2025 at 10:57:11AM +0000, Windl, Ulrich wrote:
Considering dn: olcDatabase={1}mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: {1}mdb # ...
I wonder why olcDatabase needs the "{1}" when olcDatabase is a single- valued attribute. I understand that "olcDatabase={1}mdb" is needed for ordering the databases within cn=config, But why is the "{1}" repeated for the actual attribute?
It is a "naming attribute" and it has to be present in the entry as per the RFC451x series[0].
[0]. e.g. https://datatracker.ietf.org/doc/html/rfc4512#section-2.3.1
Actually it's not explained clearly there: I had been looking for "brace" and "curly", and it only talks about string length to be specified using curly braces...
Hi Ulrich, you said you understand why the {1} exists (keep the entries ordered under their parent, look up "X-ORDERED 'SIBLINGS'" for details) but don't understand why that exact value has to be in the entry (because it is a naming attribute - as defined in the RFCs), now you're asking why it exists again? You'll have to explain what you actually mean if it's neither of the above.
Regards,
Hi!
I thought I had explained my thoughts:
I understand that braces are needed to _order_ multi-valued attributes (the "entries" within the parent), but I don't understand wha the braces are needed for an attribute that is single-valued (thus there is no ordering possible). For example: olcOverlay is SINGLE-VALUE (there may be only one overlay in an olcOverlayConfig object).
So why is this wrong then?: dn: olcOverlay={1}accesslog,olcDatabase={0}config,cn=config objectClass: olcOverlayConfig objectClass: olcAccessLogConfig olcOverlay: accesslog ...
Kind regards, Ulrich Windl
-----Original Message----- From: Ondřej Kuzník ondra@mistotebe.net Sent: Thursday, March 27, 2025 11:00 AM To: Windl, Ulrich u.windl@ukr.de Cc: openldap-technical@openldap.org Subject: [EXT] Re: Re: Q: "olcDatabase: {1}mdb" from slapcat: why "{1}"?
On Thu, Mar 27, 2025 at 09:40:45AM +0000, Windl, Ulrich wrote:
From: Ondřej Kuzník ondra@mistotebe.net
On Tue, Mar 25, 2025 at 10:57:11AM +0000, Windl, Ulrich wrote:
Considering dn: olcDatabase={1}mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: {1}mdb # ...
I wonder why olcDatabase needs the "{1}" when olcDatabase is a single- valued attribute. I understand that "olcDatabase={1}mdb" is needed for ordering the databases within cn=config, But why is the "{1}" repeated for the actual attribute?
It is a "naming attribute" and it has to be present in the entry as per the RFC451x series[0].
[0]. e.g. https://datatracker.ietf.org/doc/html/rfc4512#section-2.3.1
Actually it's not explained clearly there: I had been looking for "brace" and "curly", and it only talks about string length to be specified using curly braces...
Hi Ulrich, you said you understand why the {1} exists (keep the entries ordered under their parent, look up "X-ORDERED 'SIBLINGS'" for details) but don't understand why that exact value has to be in the entry (because it is a naming attribute - as defined in the RFCs), now you're asking why it exists again? You'll have to explain what you actually mean if it's neither of the above.
Regards,
-- Ondřej Kuzník Senior Software Engineer Symas Corporation http://www.symas.com Packaged, certified, and supported LDAP solutions powered by OpenLDAP
On Thu, Mar 27, 2025 at 12:07:23PM +0000, Windl, Ulrich wrote:
I thought I had explained my thoughts:
I understand that braces are needed to _order_ multi-valued attributes (the "entries" within the parent), but I don't understand wha the braces are needed for an attribute that is single-valued (thus there is no ordering possible). For example: olcOverlay is SINGLE-VALUE (there may be only one overlay in an olcOverlayConfig object).
They are needed to order the entry among its siblings. If you had two or more overlays, you need to describe where they stand compared to each other in the overlay stack. As I said, read up on how "X-ORDERED 'SIBLINGS'" attributes work if this summary is not enough.
So why is this wrong then?: dn: olcOverlay={1}accesslog,olcDatabase={0}config,cn=config objectClass: olcOverlayConfig objectClass: olcAccessLogConfig olcOverlay: accesslog
The value "{1}accesslog" is not present in the entry despite "olcOverlay={1}accesslog" used in the RDN. That would be a violation of what the RFC451x series requires a DIT conforming with LDAP to maintain.
Both of the above have been mentioned in previous emails in this thread, so again: can you explain what it is that you mean?
Thanks,
On Thu, Mar 27, 2025 at 12:07:23PM +0000, Windl, Ulrich wrote:
Hi!
I thought I had explained my thoughts:
I understand that braces are needed to _order_ multi-valued attributes (the "entries" within the parent),
Hi Ulrich, that is not the only use of the ordered values. It is also used to order siblings (e.g. children of "olcDatabase={0}config,cn=config" here).
but I don't understand wha the braces are needed for an attribute that is single-valued (thus there is no ordering possible). For example: olcOverlay is SINGLE-VALUE (there may be only one overlay in an olcOverlayConfig object).
So why is this wrong then?: dn: olcOverlay={1}accesslog,olcDatabase={0}config,cn=config objectClass: olcOverlayConfig objectClass: olcAccessLogConfig olcOverlay: accesslog ...
One last time: RDN of "olcOverlay={1}accesslog" implies "{1}accesslog" (exactly!) needs to be a value of the "olcOverlay" attribute because the LDAP object model says so. The implication goes one way. The end.
Regards,
openldap-technical@openldap.org
-
Ondřej Kuzník -
Windl, Ulrich