i'm experimenting with the constrain overlay, and have what i think is a fairly simply constraint that's giving me trouble. below are the details. i believe i've followed slapo-constraint(5) (and regex(7)) accurately, but i must be missing something.
cat montage_admin.ldif
dn: uid = admin,ou=montage_test,ou=other,ou=users,ou=accounts,dc=ltn,dc=lvc,dc=com changetype: modify replace: uidNumber uidNumber: 5000
ldapmodify -vxWD 'cn=admin,dc=ltn,dc=lvc,dc=com' -f montage_admin.ldif
ldap_initialize( <DEFAULT> ) Enter LDAP Password: replace uidNumber: 5000 modifying entry "uid = admin ,ou=montage_test,ou=other,ou=users,ou=accounts,dc=ltn,dc=lvc,dc=com" ldap_modify: Constraint violation (19) additional info: modify breaks constraint on uidNumber
ldapsearch -vvxWLLLD 'cn=admin,dc=ltn,dc=lvc,dc=com' "(uid=admin)"
ldap_initialize( <DEFAULT> ) Enter LDAP Password: filter: (uid=admin) requesting: All userApplication attributes dn: uid =admin,ou=montage_test,ou=other,ou=users,ou=accounts,dc=ltn,dc=lvc,dc=c om userPassword:: e1NTSEF9TkF5TGVabXFWTU9zT01EZVNWdHA1Mm9uUWtOalg3cXY= objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: top homeDirectory: /dev/null cn: admin uid: admin sn: admin givenName: admin gidNumber: 5001 uidNumber: 2016
ldapsearch -vvxWLLLb 'cn=config' -D 'cn=admin,cn=config'
"(objectClass=olcConstraintConfig)" ldap_initialize( <DEFAULT> ) Enter LDAP Password: filter: (objectClass=olcConstraintConfig) requesting: All userApplication attributes dn: olcOverlay={3}constraint,olcDatabase={2}bdb,cn=config objectClass: olcOverlayConfig objectClass: olcConstraintConfig olcOverlay: {3}constraint olcConstraintAttribute: uidNumber regex ^[:digit:]*$
thanks -ben
benjamin thielsen wrote:
i'm experimenting with the constrain overlay, and have what i think is a fairly simply constraint that's giving me trouble. below are the details. i believe i've followed slapo-constraint(5) (and regex(7)) accurately, but i must be missing something.
cat montage_admin.ldif
dn: uid=admin,ou=montage_test,ou=other,ou=users,ou=accounts,dc=ltn,dc=lvc,dc=com
changetype: modify replace: uidNumber uidNumber: 5000
ldapmodify -vxWD 'cn=admin,dc=ltn,dc=lvc,dc=com' -f montage_admin.ldif
ldap_initialize( <DEFAULT> ) Enter LDAP Password: replace uidNumber: 5000 modifying entry "uid=admin,ou=montage_test,ou=other,ou=users,ou=accounts,dc=ltn,dc=lvc,dc=com"
ldap_modify: Constraint violation (19) additional info: modify breaks constraint on uidNumber
ldapsearch -vvxWLLLD 'cn=admin,dc=ltn,dc=lvc,dc=com' "(uid=admin)"
ldap_initialize( <DEFAULT> ) Enter LDAP Password: filter: (uid=admin) requesting: All userApplication attributes dn: uid=admin,ou=montage_test,ou=other,ou=users,ou=accounts,dc=ltn,dc=lvc,dc=c om userPassword:: e1NTSEF9TkF5TGVabXFWTU9zT01EZVNWdHA1Mm9uUWtOalg3cXY= objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: top homeDirectory: /dev/null cn: admin uid: admin sn: admin givenName: admin gidNumber: 5001 uidNumber: 2016
ldapsearch -vvxWLLLb 'cn=config' -D 'cn=admin,cn=config'
"(objectClass=olcConstraintConfig)" ldap_initialize( <DEFAULT> ) Enter LDAP Password: filter: (objectClass=olcConstraintConfig) requesting: All userApplication attributes dn: olcOverlay={3}constraint,olcDatabase={2}bdb,cn=config objectClass: olcOverlayConfig objectClass: olcConstraintConfig olcOverlay: {3}constraint olcConstraintAttribute: uidNumber regex ^[:digit:]*$
if by that regex you mean: "only allow digits", then it should be "^[[:digit:]]+$".
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------
On Dec 10, 2008, at 14.22, Pierangelo Masarati wrote:
benjamin thielsen wrote:
i'm experimenting with the constrain overlay, and have what i think is a fairly simply constraint that's giving me trouble. below are the details. i believe i've followed slapo-constraint(5) (and regex(7)) accurately, but i must be missing something.
cat montage_admin.ldif
dn: uid = admin ,ou=montage_test,ou=other,ou=users,ou=accounts,dc=ltn,dc=lvc,dc=com changetype: modify replace: uidNumber uidNumber: 5000
ldapmodify -vxWD 'cn=admin,dc=ltn,dc=lvc,dc=com' -f
montage_admin.ldif ldap_initialize( <DEFAULT> ) Enter LDAP Password: replace uidNumber: 5000 modifying entry "uid = admin ,ou =montage_test,ou=other,ou=users,ou=accounts,dc=ltn,dc=lvc,dc=com" ldap_modify: Constraint violation (19) additional info: modify breaks constraint on uidNumber
ldapsearch -vvxWLLLD 'cn=admin,dc=ltn,dc=lvc,dc=com' "(uid=admin)"
ldap_initialize( <DEFAULT> )slapo-constaint Enter LDAP Password: filter: (uid=admin) requesting: All userApplication attributes dn: uid = admin ,ou=montage_test,ou=other,ou=users,ou=accounts,dc=ltn,dc=lvc,dc=c om userPassword:: e1NTSEF9TkF5TGVabXFWTU9zT01EZVNWdHA1Mm9uUWtOalg3cXY= objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: top homeDirectory: /dev/null cn: admin uid: admin sn: admin givenName: admin gidNumber: 5001 uidNumber: 2016
ldapsearch -vvxWLLLb 'cn=config' -D 'cn=admin,cn=config'
"(objectClass=olcConstraintConfig)" ldap_initialize( <DEFAULT> ) Enter LDAP Password: filter: (objectClass=olcConstraintConfig) requesting: All userApplication attributes dn: olcOverlay={3}constraint,olcDatabase={2}bdb,cn=config objectClass: olcOverlayConfig objectClass: olcConstraintConfig olcOverlay: {3}constraint olcConstraintAttribute: uidNumber regex ^[:digit:]*$
if by that regex you mean: "only allow digits", then it should be "^[[:digit:]]+$".
p.
aha, thanks - that works. i had actually wondered that, but since the example in slapo-constraint(5) used single brackets i didn't consider it further. shame on me for not trying anyway :)
-ben
benjamin thielsen wrote:
if by that regex you mean: "only allow digits", then it should be "^[[:digit:]]+$".
p.
aha, thanks - that works. i had actually wondered that, but since the example in slapo-constraint(5) used single brackets i didn't consider it further. shame on me for not trying anyway :)
I see. I suggest you file an ITS http://www.openldap.org/its/ for that.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------
openldap-technical@openldap.org
-
benjamin thielsen -
Pierangelo Masarati