1:34 p.m.
I use slapd 2.4.23 (debian package) with some overlays: syncprov, unique
and valsort. I have a problem with the unique overlay.
This is the unique constraint:
olcUniqueURI: ldap://ou=Workstations,ou=Devices,dc=example,dc=com/?uid?sub
I try to add a ldif like this:
dn: uid=userabc,ou=MozillaAddressBook,ou=Users,dc=example,dc=com
objectClass: person
...
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: ..
...
uid: userabc
...
with ldapadd I get:
ldap_add: Constraint violation (19)
additional info: some attributes not unique
When I remove the unique constraint the ldif file is accepted.
It seems to me that something is wrong: the base of olcUniqueURI is
different from the base where I try to add a entry. I don't understand
this. Is the olcUniqueURI wrong?
--
Regards,
Ruud Baart
3:21 a.m.
Ruud Baart wrote:
I use slapd 2.4.23 (debian package) with some overlays: syncprov,
unique and
valsort. I have a problem with the unique overlay.
This is the unique constraint:
olcUniqueURI: ldap://ou=Workstations,ou=Devices,dc=example,dc=com/?uid?sub
This is not a valid LDAP URL. Probably this should be this LDAP URL with emtpy
hostport part:
ldap:///ou=Workstations,ou=Devices,dc=example,dc=com?uid?sub
See http://www.ietf.org/rfc/rfc4516.txt for syntax of LDAP URLs.
Ciao, Michael.
4 a.m.
Thank you, now its works. I've been blind and I should have been alarmed
by the "/?" part in the olcUniqueURI.
Op 11-8-2011 12:21, Michael Ströder schreef:
Ruud Baart wrote:
> I use slapd 2.4.23 (debian package) with some overlays: syncprov, unique and
> valsort. I have a problem with the unique overlay.
>
> This is the unique constraint:
> olcUniqueURI: ldap://ou=Workstations,ou=Devices,dc=example,dc=com/?uid?sub
This is not a valid LDAP URL. Probably this should be this LDAP URL with emtpy
hostport part:
ldap:///ou=Workstations,ou=Devices,dc=example,dc=com?uid?sub
See http://www.ietf.org/rfc/rfc4516.txt for syntax of LDAP URLs.
Ciao, Michael.
--
Met vriendelijke groet/Regards,
Prompt
Ruud Baart<R.J.Baart(a)Prompt.NL>
Kerkstraat 173, 5261 CW Vught
Tel: +31 73 6567041
www.prompt.nl - www.netwerkmonitoring.eu
Voor vragen en ondersteuning: support(a)prompt.nl
4:08 a.m.
Ruud Baart wrote:
> I use slapd 2.4.23 (debian package) with some overlays: syncprov, unique
> and
> valsort. I have a problem with the unique overlay.
>
> This is the unique constraint:
> olcUniqueURI:
> ldap://ou=Workstations,ou=Devices,dc=example,dc=com/?uid?sub
This is not a valid LDAP URL. Probably this should be this LDAP URL with
emtpy
hostport part:
ldap:///ou=Workstations,ou=Devices,dc=example,dc=com?uid?sub
See http://www.ietf.org/rfc/rfc4516.txt for syntax of LDAP URLs.
Good catch; please note that the original URI was valid, but it meant
$ ./libraries/libldap/urltest
'ldap://ou=Workstations,ou=Devices,dc=example,dc=com/?uid?sub'
generic LDAP url
PROTO: ldap
HOST: ou=Workstations,ou=Devices,dc=example,dc=com
PORT: 389
ATTRS:
uid
SCOPE: sub
URL: ldap://ou=Workstations,ou=Devices,dc=example,dc=com:389/?uid?sub
This error would have been caught if unique_new_domain_uri() checked that
the host portion be empty, to indicate a local URI, as in many other
functionalities of OpenLDAP's slapd. I suggest an ITS be filed to
strengthen misconfiguration detection.
p.
1:47 p.m.
masarati(a)aero.polimi.it wrote:
> Ruud Baart wrote:
>> I use slapd 2.4.23 (debian package) with some overlays: syncprov, unique
>> and
>> valsort. I have a problem with the unique overlay.
>>
>> This is the unique constraint:
>> olcUniqueURI:
>> ldap://ou=Workstations,ou=Devices,dc=example,dc=com/?uid?sub
>
> This is not a valid LDAP URL. Probably this should be this LDAP URL with
> emtpy hostport part:
>
> ldap:///ou=Workstations,ou=Devices,dc=example,dc=com?uid?sub
>
> See http://www.ietf.org/rfc/rfc4516.txt for syntax of LDAP URLs.
Good catch; please note that the original URI was valid, but it meant
$ ./libraries/libldap/urltest
'ldap://ou=Workstations,ou=Devices,dc=example,dc=com/?uid?sub'
generic LDAP url
PROTO: ldap
HOST: ou=Workstations,ou=Devices,dc=example,dc=com
PORT: 389
ATTRS:
uid
SCOPE: sub
URL: ldap://ou=Workstations,ou=Devices,dc=example,dc=com:389/?uid?sub
Academic nitpicking mode on: ;-)
No matter what OpenLDAP's (and python-ldap's) LDAP URL parser let pass through
because of ldapi URLs I don't think that the original URI was valid because a
DN is not a valid host [COLON port] part.
See section 2. of RFC 4516:
[..]
ldapurl = scheme COLON SLASH SLASH [host [COLON port]]
[SLASH dn [QUESTION [attributes]
[QUESTION [scope] [QUESTION [filter]
[QUESTION extensions]]]]]
; <host> and <port> are defined
; in Sections 3.2.2 and 3.2.3
; of [RFC3986].
[..]
This error would have been caught if unique_new_domain_uri() checked
that
the host portion be empty, to indicate a local URI, as in many other
functionalities of OpenLDAP's slapd. I suggest an ITS be filed to
strengthen misconfiguration detection.
My ITS will be ignored anyway. So better you should file one.
Ciao, Michael.
2:11 p.m.
--On Thursday, August 11, 2011 10:47 PM +0200 Michael Ströder
<michael(a)stroeder.com> wrote:
My ITS will be ignored anyway. So better you should file one.
False. A quick perusal of the ITS system shows this is a blatant
misrepresentation of the facts. ITSes that you file are most certainly not
ignored. This sort of negative and false commentary is not productive.
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
2:27 a.m.
New subject: ITS#6928 (was: Problem with overlay uniqe)
Quanah Gibson-Mount wrote:
--On Thursday, August 11, 2011 10:47 PM +0200 Michael Ströder
<michael(a)stroeder.com> wrote:
> My ITS will be ignored anyway. So better you should file one.
False. A quick perusal of the ITS system shows this is a blatant
misrepresentation of the facts. ITSes that you file are most certainly not
ignored. This sort of negative and false commentary is not productive.
ITS#6928
Ciao, Michael.
2:56 a.m.
New subject: ITS#6928
Michael Ströder wrote:
Quanah Gibson-Mount wrote:
> --On Thursday, August 11, 2011 10:47 PM +0200 Michael Ströder
> <michael(a)stroeder.com> wrote:
>
>> My ITS will be ignored anyway. So better you should file one.
>
> False. A quick perusal of the ITS system shows this is a blatant
> misrepresentation of the facts. ITSes that you file are most certainly not
> ignored. This sort of negative and false commentary is not productive.
ITS#6928
Or counter-examples, ITS#6879, #6899.
Or side example ITS#6942. Nobody is singling you out but yourself. Volunteers
work on this project when they're able. That has always been the case. If
nobody volunteers to tackle any work, then the work doesn't happen.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
2:29 p.m.
> [...] I suggest an ITS be filed to
> strengthen misconfiguration detection.
My ITS will be ignored anyway. So better you should file one.
The suggestion actually was for the original poster, although I was
admittedly replying to your message, with the original poster in CC.
However, I also find your pessimistic attitude inappropriate, since
several ITSes submitted by you have been dealt with, and in many cases
successfully addressed (i.e. the problem was solved, and the fix
released). Currently there are 111 ITS in incoming; some have been there
for years. Only few of them have been submitted by you. You seem to be a
pretty good tester (I should say a dam..d good tester) as you can produce
so many unusual conditions that can hardly be reproduced and thus
successfully dealt with. Whenever possible, ITS submitted by you (as well
as by others) have been dealt with based on developers' availability,
competence in the specific area of the ITS and so. So I would be more
optimistic. In any case, I'll open (and close) the ITS, as the fix is
definitely trivial.
p.
3938
days inactive
3941
days old
openldap-technical@openldap.org
8 comments
5 participants
participants (5)
-
Howard Chu -
masarati@aero.polimi.it -
Michael Ströder -
Quanah Gibson-Mount -
Ruud Baart