I'm running openldap 2.4.9 (Ubuntu 8.04.3) in a N-way multimaster setup with two masters and two slaves.
I've just switched to this setup from an old SLES system, and used slapcat and slapadd to populate the masters.
In syslog of my slaves, I find the following: Nov 3 12:20:43 stooge01 slapd[19271]: syncrepl_entry: rid=101 be_search (0) Nov 3 12:20:43 stooge01 slapd[19271]: syncrepl_entry: rid=101 uid=foobar,ou=people,dc=ntnu,dc=no Nov 3 12:20:43 stooge01 slapd[19271]: No structuralObjectClass for entry (uid=foobar,ou=people,dc=ntnu,dc=no) Nov 3 12:20:43 stooge01 slapd[19271]: entry failed schema check: no structuralObjectClass operational attribute Nov 3 12:20:43 stooge01 slapd[19271]: null_callback : error code 0x50 Nov 3 12:20:43 stooge01 slapd[19271]: syncrepl_entry: rid=101 be_modify (80) Nov 3 12:20:43 stooge01 slapd[19271]: syncrepl_entry: rid=101 be_modify failed (80)
'foobar' is in this case a very recently added user, which was added using ldap_add from a remote python script.
A slapcat on the masters shows me the following:
dn: uid=foobar,ou=people,dc=ntnu,dc=no uid: foobar norEduPersonBirthDate: 19800101 title: temp eduPersonAffiliation: member eduPersonAffiliation: employee eduPersonOrgDN: dc=ntnu,dc=no eduPersonPrincipalName: foobar@ntnu.no sn: Foo mail: foo.bar@math.ntnu.no givenName: Foo Bar norEduPersonNIN: 01018012345 cn: Foo Bar entryUUID: f397404e-5be3-102e-8099-a37fef513806 creatorsName: cn=bdb_admin,dc=ntnu,dc=no createTimestamp: 20091102101220Z userPassword:: e1NTXXXXXXXXXXXXXXXXXXXXXXXXXXXXX== objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: eduPerson objectClass: norEduPerson objectClass: ntnuPerson entryCSN: 20091103001746.825477Z#000000#002#000000 modifiersName: cn=oidsync_admin,dc=ntnu,dc=no modifyTimestamp: 20091103001746Z
Now, as you can see, this user has no structuralObjectClass, even though it's been added using slapd(8). The older users, which was added using slapcat, have structuralObjectClass: inetOrgPerson.
And since it lacks the structuralObjectClass, it apparently cannot be replicated to the slaves. I could replicate with schemachecking=off, however, this will only populate the slaves with the same rotten data, and that has other unwanted implications.
Can anyone point me in the right direction here? I have found a lot of material on google, however, it seems nobody has had slapd(8) populate its database with this kind of bad data before.
Kind regards
c
The following is the schema files, in case they are interesting:
SCHEMA: cn={0}core.ldif:
dn: cn={0}core objectClass: olcSchemaConfig cn: {0}core olcAttributeTypes: {0}( 2.5.4.2 NAME 'knowledgeInformation' DESC 'RFC2256: kno wledge information' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.15{32768} ) olcAttributeTypes: {1}( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256: last (f amily) name(s) for which the entity is known by' SUP name ) olcAttributeTypes: {2}( 2.5.4.5 NAME 'serialNumber' DESC 'RFC2256: serial numb er of the entity' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} ) olcAttributeTypes: {3}( 2.5.4.6 NAME ( 'c' 'countryName' ) DESC 'RFC2256: ISO- 3166 country 2-letter code' SUP name SINGLE-VALUE ) olcAttributeTypes: {4}( 2.5.4.7 NAME ( 'l' 'localityName' ) DESC 'RFC2256: loc ality which this object resides in' SUP name ) olcAttributeTypes: {5}( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) DESC 'RFC2 256: state or province which this object resides in' SUP name ) olcAttributeTypes: {6}( 2.5.4.9 NAME ( 'street' 'streetAddress' ) DESC 'RFC225 6: street address of this object' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreS ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) olcAttributeTypes: {7}( 2.5.4.10 NAME ( 'o' 'organizationName' ) DESC 'RFC2256 : organization this object belongs to' SUP name ) olcAttributeTypes: {8}( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) DESC ' RFC2256: organizational unit this object belongs to' SUP name ) olcAttributeTypes: {9}( 2.5.4.12 NAME 'title' DESC 'RFC2256: title associated with the entity' SUP name ) olcAttributeTypes: {10}( 2.5.4.14 NAME 'searchGuide' DESC 'RFC2256: search gui de, deprecated by enhancedSearchGuide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 ) olcAttributeTypes: {11}( 2.5.4.15 NAME 'businessCategory' DESC 'RFC2256: busin ess category' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.15{128} ) olcAttributeTypes: {12}( 2.5.4.16 NAME 'postalAddress' DESC 'RFC2256: postal a ddress' EQUALITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYN TAX 1.3.6.1.4.1.1466.115.121.1.41 ) olcAttributeTypes: {13}( 2.5.4.17 NAME 'postalCode' DESC 'RFC2256: postal code ' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.15{40} ) olcAttributeTypes: {14}( 2.5.4.18 NAME 'postOfficeBox' DESC 'RFC2256: Post Off ice Box' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3 .6.1.4.1.1466.115.121.1.15{40} ) olcAttributeTypes: {15}( 2.5.4.19 NAME 'physicalDeliveryOfficeName' DESC 'RFC2 256: Physical Delivery Office Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnor eSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) olcAttributeTypes: {16}( 2.5.4.20 NAME 'telephoneNumber' DESC 'RFC2256: Teleph one Number' EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ) olcAttributeTypes: {17}( 2.5.4.21 NAME 'telexNumber' DESC 'RFC2256: Telex Numb er' SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 ) olcAttributeTypes: {18}( 2.5.4.22 NAME 'teletexTerminalIdentifier' DESC 'RFC22 56: Teletex Terminal Identifier' SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 ) olcAttributeTypes: {19}( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) DE SC 'RFC2256: Facsimile (Fax) Telephone Number' SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.22 ) olcAttributeTypes: {20}( 2.5.4.24 NAME 'x121Address' DESC 'RFC2256: X.121 Addr ess' EQUALITY numericStringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.36{15} ) olcAttributeTypes: {21}( 2.5.4.25 NAME 'internationaliSDNNumber' DESC 'RFC2256 : international ISDN number' EQUALITY numericStringMatch SUBSTR numericString SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} ) olcAttributeTypes: {22}( 2.5.4.26 NAME 'registeredAddress' DESC 'RFC2256: regi stered postal address' SUP postalAddress SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) olcAttributeTypes: {23}( 2.5.4.27 NAME 'destinationIndicator' DESC 'RFC2256: d estination indicator' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} ) olcAttributeTypes: {24}( 2.5.4.28 NAME 'preferredDeliveryMethod' DESC 'RFC2256 : preferred delivery method' SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 SINGLE-VALU E ) olcAttributeTypes: {25}( 2.5.4.29 NAME 'presentationAddress' DESC 'RFC2256: pr esentation address' EQUALITY presentationAddressMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.43 SINGLE-VALUE ) olcAttributeTypes: {26}( 2.5.4.30 NAME 'supportedApplicationContext' DESC 'RFC 2256: supported application context' EQUALITY objectIdentifierMatch SYNTAX 1. 3.6.1.4.1.1466.115.121.1.38 ) olcAttributeTypes: {27}( 2.5.4.31 NAME 'member' DESC 'RFC2256: member of a gro up' SUP distinguishedName ) olcAttributeTypes: {28}( 2.5.4.32 NAME 'owner' DESC 'RFC2256: owner (of the ob ject)' SUP distinguishedName ) olcAttributeTypes: {29}( 2.5.4.33 NAME 'roleOccupant' DESC 'RFC2256: occupant of role' SUP distinguishedName ) olcAttributeTypes: {30}( 2.5.4.36 NAME 'userCertificate' DESC 'RFC2256: X.509 user certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX 1.3.6.1. 4.1.1466.115.121.1.8 ) olcAttributeTypes: {31}( 2.5.4.37 NAME 'cACertificate' DESC 'RFC2256: X.509 CA certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.8 ) olcAttributeTypes: {32}( 2.5.4.38 NAME 'authorityRevocationList' DESC 'RFC2256 : X.509 authority revocation list, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.9 ) olcAttributeTypes: {33}( 2.5.4.39 NAME 'certificateRevocationList' DESC 'RFC22 56: X.509 certificate revocation list, use ;binary' SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.9 ) olcAttributeTypes: {34}( 2.5.4.40 NAME 'crossCertificatePair' DESC 'RFC2256: X .509 cross certificate pair, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 0 ) olcAttributeTypes: {35}( 2.5.4.42 NAME ( 'givenName' 'gn' ) DESC 'RFC2256: fir st name(s) for which the entity is known by' SUP name ) olcAttributeTypes: {36}( 2.5.4.43 NAME 'initials' DESC 'RFC2256: initials of s ome or all of names, but not the surname(s).' SUP name ) olcAttributeTypes: {37}( 2.5.4.44 NAME 'generationQualifier' DESC 'RFC2256: na me qualifier indicating a generation' SUP name ) olcAttributeTypes: {38}( 2.5.4.45 NAME 'x500UniqueIdentifier' DESC 'RFC2256: X .500 unique identifier' EQUALITY bitStringMatch SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.6 ) olcAttributeTypes: {39}( 2.5.4.46 NAME 'dnQualifier' DESC 'RFC2256: DN qualifi er' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgno reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) olcAttributeTypes: {40}( 2.5.4.47 NAME 'enhancedSearchGuide' DESC 'RFC2256: en hanced search guide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 ) olcAttributeTypes: {41}( 2.5.4.48 NAME 'protocolInformation' DESC 'RFC2256: pr otocol information' EQUALITY protocolInformationMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.42 ) olcAttributeTypes: {42}( 2.5.4.50 NAME 'uniqueMember' DESC 'RFC2256: unique me mber of a group' EQUALITY uniqueMemberMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 .34 ) olcAttributeTypes: {43}( 2.5.4.51 NAME 'houseIdentifier' DESC 'RFC2256: house identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) olcAttributeTypes: {44}( 2.5.4.52 NAME 'supportedAlgorithms' DESC 'RFC2256: su pported algorithms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 ) olcAttributeTypes: {45}( 2.5.4.53 NAME 'deltaRevocationList' DESC 'RFC2256: de lta revocation list; use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) olcAttributeTypes: {46}( 2.5.4.54 NAME 'dmdName' DESC 'RFC2256: name of DMD' S UP name ) olcAttributeTypes: {47}( 2.5.4.65 NAME 'pseudonym' DESC 'X.520(4th): pseudonym for the object' SUP name ) olcAttributeTypes: {48}( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbo x' ) DESC 'RFC1274: RFC822 Mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIg noreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) olcAttributeTypes: {49}( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainCompone nt' ) DESC 'RFC1274/2247: domain component' EQUALITY caseIgnoreIA5Match SUBST R caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VA LUE ) olcAttributeTypes: {50}( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain' DE SC 'RFC1274: domain associated with object' EQUALITY caseIgnoreIA5Match SUBST R caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {51}( 1.2.840.113549.1.9.1 NAME ( 'email' 'emailAddress' 'p kcs9email' ) DESC 'RFC3280: legacy attribute for email addresses in DNs' EQUA LITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.26{128} ) olcObjectClasses: {0}( 2.5.6.2 NAME 'country' DESC 'RFC2256: a country' SUP to p STRUCTURAL MUST c MAY ( searchGuide $ description ) ) olcObjectClasses: {1}( 2.5.6.3 NAME 'locality' DESC 'RFC2256: a locality' SUP top STRUCTURAL MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) ) olcObjectClasses: {2}( 2.5.6.4 NAME 'organization' DESC 'RFC2256: an organizat ion' SUP top STRUCTURAL MUST o MAY ( userPassword $ searchGuide $ seeAlso $ b usinessCategory $ x121Address $ registeredAddress $ destinationIndicator $ pr eferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNu mber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOffi ceBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ de scription ) ) olcObjectClasses: {3}( 2.5.6.5 NAME 'organizationalUnit' DESC 'RFC2256: an org anizational unit' SUP top STRUCTURAL MUST ou MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destination Indicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ str eet $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ) olcObjectClasses: {4}( 2.5.6.6 NAME 'person' DESC 'RFC2256: a person' SUP top STRUCTURAL MUST ( sn $ cn ) MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) ) olcObjectClasses: {5}( 2.5.6.7 NAME 'organizationalPerson' DESC 'RFC2256: an o rganizational person' SUP person STRUCTURAL MAY ( title $ x121Address $ regis teredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facs imileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) ) olcObjectClasses: {6}( 2.5.6.8 NAME 'organizationalRole' DESC 'RFC2256: an org anizational role' SUP top STRUCTURAL MUST cn MAY ( x121Address $ registeredAd dress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ telete xTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTe lephoneNumber $ seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $ p ostOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l $ description ) ) olcObjectClasses: {7}( 2.5.6.9 NAME 'groupOfNames' DESC 'RFC2256: a group of n ames (DNs)' SUP top STRUCTURAL MUST ( member $ cn ) MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ) olcObjectClasses: {8}( 2.5.6.10 NAME 'residentialPerson' DESC 'RFC2256: an res idential person' SUP person STRUCTURAL MUST l MAY ( businessCategory $ x121Ad dress $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDN Number $ facsimileTelephoneNumber $ preferredDeliveryMethod $ street $ postOf ficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l ) ) olcObjectClasses: {9}( 2.5.6.11 NAME 'applicationProcess' DESC 'RFC2256: an ap plication process' SUP top STRUCTURAL MUST cn MAY ( seeAlso $ ou $ l $ descri ption ) ) olcObjectClasses: {10}( 2.5.6.12 NAME 'applicationEntity' DESC 'RFC2256: an ap plication entity' SUP top STRUCTURAL MUST ( presentationAddress $ cn ) MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $ description ) ) olcObjectClasses: {11}( 2.5.6.13 NAME 'dSA' DESC 'RFC2256: a directory system agent (a server)' SUP applicationEntity STRUCTURAL MAY knowledgeInformation ) olcObjectClasses: {12}( 2.5.6.14 NAME 'device' DESC 'RFC2256: a device' SUP to p STRUCTURAL MUST cn MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ desc ription ) ) olcObjectClasses: {13}( 2.5.6.15 NAME 'strongAuthenticationUser' DESC 'RFC2256 : a strong authentication user' SUP top AUXILIARY MUST userCertificate ) olcObjectClasses: {14}( 2.5.6.16 NAME 'certificationAuthority' DESC 'RFC2256: a certificate authority' SUP top AUXILIARY MUST ( authorityRevocationList $ c ertificateRevocationList $ cACertificate ) MAY crossCertificatePair ) olcObjectClasses: {15}( 2.5.6.17 NAME 'groupOfUniqueNames' DESC 'RFC2256: a gr oup of unique names (DN and Unique Identifier)' SUP top STRUCTURAL MUST ( uni queMember $ cn ) MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ descript ion ) ) olcObjectClasses: {16}( 2.5.6.18 NAME 'userSecurityInformation' DESC 'RFC2256: a user security information' SUP top AUXILIARY MAY supportedAlgorithms ) olcObjectClasses: {17}( 2.5.6.16.2 NAME 'certificationAuthority-V2' SUP certif icationAuthority AUXILIARY MAY deltaRevocationList ) olcObjectClasses: {18}( 2.5.6.19 NAME 'cRLDistributionPoint' SUP top STRUCTURA L MUST cn MAY ( certificateRevocationList $ authorityRevocationList $ deltaRe vocationList ) ) olcObjectClasses: {19}( 2.5.6.20 NAME 'dmd' SUP top STRUCTURAL MUST dmdName MA Y ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ r egisteredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumb er $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddres s $ physicalDeliveryOfficeName $ st $ l $ description ) ) olcObjectClasses: {20}( 2.5.6.21 NAME 'pkiUser' DESC 'RFC2587: a PKI user' SUP top AUXILIARY MAY userCertificate ) olcObjectClasses: {21}( 2.5.6.22 NAME 'pkiCA' DESC 'RFC2587: PKI certificate a uthority' SUP top AUXILIARY MAY ( authorityRevocationList $ certificateRevoca tionList $ cACertificate $ crossCertificatePair ) ) olcObjectClasses: {22}( 2.5.6.23 NAME 'deltaCRL' DESC 'RFC2587: PKI user' SUP top AUXILIARY MAY deltaRevocationList ) olcObjectClasses: {23}( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject' DESC 'RFC 2079: object that contains the URI attribute type' SUP top AUXILIARY MAY labe ledURI ) olcObjectClasses: {24}( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' DESC 'RFC1274: simple security object' SUP top AUXILIARY MUST userPassword ) olcObjectClasses: {25}( 1.3.6.1.4.1.1466.344 NAME 'dcObject' DESC 'RFC2247: do main component object' SUP top AUXILIARY MUST dc ) olcObjectClasses: {26}( 1.3.6.1.1.3.1 NAME 'uidObject' DESC 'RFC2377: uid obje ct' SUP top AUXILIARY MUST uid ) structuralObjectClass: olcSchemaConfig entryUUID: eeea40e4-d26a-102d-8211-5fbab7f27ddf creatorsName: cn=config createTimestamp: 20090511113054Z entryCSN: 20090511113054.364338Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20090511113054Z
SCHEMA: cn={1}cosine.ldif:
dn: cn={1}cosine objectClass: olcSchemaConfig cn: {1}cosine olcAttributeTypes: {0}( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1. 1466.115.121.1.15{256} ) olcAttributeTypes: {1}( 0.9.2342.19200300.100.1.4 NAME 'info' DESC 'RFC1274: g eneral information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} ) olcAttributeTypes: {2}( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDri nk' ) DESC 'RFC1274: favorite drink' EQUALITY caseIgnoreMatch SUBSTR caseIgno reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {3}( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' DESC 'RFC1 274: room number' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S YNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {4}( 0.9.2342.19200300.100.1.7 NAME 'photo' DESC 'RFC1274: photo (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} ) olcAttributeTypes: {5}( 0.9.2342.19200300.100.1.8 NAME 'userClass' DESC 'RFC12 74: category of user' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {6}( 0.9.2342.19200300.100.1.9 NAME 'host' DESC 'RFC1274: h ost computer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTA X 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {7}( 0.9.2342.19200300.100.1.10 NAME 'manager' DESC 'RFC127 4: DN of manager' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.12 ) olcAttributeTypes: {8}( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' D ESC 'RFC1274: unique identifier of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {9}( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' DESC ' RFC1274: title of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstri ngsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {10}( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' DES C 'RFC1274: version of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {11}( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' DESC 'RFC1274: DN of author of document' EQUALITY distinguishedNameMatch SYNTAX 1 .3.6.1.4.1.1466.115.121.1.12 ) olcAttributeTypes: {12}( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' DE SC 'RFC1274: location of document original' EQUALITY caseIgnoreMatch SUBSTR c aseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {13}( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone' 'homeTe lephoneNumber' ) DESC 'RFC1274: home telephone number' EQUALITY telephoneNumb erMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.50 ) olcAttributeTypes: {14}( 0.9.2342.19200300.100.1.21 NAME 'secretary' DESC 'RFC 1274: DN of secretary' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.146 6.115.121.1.12 ) olcAttributeTypes: {15}( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox' SYNTAX 1.3.6.1.4.1.1466.115.121.1.39 ) olcAttributeTypes: {16}( 0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY ca seIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {17}( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' EQUALITY c aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {18}( 0.9.2342.19200300.100.1.28 NAME 'mXRecord' EQUALITY c aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {19}( 0.9.2342.19200300.100.1.29 NAME 'nSRecord' EQUALITY c aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {20}( 0.9.2342.19200300.100.1.30 NAME 'sOARecord' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {21}( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' EQUALIT Y caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {22}( 0.9.2342.19200300.100.1.38 NAME 'associatedName' DESC 'RFC1274: DN of entry associated with domain' EQUALITY distinguishedNameMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) olcAttributeTypes: {23}( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' D ESC 'RFC1274: home postal address' EQUALITY caseIgnoreListMatch SUBSTR caseIg noreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) olcAttributeTypes: {24}( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' DESC 'RFC1274: personal title' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {25}( 0.9.2342.19200300.100.1.41 NAME ( 'mobile' 'mobileTel ephoneNumber' ) DESC 'RFC1274: mobile telephone number' EQUALITY telephoneNum berMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.50 ) olcAttributeTypes: {26}( 0.9.2342.19200300.100.1.42 NAME ( 'pager' 'pagerTelep honeNumber' ) DESC 'RFC1274: pager telephone number' EQUALITY telephoneNumber Match SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 .50 ) olcAttributeTypes: {27}( 0.9.2342.19200300.100.1.43 NAME ( 'co' 'friendlyCount ryName' ) DESC 'RFC1274: friendly country name' EQUALITY caseIgnoreMatch SUBS TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {28}( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' DE SC 'RFC1274: unique identifer' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.15{256} ) olcAttributeTypes: {29}( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus ' DESC 'RFC1274: organizational status' EQUALITY caseIgnoreMatch SUBSTR caseI gnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {30}( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox' DESC ' RFC1274: Janet mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subst ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) olcAttributeTypes: {31}( 0.9.2342.19200300.100.1.47 NAME 'mailPreferenceOption ' DESC 'RFC1274: mail preference option' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) olcAttributeTypes: {32}( 0.9.2342.19200300.100.1.48 NAME 'buildingName' DESC ' RFC1274: name of building' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrin gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) olcAttributeTypes: {33}( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality' DESC 'RF C1274: DSA Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE ) olcAttributeTypes: {34}( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality' DESC 'RFC1274: Single Level Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SIN GLE-VALUE ) olcAttributeTypes: {35}( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQualit y' DESC 'RFC1274: Subtree Mininum Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 13 SINGLE-VALUE ) olcAttributeTypes: {36}( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQualit y' DESC 'RFC1274: Subtree Maximun Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 13 SINGLE-VALUE ) olcAttributeTypes: {37}( 0.9.2342.19200300.100.1.53 NAME 'personalSignature' D ESC 'RFC1274: Personal Signature (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 23 ) olcAttributeTypes: {38}( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect' DESC 'R FC1274: DIT Redirect' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.12 ) olcAttributeTypes: {39}( 0.9.2342.19200300.100.1.55 NAME 'audio' DESC 'RFC1274 : audio (u-law)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} ) olcAttributeTypes: {40}( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' D ESC 'RFC1274: publisher of document' EQUALITY caseIgnoreMatch SUBSTR caseIgno reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) olcObjectClasses: {0}( 0.9.2342.19200300.100.4.4 NAME ( 'pilotPerson' 'newPilo tPerson' ) SUP person STRUCTURAL MAY ( userid $ textEncodedORAddress $ rfc822 Mailbox $ favouriteDrink $ roomNumber $ userClass $ homeTelephoneNumber $ hom ePostalAddress $ secretary $ personalTitle $ preferredDeliveryMethod $ busine ssCategory $ janetMailbox $ otherMailbox $ mobileTelephoneNumber $ pagerTelep honeNumber $ organizationalStatus $ mailPreferenceOption $ personalSignature ) ) olcObjectClasses: {1}( 0.9.2342.19200300.100.4.5 NAME 'account' SUP top STRUCT URAL MUST userid MAY ( description $ seeAlso $ localityName $ organizationNam e $ organizationalUnitName $ host ) ) olcObjectClasses: {2}( 0.9.2342.19200300.100.4.6 NAME 'document' SUP top STRUC TURAL MUST documentIdentifier MAY ( commonName $ description $ seeAlso $ loca lityName $ organizationName $ organizationalUnitName $ documentTitle $ docume ntVersion $ documentAuthor $ documentLocation $ documentPublisher ) ) olcObjectClasses: {3}( 0.9.2342.19200300.100.4.7 NAME 'room' SUP top STRUCTURA L MUST commonName MAY ( roomNumber $ description $ seeAlso $ telephoneNumber ) ) olcObjectClasses: {4}( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' SUP top STRUCTURAL MUST commonName MAY ( description $ seeAlso $ telephonenumber $ l ocalityName $ organizationName $ organizationalUnitName ) ) olcObjectClasses: {5}( 0.9.2342.19200300.100.4.13 NAME 'domain' SUP top STRUCT URAL MUST domainComponent MAY ( associatedName $ organizationName $ descripti on $ businessCategory $ seeAlso $ searchGuide $ userPassword $ localityName $ stateOrProvinceName $ streetAddress $ physicalDeliveryOfficeName $ postalAdd ress $ postalCode $ postOfficeBox $ streetAddress $ facsimileTelephoneNumber $ internationalISDNNumber $ telephoneNumber $ teletexTerminalIdentifier $ tel exNumber $ preferredDeliveryMethod $ destinationIndicator $ registeredAddress $ x121Address ) ) olcObjectClasses: {6}( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart' SUP d omain STRUCTURAL MAY ( commonName $ surname $ description $ seeAlso $ telepho neNumber $ physicalDeliveryOfficeName $ postalAddress $ postalCode $ postOffi ceBox $ streetAddress $ facsimileTelephoneNumber $ internationalISDNNumber $ telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ preferredDelivery Method $ destinationIndicator $ registeredAddress $ x121Address ) ) olcObjectClasses: {7}( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain' SUP domain STRUCTURAL MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ CNAME Record ) ) olcObjectClasses: {8}( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject' D ESC 'RFC1274: an object related to an domain' SUP top AUXILIARY MUST associat edDomain ) olcObjectClasses: {9}( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' SUP c ountry STRUCTURAL MUST friendlyCountryName ) olcObjectClasses: {10}( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization' SU P ( organization $ organizationalUnit ) STRUCTURAL MAY buildingName ) olcObjectClasses: {11}( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA' SUP dsa STR UCTURAL MAY dSAQuality ) olcObjectClasses: {12}( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData' SUP top AUXILIARY MUST dsaQuality MAY ( subtreeMinimumQuality $ subtreeMaximu mQuality ) ) structuralObjectClass: olcSchemaConfig entryUUID: eeea58f4-d26a-102d-8212-5fbab7f27ddf creatorsName: cn=config createTimestamp: 20090511113054Z entryCSN: 20090511113054.364338Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20090511113054Z
SCHEMA: cn={2}nis.ldif:
dn: cn={2}nis objectClass: olcSchemaConfig cn: {2}nis olcAttributeTypes: {0}( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field; th e common name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {1}( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'The absolut e path to the home directory' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1 466.115.121.1.26 SINGLE-VALUE ) olcAttributeTypes: {2}( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'The path to th e login shell' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 6 SINGLE-VALUE ) olcAttributeTypes: {3}( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' EQUALITY integ erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {4}( 1.3.6.1.1.1.1.6 NAME 'shadowMin' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {5}( 1.3.6.1.1.1.1.7 NAME 'shadowMax' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {6}( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' EQUALITY integerM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {7}( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' EQUALITY integer Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {8}( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' EQUALITY integerM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {9}( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' EQUALITY integerMat ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {10}( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExactI A5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 26 ) olcAttributeTypes: {11}( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' EQUALITY ca seExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.26 ) olcAttributeTypes: {12}( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Netgr oup triple' SYNTAX 1.3.6.1.1.1.0.0 ) olcAttributeTypes: {13}( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' EQUALITY intege rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {14}( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' SUP name ) olcAttributeTypes: {15}( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' EQUALITY int egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {16}( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' EQUALITY integer Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {17}( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'IP address ' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) olcAttributeTypes: {18}( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC 'IP netw ork' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SI NGLE-VALUE ) olcAttributeTypes: {19}( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC 'IP netm ask' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SI NGLE-VALUE ) olcAttributeTypes: {20}( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'MAC address' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) olcAttributeTypes: {21}( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC 'rpc.bootp aramd parameter' SYNTAX 1.3.6.1.1.1.0.1 ) olcAttributeTypes: {22}( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Boot image nam e' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) olcAttributeTypes: {23}( 1.3.6.1.1.1.1.26 NAME 'nisMapName' SUP name ) olcAttributeTypes: {24}( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' EQUALITY caseExac tIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 1.26{1024} SINGLE-VALUE ) olcObjectClasses: {0}( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Abstraction o f an account with POSIX attributes' SUP top AUXILIARY MUST ( cn $ uid $ uidNu mber $ gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $ gecos $ description ) ) olcObjectClasses: {1}( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' DESC 'Additional a ttributes for shadow passwords' SUP top AUXILIARY MUST uid MAY ( userPassword $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ description ) ) olcObjectClasses: {2}( 1.3.6.1.1.1.2.2 NAME 'posixGroup' DESC 'Abstraction of a group of accounts' SUP top STRUCTURAL MUST ( cn $ gidNumber ) MAY ( userPas sword $ memberUid $ description ) ) olcObjectClasses: {3}( 1.3.6.1.1.1.2.3 NAME 'ipService' DESC 'Abstraction an I nternet Protocol service' SUP top STRUCTURAL MUST ( cn $ ipServicePort $ ipSe rviceProtocol ) MAY description ) olcObjectClasses: {4}( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' DESC 'Abstraction of an IP protocol' SUP top STRUCTURAL MUST ( cn $ ipProtocolNumber $ description ) MAY description ) olcObjectClasses: {5}( 1.3.6.1.1.1.2.5 NAME 'oncRpc' DESC 'Abstraction of an O NC/RPC binding' SUP top STRUCTURAL MUST ( cn $ oncRpcNumber $ description ) M AY description ) olcObjectClasses: {6}( 1.3.6.1.1.1.2.6 NAME 'ipHost' DESC 'Abstraction of a ho st, an IP device' SUP top AUXILIARY MUST ( cn $ ipHostNumber ) MAY ( l $ desc ription $ manager ) ) olcObjectClasses: {7}( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' DESC 'Abstraction of a n IP network' SUP top STRUCTURAL MUST ( cn $ ipNetworkNumber ) MAY ( ipNetmas kNumber $ l $ description $ manager ) ) olcObjectClasses: {8}( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' DESC 'Abstraction of a netgroup' SUP top STRUCTURAL MUST cn MAY ( nisNetgroupTriple $ memberNisNe tgroup $ description ) ) olcObjectClasses: {9}( 1.3.6.1.1.1.2.9 NAME 'nisMap' DESC 'A generic abstracti on of a NIS map' SUP top STRUCTURAL MUST nisMapName MAY description ) olcObjectClasses: {10}( 1.3.6.1.1.1.2.10 NAME 'nisObject' DESC 'An entry in a NIS map' SUP top STRUCTURAL MUST ( cn $ nisMapEntry $ nisMapName ) MAY descri ption ) olcObjectClasses: {11}( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' DESC 'A device w ith a MAC address' SUP top AUXILIARY MAY macAddress ) olcObjectClasses: {12}( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' DESC 'A device with boot parameters' SUP top AUXILIARY MAY ( bootFile $ bootParameter ) ) structuralObjectClass: olcSchemaConfig entryUUID: eeea6a38-d26a-102d-8213-5fbab7f27ddf creatorsName: cn=config createTimestamp: 20090511113054Z entryCSN: 20090511113054.364338Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20090511113054Z
SCHEMA: cn={3}inetorgperson.ldif:
dn: cn={3}inetorgperson objectClass: olcSchemaConfig cn: {3}inetorgperson olcAttributeTypes: {0}( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC 'RFC279 8: vehicle license or registration plate' EQUALITY caseIgnoreMatch SUBSTR cas eIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {1}( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' DESC ' RFC2798: identifies a department within an organization' EQUALITY caseIgnoreM atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {2}( 2.16.840.1.113730.3.1.241 NAME 'displayName' DESC 'RFC 2798: preferred name to be used when displaying entries' EQUALITY caseIgnoreM atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI NGLE-VALUE ) olcAttributeTypes: {3}( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber' DESC 'RF C2798: numerically identifies an employee within an organization' EQUALITY ca seIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 SINGLE-VALUE ) olcAttributeTypes: {4}( 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC 'RFC2 798: type of employment for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgn oreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {5}( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'RFC2 798: a JPEG image' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 ) olcAttributeTypes: {6}( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' DESC 'RFC2798: preferred written or spoken language for a person' EQUALITY caseIg noreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 15 SINGLE-VALUE ) olcAttributeTypes: {7}( 2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate' D ESC 'RFC2798: PKCS#7 SignedData used to support S/MIME' SYNTAX 1.3.6.1.4.1.14 66.115.121.1.5 ) olcAttributeTypes: {8}( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC 'RFC2 798: personal identity information, a PKCS #12 PFX' SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.5 ) olcObjectClasses: {0}( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC 'RFC2 798: Internet Organizational Person' SUP organizationalPerson STRUCTURAL MAY ( audio $ businessCategory $ carLicense $ departmentNumber $ displayName $ em ployeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddress $ ini tials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ pager $ photo $ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIdentifier $ pre ferredLanguage $ userSMIMECertificate $ userPKCS12 ) ) structuralObjectClass: olcSchemaConfig entryUUID: eeea74c4-d26a-102d-8214-5fbab7f27ddf creatorsName: cn=config createTimestamp: 20090511113054Z entryCSN: 20090511113054.364338Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20090511113054Z
SCHEMA: cn={4}EduPerson.ldif:
dn: cn={4}EduPerson objectClass: olcSchemaConfig cn: {4}EduPerson olcObjectIdentifier: {0}MACE 1.3.6.1.4.1.5923.1 olcObjectIdentifier: {1}eduP MACE:1 olcObjectIdentifier: {2}eduPAttribute eduP:1 olcObjectIdentifier: {3}eduPObjClass eduP:2 olcObjectIdentifier: {4}eduO MACE:2 olcObjectIdentifier: {5}eduOAttribute eduO:1 olcObjectIdentifier: {6}eduOObjClass eduO:2 olcAttributeTypes: {0}( eduPAttribute:1 NAME 'eduPersonAffiliation' DESC 'eduP erson per Internet2 and EDUCAUSE' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.15 ) olcAttributeTypes: {1}( eduPAttribute:2 NAME 'eduPersonNickname' DESC 'eduPers on per Internet2 and EDUCAUSE' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.15 ) olcAttributeTypes: {2}( eduPAttribute:3 NAME 'eduPersonOrgDN' DESC 'eduPerson per Internet2 and EDUCAUSE' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.12 SINGLE-VALUE ) olcAttributeTypes: {3}( eduPAttribute:4 NAME 'eduPersonOrgUnitDN' DESC 'eduPer son per Internet2 and EDUCAUSE' EQUALITY distinguishedNameMatch SYNTAX 1.3.6. 1.4.1.1466.115.121.1.12 ) olcAttributeTypes: {4}( eduPAttribute:5 NAME 'eduPersonPrimaryAffiliation' DES C 'eduPerson per Internet2 and EDUCAUSE' EQUALITY caseIgnoreMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) olcAttributeTypes: {5}( eduPAttribute:6 NAME 'eduPersonPrincipalName' DESC 'ed uPerson per Internet2 and EDUCAUSE' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4 .1.1466.115.121.1.15 SINGLE-VALUE ) olcAttributeTypes: {6}( eduPAttribute:7 NAME 'eduPersonEntitlement' DESC 'eduP erson per Internet2 and EDUCAUSE' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.15 ) olcAttributeTypes: {7}( eduPAttribute:8 NAME 'eduPersonPrimaryOrgUnitDN' DESC 'eduPerson per Internet2 and EDUCAUSE' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) olcAttributeTypes: {8}( eduOAttribute:2 NAME 'eduOrgHomePageURI' DESC 'eduOrg per Internet2 and EDUCAUSE' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.15 ) olcAttributeTypes: {9}( eduOAttribute:3 NAME 'eduOrgIdentityAuthNPolicyURI' DE SC 'eduOrg per Internet2 and EDUCAUSE' EQUALITY caseExactMatch SYNTAX 1.3.6.1 .4.1.1466.115.121.1.15 ) olcAttributeTypes: {10}( eduOAttribute:4 NAME 'eduOrgLegalName' DESC 'eduOrg p er Internet2 and EDUCAUSE' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.15 ) olcAttributeTypes: {11}( eduOAttribute:5 NAME 'eduOrgSuperiorURI' DESC 'eduOrg per Internet2 and EDUCAUSE' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.15 ) olcAttributeTypes: {12}( eduOAttribute:6 NAME 'eduOrgWhitePagesURI' DESC 'eduO rg per Internet2 and EDUCAUSE' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.146 6.115.121.1.15 ) olcObjectClasses: {0}( eduPObjClass NAME 'eduPerson' AUXILIARY MAY ( eduPerson Affiliation $ eduPersonNickname $ eduPersonOrgDN $ eduPersonOrgUnitDN $ eduPe rsonPrimaryAffiliation $ eduPersonPrincipalName $ eduPersonEntitlement $ eduP ersonPrimaryOrgUnitDN ) ) olcObjectClasses: {1}( eduOObjClass NAME 'eduOrg' AUXILIARY MAY ( cn $ eduOrgH omePageURI $ eduOrgIdentityAuthNPolicyURI $ eduOrgLegalName $ eduOrgSuperiorU RI $ eduOrgWhitePagesURI ) ) structuralObjectClass: olcSchemaConfig entryUUID: eeea7d8e-d26a-102d-8215-5fbab7f27ddf creatorsName: cn=config createTimestamp: 20090511113054Z entryCSN: 20090511113054.364338Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20090511113054Z
SCHEMA: cn={5}norEduPerson.ldif:
dn: cn={5}norEduPerson objectClass: olcSchemaConfig cn: {5}norEduPerson olcAttributeTypes: {0}( 1.3.6.1.4.1.2428.90.1.5 NAME 'norEduPersonNIN' DESC 'N ational Identity Number, assigned by public authorities' EQUALITY caseIgnoreM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) olcAttributeTypes: {1}( 1.3.6.1.4.1.2428.90.1.4 NAME 'norEduPersonLIN' DESC 'L ocally defined unique identifier for a person' EQUALITY caseIgnoreMatch SUBST R caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {2}( 1.3.6.1.4.1.2428.90.1.6 NAME 'norEduOrgAcronym' DESC ' Acronym for the organization.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.15 ) olcAttributeTypes: {3}( 1.3.6.1.4.1.2428.90.1.3 NAME 'norEduPersonBirthDate' D ESC 'Birth date for a person.' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {4}( 1.3.6.1.4.1.2428.90.1.11 NAME 'norEduOrgSchemaVersion' DESC 'Version number of the norEdu schema used by the organization' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {5}( 1.3.6.1.4.1.2428.90.1.7 NAME 'norEduOrgUniqueIdentifie r' DESC 'Unique identifier describing the organization.' EQUALITY caseIgnoreM atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) olcAttributeTypes: {6}( 1.3.6.1.4.1.2428.90.1.8 NAME 'norEduOrgUnitUniqueIdent ifier' DESC 'Unique identifier describing the organizational unit.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) olcAttributeTypes: {7}( 1.3.6.1.4.1.2428.90.1.12 NAME 'norEduOrgNIN' DESC 'Ide ntifier assigned to the organization by public authorities' EQUALITY caseIgno reMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) olcAttributeTypes: {8}( 1.3.6.1.4.1.2428.90.1.1 NAME 'norEduOrgUniqueNumber' D ESC 'The number describing the institution.' EQUALITY integerMatch SYNTAX 1.3 .6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {9}( 1.3.6.1.4.1.2428.90.1.2 NAME 'norEduOrgUnitUniqueNumbe r' DESC 'The number describing the organizational unit.' EQUALITY integerMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {10}( 1.3.6.1.4.1.2428.90.1.9 NAME 'federationFeideSchemaVe rsion' DESC 'The norEdu scheme version used by the LDAP of the organization . ' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) olcObjectClasses: {0}( 1.3.6.1.4.1.2428.90.2.1 NAME 'norEduOrg' DESC 'Suppleme ntary attributes for an educational organization' AUXILIARY MAY ( norEduOrgUn iqueIdentifier $ norEduOrgNIN $ norEduOrgAcronym $ norEduOrgSchemaVersion $ d c $ mail $ labeledURI ) ) olcObjectClasses: {1}( 1.3.6.1.4.1.2428.90.2.2 NAME 'norEduOrgUnit' DESC 'Supp lementary attributes for a unit of an educational organization' AUXILIARY MAY ( norEduOrgUnitUniqueIdentifier $ norEduOrgAcronym $ cn $ mail $ labeledURI ) ) olcObjectClasses: {2}( 1.3.6.1.4.1.2428.90.2.3 NAME 'norEduPerson' DESC 'Suppl ementary attributes for a person affiliated with an educational organization' AUXILIARY MAY ( norEduPersonNIN $ norEduPersonLIN $ norEduPersonBirthDate ) ) olcObjectClasses: {3}( 1.3.6.1.4.1.2428.90.2.4 NAME 'norEduObsolete' DESC 'Att ributes obsoleted in norEdu 1.4 or later' AUXILIARY MAY ( norEduOrgUniqueNumb er $ norEduOrgUnitUniqueNumber $ federationFeideSchemaVersion ) ) structuralObjectClass: olcSchemaConfig entryUUID: eeea86ee-d26a-102d-8216-5fbab7f27ddf creatorsName: cn=config createTimestamp: 20090511113054Z entryCSN: 20090511113054.364338Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20090511113054Z
SCHEMA: cn={6}postfix.ldif:
dn: cn={6}postfix objectClass: olcSchemaConfig cn: {6}postfix olcAttributeTypes: {0}( 1.3.6.1.4.1.15347.2.102 NAME 'transport' SUP name ) olcAttributeTypes: {1}( 1.3.6.1.4.1.15347.2.101 NAME 'mailRoutingAddress' SUP mail ) olcAttributeTypes: {2}( 1.3.6.1.4.1.15347.2.110 NAME 'maildest' DESC 'Restrict ed to send only to local network' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreS ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) olcAttributeTypes: {3}( 1.3.6.1.4.1.15347.2.111 NAME 'mailaccess' DESC 'Can be mailed to restricted groups' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubst ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) olcAttributeTypes: {4}( 1.3.6.1.4.1.15347.2.100 NAME 'maildrop' DESC 'RFC1274: RFC822 Mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) olcAttributeTypes: {5}( 1.3.6.1.4.1.10018.1.1.1 NAME 'mailbox' DESC 'The absol ute path to the mailbox for a mail account in a non-default location' EQUALIT Y caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) olcObjectClasses: {0}( 1.3.6.1.4.1.15347.2.1 NAME 'mailUser' DESC 'E-Mail User ' SUP top AUXILIARY MUST ( uid $ mail $ maildrop ) MAY ( cn $ mailbox $ maild est $ mailaccess ) ) olcObjectClasses: {1}( 1.3.6.1.4.1.15347.2.2 NAME 'mailGroup' DESC 'E-Mail Gro up' SUP top STRUCTURAL MUST ( cn $ mail ) MAY ( mailRoutingAddress $ member $ description ) ) olcObjectClasses: {2}( 1.3.6.1.4.1.15347.2.3 NAME 'transportTable' DESC 'MTA T ransport Table' SUP top STRUCTURAL MUST ( cn $ transport ) ) structuralObjectClass: olcSchemaConfig entryUUID: eeea8e64-d26a-102d-8217-5fbab7f27ddf creatorsName: cn=config createTimestamp: 20090511113054Z entryCSN: 20090511113054.364338Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20090511113054Z
SCHEMA: cn={7}amavis.ldif:
dn: cn={7}amavis objectClass: olcSchemaConfig cn: {7}amavis olcAttributeTypes: {0}( 1.3.6.1.4.1.15312.2.2.1.1 NAME 'amavisVirusLover' DESC 'Virus Lover' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SING LE-VALUE ) olcAttributeTypes: {1}( 1.3.6.1.4.1.15312.2.2.1.2 NAME 'amavisBannedFilesLover ' DESC 'Banned Files Lover' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.7 SINGLE-VALUE ) olcAttributeTypes: {2}( 1.3.6.1.4.1.15312.2.2.1.3 NAME 'amavisBypassVirusCheck s' DESC 'Bypass Virus Check' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.11 5.121.1.7 SINGLE-VALUE ) olcAttributeTypes: {3}( 1.3.6.1.4.1.15312.2.2.1.4 NAME 'amavisBypassSpamChecks ' DESC 'Bypass Spam Check' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115. 121.1.7 SINGLE-VALUE ) olcAttributeTypes: {4}( 1.3.6.1.4.1.15312.2.2.1.5 NAME 'amavisSpamTagLevel' DE SC 'Spam Tag Level' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substring sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE ) olcAttributeTypes: {5}( 1.3.6.1.4.1.15312.2.2.1.6 NAME 'amavisSpamTag2Level' D ESC 'Spam Tag2 Level' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substri ngsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE ) olcAttributeTypes: {6}( 1.3.6.1.4.1.15312.2.2.1.7 NAME 'amavisSpamKillLevel' D ESC 'Spam Kill Level' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substri ngsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE ) olcAttributeTypes: {7}( 1.3.6.1.4.1.15312.2.2.1.8 NAME 'amavisSpamModifiesSubj ' DESC 'Modifies Subject on spam' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.7 SINGLE-VALUE ) olcAttributeTypes: {8}( 1.3.6.1.4.1.15312.2.2.1.9 NAME 'amavisWhitelistSender' DESC 'White List Sender' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Sub stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) olcAttributeTypes: {9}( 1.3.6.1.4.1.15312.2.2.1.10 NAME 'amavisBlacklistSender ' DESC 'Black List Sender' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Su bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) olcAttributeTypes: {10}( 1.3.6.1.4.1.15312.2.2.1.11 NAME 'amavisSpamQuarantine To' DESC 'Spam Quarantine to' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA 5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE ) olcAttributeTypes: {11}( 1.3.6.1.4.1.15312.2.2.1.12 NAME 'amavisSpamLover' DES C 'Spam Lover' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SING LE-VALUE ) olcAttributeTypes: {12}( 1.3.6.1.4.1.15312.2.2.1.13 NAME 'amavisBadHeaderLover ' DESC 'Bad Header Lover' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.7 SINGLE-VALUE ) olcAttributeTypes: {13}( 1.3.6.1.4.1.15312.2.2.1.14 NAME 'amavisBypassBannedCh ecks' DESC 'Bypass Banned Files Check' EQUALITY booleanMatch SYNTAX 1.3.6.1.4 .1.1466.115.121.1.7 SINGLE-VALUE ) olcAttributeTypes: {14}( 1.3.6.1.4.1.15312.2.2.1.15 NAME 'amavisBypassHeaderCh ecks' DESC 'Bypass Header Check' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.146 6.115.121.1.7 SINGLE-VALUE ) olcAttributeTypes: {15}( 1.3.6.1.4.1.15312.2.2.1.16 NAME 'amavisVirusQuarantin eTo' DESC 'Virus quarantine location' EQUALITY caseIgnoreIA5Match SUBSTR case IgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VAL UE ) olcAttributeTypes: {16}( 1.3.6.1.4.1.15312.2.2.1.17 NAME 'amavisBannedQuaranti neTo' DESC 'Banned Files quarantine location' EQUALITY caseIgnoreIA5Match SUB STR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SI NGLE-VALUE ) olcAttributeTypes: {17}( 1.3.6.1.4.1.15312.2.2.1.18 NAME 'amavisBadHeaderQuara ntineTo' DESC 'Bad Header quarantine location' EQUALITY caseIgnoreIA5Match SU BSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} S INGLE-VALUE ) olcAttributeTypes: {18}( 1.3.6.1.4.1.15312.2.2.1.19 NAME 'amavisLocal' DESC 'I s user considered local' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.7 SINGLE-VALUE ) olcAttributeTypes: {19}( 1.3.6.1.4.1.15312.2.2.1.20 NAME 'amavisMessageSizeLim it' DESC 'Message size limit' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA 5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE ) olcAttributeTypes: {20}( 1.3.6.1.4.1.15312.2.2.1.21 NAME 'amavisWarnVirusRecip ' DESC 'Notify virus recipients' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.146 6.115.121.1.7 SINGLE-VALUE ) olcAttributeTypes: {21}( 1.3.6.1.4.1.15312.2.2.1.22 NAME 'amavisWarnBannedReci p' DESC 'Notify banned file recipients' EQUALITY booleanMatch SYNTAX 1.3.6.1. 4.1.1466.115.121.1.7 SINGLE-VALUE ) olcAttributeTypes: {22}( 1.3.6.1.4.1.15312.2.2.1.23 NAME 'amavisWarnBadHeaderR ecip' DESC 'Notify bad header recipients' EQUALITY booleanMatch SYNTAX 1.3.6. 1.4.1.1466.115.121.1.7 SINGLE-VALUE ) olcAttributeTypes: {23}( 1.3.6.1.4.1.15312.2.2.1.24 NAME 'amavisVirusAdmin' DE SC 'Virus admin' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE ) olcAttributeTypes: {24}( 1.3.6.1.4.1.15312.2.2.1.25 NAME 'amavisNewVirusAdmin' DESC 'New virus admin' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subst ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE ) olcAttributeTypes: {25}( 1.3.6.1.4.1.15312.2.2.1.26 NAME 'amavisSpamAdmin' DES C 'Spam admin' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatc h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE ) olcAttributeTypes: {26}( 1.3.6.1.4.1.15312.2.2.1.27 NAME 'amavisBannedAdmin' D ESC 'Banned file admin' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subst ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE ) olcAttributeTypes: {27}( 1.3.6.1.4.1.15312.2.2.1.28 NAME 'amavisBadHeaderAdmin ' DESC 'Bad header admin' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Sub stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE ) olcAttributeTypes: {28}( 1.3.6.1.4.1.15312.2.2.1.29 NAME 'amavisBannedRuleName s' DESC 'Banned rule names' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5S ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) olcObjectClasses: {0}( 1.3.6.1.4.1.15312.2.2.2.1 NAME 'amavisAccount' DESC 'Am avisd Account' SUP top AUXILIARY MAY ( amavisVirusLover $ amavisBypassVirusCh ecks $ amavisSpamLover $ amavisBypassSpamChecks $ amavisBannedFilesLover $ am avisBypassBannedChecks $ amavisBadHeaderLover $ amavisBypassHeaderChecks $ am avisSpamTagLevel $ amavisSpamTag2Level $ amavisSpamKillLevel $ amavisWhitelis tSender $ amavisBlacklistSender $ amavisSpamQuarantineTo $ amavisVirusQuarant ineTo $ amavisBannedQuarantineTo $ amavisBadHeaderQuarantineTo $ amavisSpamMo difiesSubj $ amavisLocal $ amavisMessageSizeLimit $ amavisWarnVirusRecip $ am avisWarnBannedRecip $ amavisWarnBadHeaderRecip $ amavisVirusAdmin $ amavisNew VirusAdmin $ amavisSpamAdmin $ amavisBannedAdmin $ amavisBadHeaderAdmin $ ama visBannedRuleNames $ cn $ description ) ) structuralObjectClass: olcSchemaConfig entryUUID: eeea9b16-d26a-102d-8218-5fbab7f27ddf creatorsName: cn=config createTimestamp: 20090511113054Z entryCSN: 20090511113054.364338Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20090511113054Z
SCHEMA: cn={8}calendar.ldif:
dn: cn={8}calendar objectClass: olcSchemaConfig cn: {8}calendar olcAttributeTypes: {0}( 1.3.6.1.4.1.2672.1.1 NAME 'ctCalAccess' EQUALITY caseI gnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 .15 SINGLE-VALUE ) olcAttributeTypes: {1}( 1.3.6.1.4.1.2672.1.2 NAME 'ctCalAccessDomain' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.15 SINGLE-VALUE ) olcAttributeTypes: {2}( 1.3.6.1.4.1.2672.1.3 NAME 'ctCalAdmd' EQUALITY caseIgn oreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 5 SINGLE-VALUE ) olcAttributeTypes: {3}( 1.3.6.1.4.1.2672.1.4 NAME 'ctCalDefaultNoteReminder' E QUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1 466.115.121.1.15 SINGLE-VALUE ) olcAttributeTypes: {4}( 1.3.6.1.4.1.2672.1.5 NAME 'ctCalDefaultReminder' EQUAL ITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.15 SINGLE-VALUE ) olcAttributeTypes: {5}( 1.3.6.1.4.1.2672.1.6 NAME 'ctCalDefaultTaskReminder' E QUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1 466.115.121.1.15 SINGLE-VALUE ) olcAttributeTypes: {6}( 1.3.6.1.4.1.2672.1.7 NAME 'ctCalDisplayPrefs' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115 .121.1.15 SINGLE-VALUE ) olcAttributeTypes: {7}( 1.3.6.1.4.1.2672.1.8 NAME 'ctCalFlags' EQUALITY caseIg noreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 15 SINGLE-VALUE ) olcAttributeTypes: {8}( 1.3.6.1.4.1.2672.1.9 NAME 'ctCalHost' EQUALITY caseIgn oreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 5 SINGLE-VALUE ) olcAttributeTypes: {9}( 1.3.6.1.4.1.2672.1.10 NAME 'ctCalLanguageId' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115. 121.1.15 SINGLE-VALUE ) olcAttributeTypes: {10}( 1.3.6.1.4.1.2672.1.11 NAME 'ctCalNodeAlias' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115. 121.1.15 SINGLE-VALUE ) olcAttributeTypes: {11}( 1.3.6.1.4.1.2672.1.12 NAME 'ctCalNotifMechanism' EQUA LITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.15 SINGLE-VALUE ) olcAttributeTypes: {12}( 1.3.6.1.4.1.2672.1.13 NAME 'ctCalOperatingPrefs' EQUA LITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.15 SINGLE-VALUE ) olcAttributeTypes: {13}( 1.3.6.1.4.1.2672.1.14 NAME 'ctCalOrgUnit2' EQUALITY c aseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.15 SINGLE-VALUE ) olcAttributeTypes: {14}( 1.3.6.1.4.1.2672.1.15 NAME 'ctCalOrgUnit3' EQUALITY c aseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.15 SINGLE-VALUE ) olcAttributeTypes: {15}( 1.3.6.1.4.1.2672.1.16 NAME 'ctCalOrgUnit4' EQUALITY c aseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.15 SINGLE-VALUE ) olcAttributeTypes: {16}( 1.3.6.1.4.1.2672.1.17 NAME 'ctCalPasswordRequired' EQ UALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.15 SINGLE-VALUE ) olcAttributeTypes: {17}( 1.3.6.1.4.1.2672.1.18 NAME 'ctCalPrmd' EQUALITY caseI gnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 .15 SINGLE-VALUE ) olcAttributeTypes: {18}( 1.3.6.1.4.1.2672.1.19 NAME 'ctCalRefreshPrefs' EQUALI TY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.15 SINGLE-VALUE ) olcAttributeTypes: {19}( 1.3.6.1.4.1.2672.1.20 NAME 'ctCalResourceCapacity' EQ UALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.14 66.115.121.1.15 SINGLE-VALUE ) olcAttributeTypes: {20}( 1.3.6.1.4.1.2672.1.21 NAME 'ctCalResourceNumber' EQUA LITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466 .115.121.1.15 SINGLE-VALUE ) olcAttributeTypes: {21}( 1.3.6.1.4.1.2672.1.22 NAME 'ctCalServerVersion' EQUAL ITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.15 SINGLE-VALUE ) olcAttributeTypes: {22}( 1.3.6.1.4.1.2672.1.23 NAME 'ctCalSysopCanWritePasswor d' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4 .1.1466.115.121.1.15 SINGLE-VALUE ) olcAttributeTypes: {23}( 1.3.6.1.4.1.2672.1.24 NAME 'ctCalTimezone' EQUALITY c aseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.15 SINGLE-VALUE ) olcAttributeTypes: {24}( 1.3.6.1.4.1.2672.1.25 NAME 'ctCalXItemId' EQUALITY ca seIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 SINGLE-VALUE ) olcAttributeTypes: {25}( 1.3.6.1.4.1.2672.1.26 NAME 'ctCalOrgUnit1' EQUALITY c aseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.15 SINGLE-VALUE ) olcAttributeTypes: {26}( 1.3.6.1.4.1.2672.1.27 NAME 'ctCalOrganization' EQUALI TY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.15 SINGLE-VALUE ) olcAttributeTypes: {27}( 1.3.6.1.4.1.2672.1.28 NAME 'ctCalCountry' EQUALITY ca seIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 SINGLE-VALUE ) olcAttributeTypes: {28}( 1.3.6.1.4.1.2672.1.29 NAME 'ctCalMobileTelephoneType' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1 .1466.115.121.1.15 SINGLE-VALUE ) olcAttributeTypes: {29}( 1.3.6.1.4.1.2672.1.30 NAME 'ctCalPreferredSMSCTelepho neNumber' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1. 3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) olcAttributeTypes: {30}( 1.3.6.1.4.1.2672.1.31 NAME 'ctCalPublishedType' EQUAL ITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.15 SINGLE-VALUE ) olcAttributeTypes: {31}( 1.3.6.1.4.1.2672.1.32 NAME 'ctCalSMSTimeRange' EQUALI TY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.1 15.121.1.15 SINGLE-VALUE ) olcObjectClasses: {0}( 1.3.6.1.4.1.2672.3.1 NAME 'ctCalAdmin' DESC 'Object cla ss for calendar administrators' SUP top STRUCTURAL MUST ctCalXItemId MAY ( c $ cn $ facsimileTelephoneNumber $ generationQualifier $ givenName $ initials $ mail $ o $ ou $ postalAddress $ sn $ telephoneNumber $ userPassword $ ctCal Access $ ctCalAccessDomain $ ctCalAdmd $ ctCalFlags $ ctCalHost $ ctCalLangua geId $ ctCalNodeAlias $ ctCalOrgUnit2 $ ctCalOrgUnit3 $ ctCalOrgUnit4 $ ctCal PasswordRequired $ ctCalPrmd $ ctCalServerVersion $ ctCalSysopCanWritePasswor d $ ctCalOrgUnit1 $ ctCalOrganization $ ctCalCountry ) ) olcObjectClasses: {1}( 1.3.6.1.4.1.2672.3.2 NAME 'ctCalResource' DESC 'Object class for calendar resources' SUP top STRUCTURAL MUST ( cn $ ctCalXItemId ) M AY ( c $ facsimileTelephoneNumber $ givenName $ mail $ postalAddress $ sn $ t elephoneNumber $ userPassword $ ctCalAccess $ ctCalAccessDomain $ ctCalDefaul tNoteReminder $ ctCalDefaultReminder $ ctCalDefaultTaskReminder $ ctCalDispla yPrefs $ ctCalFlags $ ctCalHost $ ctCalLanguageId $ ctCalNodeAlias $ ctCalNot ifMechanism $ ctCalOperatingPrefs $ ctCalPasswordRequired $ ctCalServerVersio n $ ctCalSysopCanWritePassword $ ctCalRefreshPrefs $ ctCalResourceCapacity $ ctCalResourceNumber $ ctCalTimeZone ) ) olcObjectClasses: {2}( 1.3.6.1.4.1.2672.3.3 NAME 'ctCalUser' DESC 'Object clas s for calendar users' AUXILIARY MUST ctCalXItemId MAY ( c $ employeeNumber $ generationQualifier $ givenName $ mail $ facsimileTelephoneNumber $ o $ ou $ postalAddress $ title $ telephoneNumber $ ctCalAccess $ ctCalAccessDomain $ c tCalDefaultNoteReminder $ ctCalAdmd $ ctCalDefaultReminder $ ctCalDefaultTask Reminder $ ctCalDisplayPrefs $ ctCalFlags $ ctCalHost $ ctCalLanguageId $ ctC alNodeAlias $ ctCalNotifMechanism $ ctCalOperatingPrefs $ ctCalOrgUnit2 $ ctC alOrgUnit3 $ ctCalOrgUnit4 $ ctCalPasswordRequired $ ctCalServerVersion $ ctC alSysopCanWritePassword $ ctCalRefreshPrefs $ ctCalPrmd $ ctcalTimeZone $ ctC alXItemId $ ctCalOrgUnit1 $ ctCalOrganization $ ctCalCountry $ ctCalMobileTel ephoneType $ ctCalPreferredSMSCTelephoneNumber $ ctCalPublishedType $ ctCalSM STimeRange $ mobile ) ) structuralObjectClass: olcSchemaConfig entryUUID: eeeaaaca-d26a-102d-8219-5fbab7f27ddf creatorsName: cn=config createTimestamp: 20090511113054Z entryCSN: 20090511113054.364338Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20090511113054Z
SCHEMA: cn={9}ntnu.ldif:
dn: cn={9}ntnu objectClass: olcSchemaConfig cn: {9}ntnu olcObjectIdentifier: {0}NTNU 1.3.6.1.4.1.13207.2 olcObjectIdentifier: {1}ntnuAttribute NTNU:1 olcObjectIdentifier: {2}ntnuObjClass NTNU:2 olcObjectIdentifier: {3}ntnuAttrSynt NTNU:3 olcAttributeTypes: {0}( ntnuAttribute:1 NAME 'ntnuAccessCardId' DESC 'The id d escribing a NTNU accesscard.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.146 6.115.121.1.15 ) olcAttributeTypes: {1}( ntnuAttribute:2 NAME 'ntnuEduPersonScopedAffiliation' DESC 'What type of affiliation and where e.g. student@idi.ntnu.no' EQUALITY c aseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {2}( ntnuAttribute:3 NAME 'ntnuEduPersonScopedAffiliationEx piration' DESC 'Same as ntnuEduPersonScopedAffiliation, but has a comma and a date stamp appended to it. E.g. student@idi.ntnu.no,20080515' EQUALITY caseI gnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {3}( ntnuAttribute:4 NAME 'ntnuAccessCardId0' DESC 'The id describing a NTNU accesscard.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {4}( ntnuAttribute:5 NAME 'ntnuAccessCardId1' DESC 'The id describing a NTNU accesscard.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {5}( ntnuAttribute:6 NAME 'ntnuPrintDepartment' DESC 'Organizatory location for print users' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {6}( ntnuAttribute:7 NAME 'ntnuPrintHomeServer' DESC 'The print server prefered for this print user' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) olcObjectClasses: {0}( ntnuObjClass:1 NAME 'ntnuAccessCardHolder' DESC 'Supplementary local attributes.' AUXILIARY MUST uid MAY ( ntnuAccessCardId $ ntnuAccessCardId0 $ ntnuAccessCardId1 $ ntnuPrintDepartment $ ntnuPrintHomeServer ) ) olcObjectClasses: {1}( ntnuObjClass:2 NAME 'ntnuPerson' DESC 'Supplementary lo cal attributes.' AUXILIARY MUST uid MAY ( ntnuAccessCardId $ ntnuEduPersonSco pedAffiliation $ ntnuEduPersonScopedAffiliationExpiration $ norEduOrgAcronym ) ) olcObjectClasses: {2}( ntnuObjClass:3 NAME 'ntnuHiddenObject' DESC 'Objectlass used for Access Restrictions' AUXILIARY ) structuralObjectClass: olcSchemaConfig entryUUID: eeeab4a2-d26a-102d-821a-5fbab7f27ddf creatorsName: cn=config createTimestamp: 20090511113054Z entryCSN: 20090511113054.364338Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20090511113054Z
--On Tuesday, November 03, 2009 1:31 PM +0100 Christian Haugan Toldnes christian.toldnes@ntnu.no wrote:
I'm running openldap 2.4.9 (Ubuntu 8.04.3) in a N-way multimaster setup with two masters and two slaves.
Can anyone point me in the right direction here?
I'd suggest you upgrade to the latest stable release (2.4.19).
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
Quanah Gibson-Mount wrote:
--On Tuesday, November 03, 2009 1:31 PM +0100 Christian Haugan Toldnes christian.toldnes@ntnu.no wrote:
I'm running openldap 2.4.9 (Ubuntu 8.04.3) in a N-way multimaster setup with two masters and two slaves.
Can anyone point me in the right direction here?
I'd suggest you upgrade to the latest stable release (2.4.19).
I would have, if that version was provided by the distribution maintainers. However, it is not. Using a selv-maintained package, or even worse, building software directly on our production environment is not a very viable solution. Anyone with more than some experience in systems administration will tell you the same thing.
However, I resolved the issue. The bug does not manifest itself when using schemachecking=on for replication between the masters as well as between the masters and the slaves. Default in 2.4.9 is schemachecking=off, and that simply does not work well at all. I don't know what's the default in later versions.
So, after a few LDIF exports of the broken objects, and then importing them in again, the directory seems to be in good shape.
Kind regards
c
On 04/11/2009 12:19, Christian Haugan Toldnes wrote:
Quanah Gibson-Mount wrote:
--On Tuesday, November 03, 2009 1:31 PM +0100 Christian Haugan Toldnes christian.toldnes@ntnu.no wrote:
I'm running openldap 2.4.9 (Ubuntu 8.04.3) in a N-way multimaster setup with two masters and two slaves.
Can anyone point me in the right direction here?
I'd suggest you upgrade to the latest stable release (2.4.19).
I would have, if that version was provided by the distribution maintainers. However, it is not. Using a selv-maintained package, or even worse, building software directly on our production environment is not a very viable solution. Anyone with more than some experience in systems administration will tell you the same thing.
Just for information, Ubuntu does provide a 2.4.18 package, at least in their latest release. You would for sure be much better off with that, than 2.4.9 which does contain a fair number of bugs now fixed (especially in syncrepl).
See http://packages.ubuntu.com/karmic/slapd.
Regarding building or not building your own packages, there is an interesting discussion on the subject here: http://www.openldap.org/faq/data/cache/1456.html
Regards, Jonathan
--On Wednesday, November 04, 2009 2:33 PM +0100 Jonathan Clarke jonathan@phillipoux.net wrote:
On 04/11/2009 12:19, Christian Haugan Toldnes wrote:
Quanah Gibson-Mount wrote:
--On Tuesday, November 03, 2009 1:31 PM +0100 Christian Haugan Toldnes christian.toldnes@ntnu.no wrote:
I'm running openldap 2.4.9 (Ubuntu 8.04.3) in a N-way multimaster setup with two masters and two slaves.
Can anyone point me in the right direction here?
I'd suggest you upgrade to the latest stable release (2.4.19).
I would have, if that version was provided by the distribution maintainers. However, it is not. Using a selv-maintained package, or even worse, building software directly on our production environment is not a very viable solution. Anyone with more than some experience in systems administration will tell you the same thing.
In addition to what Jonathon notes, I've been a system administrator for years. And as a System administrator with years of experience, who has run LDAP servers for nearly a decade, I will tell you that you are very, very wrong, and very specifically that relying on distro provided builds of an LDAP server is a very fatal mistake.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
Quanah Gibson-Mount wrote:
--On Wednesday, November 04, 2009 2:33 PM +0100 Jonathan Clarke jonathan@phillipoux.net wrote:
On 04/11/2009 12:19, Christian Haugan Toldnes wrote:
Quanah Gibson-Mount wrote:
--On Tuesday, November 03, 2009 1:31 PM +0100 Christian Haugan Toldnes christian.toldnes@ntnu.no wrote:
I'm running openldap 2.4.9 (Ubuntu 8.04.3) in a N-way multimaster setup with two masters and two slaves.
Can anyone point me in the right direction here?
I'd suggest you upgrade to the latest stable release (2.4.19).
I would have, if that version was provided by the distribution maintainers. However, it is not. Using a selv-maintained package, or even worse, building software directly on our production environment is not a very viable solution. Anyone with more than some experience in systems administration will tell you the same thing.
In addition to what Jonathon notes, I've been a system administrator for years. And as a System administrator with years of experience, who has run LDAP servers for nearly a decade, I will tell you that you are very, very wrong, and very specifically that relying on distro provided builds of an LDAP server is a very fatal mistake.
As you are several people telling me this, and obviously more experienced in LDAP administration than I am, I will of course consider updating. I'm no hard-headed person, and am always open for changing my point of view when it's apparent they don't match reality.
I do have to wonder though; does this mean that it's commonly known in the LDAP community that distributiors are notoriously bad at maintaining LDAP server packages in general, as opposed to other software? Or do you consider this advice to be general to all server software, in which case I would have to disagree.. :)
kind regards
c
--On Wednesday, November 04, 2009 10:38 PM +0100 Christian Haugan Toldnes christian.toldnes@ntnu.no wrote:
I do have to wonder though; does this mean that it's commonly known in the LDAP community that distributiors are notoriously bad at maintaining LDAP server packages in general, as opposed to other software? Or do you consider this advice to be general to all server software, in which case I would have to disagree.. :)
Hi Christian,
It's very specific to the LDAP server. The main point for distro's is to provide the LDAP C Api libraries to other software, not for running a production quality level LDAP server. If you look at how frequently the releases are, whether it is OpenLDAP, FedoraDS/389, OpenDS, ApacheDS, etc, there are fairly continual modifications and bug fixes that are occurring to make sure the product is stable. You can generally get away with using the distro provided versions of the underlying software (bdb, cyrus-sasl, hiemdal or MIT kerberos, etc), but not for the LDAP layer.
I personally prefer to build it all myself. ;)
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
Christian Haugan Toldnes christian.toldnes@ntnu.no writes:
I do have to wonder though; does this mean that it's commonly known in the LDAP community that distributiors are notoriously bad at maintaining LDAP server packages in general, as opposed to other software? Or do you consider this advice to be general to all server software, in which case I would have to disagree.. :)
The pace of change of the OpenLDAP server is considerably faster than any distribution could hope to track in a stable release, and even faster than many unstable distributions can track if they do any significant QA on the packages and don't have a lot of manpower.
The clients and client libraries are much more stable and don't change nearly as fast as the server.
The server that comes with a distribution, particularly a stable release, is therefore always going to be significantly out of date, and is best thought of as a reasonable solution for limited purposes that involve no new features, no special perfomance requirements, and no behavior that's likely to trigger any rarely-used code paths or bugs. As soon as you start talking about advanced features like multi-master replication, or significant performance requirements, you're going to want to be running the fast-changing current code.
Christian Haugan Toldnes wrote:
Quanah Gibson-Mount wrote:
--On Tuesday, November 03, 2009 1:31 PM +0100 Christian Haugan Toldnes christian.toldnes@ntnu.no wrote:
I'm running openldap 2.4.9 (Ubuntu 8.04.3) in a N-way multimaster setup with two masters and two slaves.
Can anyone point me in the right direction here?
I'd suggest you upgrade to the latest stable release (2.4.19).
I would have, if that version was provided by the distribution maintainers. However, it is not. Using a selv-maintained package, or even worse, building software directly on our production environment is not a very viable solution. Anyone with more than some experience in systems administration will tell you the same thing.
We all know this mantra. But the fact that people keep repeating it without thinking about certain aspects does not make it really true.
So, after a few LDIF exports of the broken objects, and then importing them in again, the directory seems to be in good shape.
Glad you made this work. I'd still recommend to upgrade...
Ciao, Michael.
Michael Ströder wrote:
Christian Haugan Toldnes wrote:
So, after a few LDIF exports of the broken objects, and then importing them in again, the directory seems to be in good shape.
Glad you made this work. I'd still recommend to upgrade...
I'm inclined to do so, after it have become apparent that this is the general opinion on the matter, and especially since the servers seems to be on the rather fragile side under high replication load.
Ubuntu 9.10 comes with openldap 2.4.18 which can easily be recompiled on the 8.04.3 system we're currently standarized on. Would that suffice, or do I need to keep maintaining my own package with latest stable (2.4.x) openldap at all times?
kind regards
c
openldap-technical@openldap.org