[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: (ITS#4670) Problem with nisNetgroupTriple SYNTAX definition according to Sun support

To: openldap-its@OpenLDAP.org
Subject: RE: (ITS#4670) Problem with nisNetgroupTriple SYNTAX definition according to Sun support
From: quanah@stanford.edu
Date: Mon, 11 Sep 2006 19:48:42 GMT


--On Monday, September 11, 2006 7:15 PM +0000 nneul@umr.edu wrote:

> Maybe I'm not understanding something clearly...
>
> I see that nisNetgroupTripleSyntax is 1.3.6.1.1.1.0.0 according to
> RFC2307, and that is how it is defined in the nis.schema file from
> openldap. What I don't see is any definition of 1.3.6.1.1.1.0.0.


<http://www.alvestrand.no/objectid/1.3.6.1.1.1.0.0.html>

> If nisNetgroupTripleSyntax were a simple string value, that might be
> fine, but in the spec it is a 3 valued sequence:
>
>         nisNetgroupTripleSyntax ::= SEQUENCE {
>          hostname  [0] IA5String OPTIONAL,
>          username  [1] IA5String OPTIONAL,
>          domainname  [2] IA5String OPTIONAL
>         }
>
> How is that represented in openldap?
>
> I do see this at the top of nis.schema:
>
># Syntaxes are under 1.3.6.1.1.1.0 (two new syntaxes are defined)
>#       validaters for these syntaxes are incomplete, they only
>#       implement printable string validation (which is good as the
>#       common use of these syntaxes violates the specification).
>
> So, here's what I'm unclear on is what the behavior of searches will be?
> I know that the solaris client sending requests to search for netgroup
> membership is not parsing properly - it looked like it was searching as
> a single string with embedded encoding characters, which obviously isn't
> going to match anything.
>
> As soon as we made that change on the server side, the searches were
> parsed properly with no change at all to the data contained in the
> database.
>
> Is it perhaps that the nisNetgroupTripleValidate routine in
> servers/slapd/schema_init.c needs to be enhanced and they just gave us
> that different syntax as a workaround? i.e. is it possible that the
> validate routine is treating a valid/common query on that attribute as
> invalid?

There is a reason RFC2307 is an *experimental* schema.  Since the syntaxes, 
etc, are not currently defined, there is no way for them to be interpreted.

--Quanah


--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

Prev by Date: RE: (ITS#4670) Problem with nisNetgroupTriple SYNTAX definition according to Sun support
Next by Date: RE: (ITS#4670) Problem with nisNetgroupTriple SYNTAX definition according to Sun support
Index(es):
- Chronological
- Thread