[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#5296) Search netgroup by triple don't report existing entry
This is a multi-part message in MIME format.
------_=_NextPart_001_01C84874.F71A55E7
Content-Type: multipart/alternative;
boundary="----_=_NextPart_002_01C84874.F71A55E7"
------_=_NextPart_002_01C84874.F71A55E7
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Hi Howard,
=20
thank you for your answer, though I found it severe and not very
constructive.
I finally found the solution at:
http://www.openldap.org/lists/openldap-software/200501/msg00309.html
=20
Since people have been having problems with this case for at least 2
years now, I think it's worth to put the solution in this ITS entry:
To allow searching for netgroups by triple, possibly using wildcards,
you have to change the nis.schema which comes with openldap as follows:
attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple'
DESC 'Netgroup triple'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
# EQUALITY and SUBSTR directives added, SYNTAX changed.
Jean-Louis.
=20
=20
------_=_NextPart_002_01C84874.F71A55E7
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2900.3157" name=3DGENERATOR></HEAD>
<BODY>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D015592610-27122007>Hi=20
Howard,</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D015592610-27122007></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D015592610-27122007>thank =
you for your=20
answer, though I found it severe and not very =
constructive.</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D015592610-27122007>I =
finally found the=20
solution at:</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D015592610-27122007><A=20
href=3D"http://www.openldap.org/lists/openldap-software/200501/msg00309.h=
tml">http://www.openldap.org/lists/openldap-software/200501/msg00309.html=
</A></SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D015592610-27122007></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D015592610-27122007>Since =
people have=20
been having problems with this case for at least 2 years now, I think =
it's worth=20
to put the solution in this ITS entry:</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D015592610-27122007>To =
allow searching=20
for netgroups by triple, possibly using wildcards, you have to change =
the=20
nis.schema which comes with openldap as follows:</SPAN></FONT></DIV>
<DIV><FONT face=3DArial><SPAN class=3D015592610-27122007><FONT =
face=3DCourier=20
size=3D2>attributetype ( 1.3.6.1.1.1.1.14 NAME=20
'nisNetgroupTriple'<BR> =
DESC=20
'Netgroup triple'<BR> =
EQUALITY=20
caseIgnoreIA5Match<BR> =
SUBSTR=20
caseIgnoreIA5SubstringsMatch<BR>  =
; =20
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 =
)<BR></FONT></SPAN></FONT><FONT><SPAN=20
class=3D015592610-27122007><FONT face=3DArial size=3D2># EQUALITY and =
SUBSTR=20
directives added, SYNTAX changed.<BR></FONT></SPAN></FONT></DIV>
<DIV><FONT><SPAN class=3D015592610-27122007><FONT face=3DArial=20
size=3D2>Jean-Louis.</DIV></FONT></SPAN></FONT>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D015592610-27122007></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D015592610-27122007></SPAN></FONT> </DIV></BODY></HTML>
------_=_NextPart_002_01C84874.F71A55E7--
------_=_NextPart_001_01C84874.F71A55E7
Content-Type: message/rfc822
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft Exchange V6.5
Received: from corpussmtp3.corp.emc.com ([10.254.64.53]) by CORPUSMX40A.corp.emc.com with Microsoft SMTPSVC(6.0.3790.1830); Sat, 22 Dec 2007 14:37:19 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_003_01C844D2.10754180"
Received: from mexforwardwc.lss.emc.com ([137.69.224.88]) by corpussmtp3.corp.emc.com with Microsoft SMTPSVC(6.0.3790.1830); Sat, 22 Dec 2007 14:37:18 -0500
Received: from mailhubwc.lss.emc.com (buto.lss.emc.com [137.69.224.85]) by mexforwardwc.lss.emc.com (Switch-3.2.5/Switch-3.1.7) with ESMTP id lBMJbHUf027151 for <rochette_jean-louis@mail.corp.emc.com>; Sat, 22 Dec 2007 11:37:18 -0800 (PST)
Received: from wcigw.emc.com (mania.lss.emc.com [137.69.120.85]) by mailhubwc.lss.emc.com (Switch-3.2.5/Switch-3.1.7) with ESMTP id lBMJbGv6004264 for <rochette_jean-louis@mailhubwc.lss.emc.com>; Sat, 22 Dec 2007 11:37:16 -0800 (PST)
Received: from mail223-sin-R.bigfish.com (mail-sin.bigfish.com [207.46.51.74]) by wcigw.emc.com (Switch-3.2.5/Switch-3.1.7) with ESMTP id lBMJbEUj029749 for <rochette_jean-louis@emc.com>; Sat, 22 Dec 2007 11:37:14 -0800
Received: from mail223-sin (localhost.localdomain [127.0.0.1]) by mail223-sin-R.bigfish.com (Postfix) with ESMTP id 3A57E13D8164 for <rochette_jean-louis@emc.com>; Sat, 22 Dec 2007 19:35:31 +0000 (UTC)
Received: by mail223-sin (MessageSwitch) id 1198352127927900_27242; Sat, 22 Dec 2007 19:35:27 +0000 (UCT)
Received: from highlandsun.propagation.net (highlandsun.propagation.net [66.221.212.168]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail223-sin.bigfish.com (Postfix) with ESMTP id 231FF1830077 for <rochette_jean-louis@emc.com>; Sat, 22 Dec 2007 19:35:22 +0000 (UTC)
Received: from [127.0.0.1] (highlandsun.com [66.221.212.169]) by highlandsun.propagation.net (8.13.3/8.13.3) with ESMTP id lBMJacMH015224; Sat, 22 Dec 2007 13:36:39 -0600
Content-class: urn:content-classes:message
Subject: Re: (ITS#5296) Search netgroup by triple don't report existing entry
Date: Sat, 22 Dec 2007 14:29:35 -0500
Message-ID: <476D659F.3070508@symas.com>
In-Reply-To: <200712211137.lBLBbcIP071531@boole.openldap.org>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: (ITS#5296) Search netgroup by triple don't report existing entry
thread-index: AchE0hDhl1cnpViATYaYO5itS8oD6g==
References: <200712211137.lBLBbcIP071531@boole.openldap.org>
From: <hyc@symas.com>
To: <Rochette_Jean-Louis@emc.com>
Cc: <openldap-its@openldap.org>
This is a multi-part message in MIME format.
------_=_NextPart_003_01C844D2.10754180
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
rochette_jean-louis@emc.com wrote:
> Full_Name: Jean-Louis ROCHETTE
> Version: 2.3.39
> OS: Linux Fedora
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (152.62.109.163)
>=20
>=20
> Brief description of the problem
> --------------------------------
> Lookup of a netgroup by triple doesn't work in last stable release =
slapd 2.3.39,
> though it worked well with slapd 2.3.27.
> This looks like a regression in slapd.
> This should be easy to reproduce.
> The problem was first noticed in slapd 2.3.30.
> The lookup by triple succeeds with a iPlanet server.
There are no matching rules defined for nisNetgroupTriple in nis.schema. =
There=20
have never been, since RFC2307 doesn't define any. As such, filtering by =
nisNetgroupTriple is totally undefined. Any server that returns your =
expected=20
result using the search filter you provide is broken.
There is no regression here. Your distro vendor may have hacked their =
own=20
schema files to provide one, that's an issue for you to discuss with =
your=20
vendor. This ITS will be closed.
--=20
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
------_=_NextPart_003_01C844D2.10754180
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
6.5.7652.24">
<TITLE>Re: (ITS#5296) Search netgroup by triple don't report existing =
entry</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<P><FONT SIZE=3D2>rochette_jean-louis@emc.com wrote:<BR>
> Full_Name: Jean-Louis ROCHETTE<BR>
> Version: 2.3.39<BR>
> OS: Linux Fedora<BR>
> URL: <A =
HREF=3D"ftp://ftp.openldap.org/incoming/";>ftp://ftp.openldap.org/incoming=
/</A><BR>
> Submission from: (NULL) (152.62.109.163)<BR>
><BR>
><BR>
> Brief description of the problem<BR>
> --------------------------------<BR>
> Lookup of a netgroup by triple doesn't work in last stable release =
slapd 2.3.39,<BR>
> though it worked well with slapd 2.3.27.<BR>
> This looks like a regression in slapd.<BR>
> This should be easy to reproduce.<BR>
> The problem was first noticed in slapd 2.3.30.<BR>
> The lookup by triple succeeds with a iPlanet server.<BR>
<BR>
There are no matching rules defined for nisNetgroupTriple in nis.schema. =
There<BR>
have never been, since RFC2307 doesn't define any. As such, filtering =
by<BR>
nisNetgroupTriple is totally undefined. Any server that returns your =
expected<BR>
result using the search filter you provide is broken.<BR>
<BR>
There is no regression here. Your distro vendor may have hacked their =
own<BR>
schema files to provide one, that's an issue for you to discuss with =
your<BR>
vendor. This ITS will be closed.<BR>
--<BR>
-- Howard Chu<BR>
Chief Architect, Symas Corp. <A =
HREF=3D"http://www.symas.com";>http://www.symas.com</A><BR>
Director, Highland =
Sun <A =
HREF=3D"http://highlandsun.com/hyc/";>http://highlandsun.com/hyc/</A><BR>
Chief Architect, OpenLDAP <A =
HREF=3D"http://www.openldap.org/project/";>http://www.openldap.org/project=
/</A><BR>
<BR>
</FONT>
</P>
</BODY>
</HTML>
------_=_NextPart_003_01C844D2.10754180--
------_=_NextPart_001_01C84874.F71A55E7--