[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: passwd sync dirxml -> openldap - ;binary syntax

To: "Sebastian Pein" <Pein@infinity-networks.de>
Subject: Re: passwd sync dirxml -> openldap - ;binary syntax
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Sat, 18 Oct 2003 10:31:28 -0700
Cc: <OpenLDAP-software@OpenLDAP.org>
In-reply-to: <5D22E90018422F41889B5371C7EACD383194@insrv02.infinity.loca l>
References: <5D22E90018422F41889B5371C7EACD383194@insrv02.infinity.local>

I would guess (and since I have zero knowledge of Novell's dirxml
product) that you somehow misconfigured dirxml such that it thinks
values of userPassword are BER encoded (as indicated by the use
of the ;binary option).  userPassword values are normally transferred
using the LDAP string encoding for OCTET STRING (the OCTET STRING itself).
Most likely someone marked userPassword as needing ;binary transfer
not understanding what ;binary transfer means to LDAP.

Anyways, as most every LDAP server on the planet would not grok
userPassword;binary, this is likely a common problem with the use
of dirxml.  Hence, I suggest you take your enquiry to a forum
specific to dirxml.

You can, of course, hack OpenLDAP Software (e.g., modify the source)
to do whatever you want it to.  But it likely more appropriate (and
likely easier) to change the client software to use userPassword
without ;binary.

Kurt

At 06:21 AM 10/17/2003, Sebastian Pein wrote:
>hi list.
> 
>im about to implement a datasync between nds8.7 (novell edirectory) and openldap. creating and modifying objects in nds and the resulting action in openldap directory works fine.
> 
>but i ran into one problem (indeed i think it's not a problem but a config issue), that was mentioned on this list before.
> 
><http://www.openldap.org/lists/openldap-software/200212/msg00072.html>http://www.openldap.org/lists/openldap-software/200212/msg00072.html
> 
>i was not able to get required information out of that posting. <mailto:kurt@openldap.org>kurt@openldap.org spoke of hacking the server. i am not too deep into "hacking", thus i am not sure if i have to edit sourcecode, or hacking means a non-desirable configfile.
> 
> 
>my problem:
> 
>when chaning a password of a user-object in nds, dirxml will try to modify the userPassword-attribute of that object in my ldap-tree. but dirxml tries that with ;binary syntax. the result is this error in the log and a not modified userPassword.
> 
>"date,... conn=1 op=1 RESULT tag=103 err=17 text=userPassword;binary: option "binary" with type not supported"
> 
>because of this error, userPassword;binary is not recognized as userPassword attribute and the action fails with unknown attribute type.
> 
>is it possible to force slapd to accept that syntax? does anyone know how i could change the format of the string sent too slapd in the modify/add statement? as far as i got, the doc of novell says that dirxml cannot transform data formats. however is it possible to write and plugin xslt stylesheets that will do transformations of the xlm documents sent to the dirxml ldap driver. i don't know what to put in that file.
> 
>thanks for any ideas
>astian pe        --
> 
>        sebastian pein
>        netzwerkmanagement
>        infinity networks gmbh
> 
>  mail  <mailto:pein@infinity-networks.de>pein@infinity-networks.de
>   web  <http://www.infinity-networks.de/>www.infinity-networks.de
>   tel  +49-6104-68363-120
>   fax  +49-6104-68363-199
>   mob  +49-163-68363-01
>

Follow-Ups:
- Contacts schema
  - From: "Jason C. Leach" <jleach@ocis.net>

References:
- passwd sync dirxml -> openldap - ;binary syntax
  - From: "Sebastian Pein" <Pein@infinity-networks.de>

Prev by Date: Re: ldapsearch fail with Active Directory...
Next by Date: Contacts schema
Index(es):
- Chronological
- Thread