Re: OpenLDAP 2.4.16: can not add multiple 'member' attributes to object groupOfNames

["O. Hartmann" <ohartman@zedat.fu-berlin.de>]

Michael Ströder wrote:
> O. Hartmann wrote:
> > I try to add multiple member attributes to an object of type
> > groupOfNames and I fail. The same is for objectClass groupOfUniqueNames.
> > Whenever I try to add the multi-attribute, I receive an error like
> > 'info: member: value #1 invalid per syntax, dec: invalid syntax'. I can
> > add exactly one attribute of type 'member' for this object.
>
> This diagnostic message says that the 2nd value does not conform to the
> syntax, here 'DistinguishedName' for attribute type 'member'. Maybe you
> could post the data you're trying to add?
>
> > Well, I'm confused, since this worked in older OpenLDAP versions (I'm
> > now using 2.4.16).
>
> It might be that very old versions of OpenLDAP (prior 2.3) were more
> loose on some syntax checking. But if the attribute values of 'member'
> are all valid DNs there should not be any problem.
>
> > The client(s) I try to add attributes are 'ldapadd'
> > with a regular LDIF file (file works well if only ONE member-attribute
> > is specified), LUMA and LAM. All have their described problems.
>
> That's because the OpenLDAP server rejects the input data as invalid.
>
> Ciao, Michael.


Yes, indeed, I tried 'dummy' values and then it worked. Well, why is 
"member: port=5432" syntactically invalid? I follow the guideline in the 
PostgreSQL 8.4 handbook for LDAP authentication (found here: 
http://www.postgresql.org/docs/8.4/interactive/libpq-ldap.html) and 
since objectclass:groupOfUniqueNames is supposed to be bogus in OpenLDAP 
2.4 I tried changing it. Strange.

Oliver