OpenLDAP
Up to top level
Archive.Build   Archive.Contrib   Archive.Development   Archive.Documentation   Archive.Historical   Archive.Incoming   Archive.Software Bugs   Archive.Software Enhancements   Archive.Web   Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Archive.Software Enhancements/851
Full headers

From: markwhitehouse@home.com
Subject: ManageDsaIT and multiple namingContexts
Compose comment
Download message
State:
0 replies:
3 followups: 1 2 3

Major security issue: yes  no

Notes:

Notification:


Date: Fri, 20 Oct 2000 16:33:08 GMT
From: markwhitehouse@home.com
To: openldap-its@OpenLDAP.org
Subject: ManageDsaIT and multiple namingContexts
Full_Name: Mark Whitehouse
Version: 2.0.6
OS: RH Linux 6.2
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (24.0.41.53)


Enhancement request:
  Extend the ManageDsaIT control to be able to handle multiple namingContext's.

When adding entries into a server with multiple namingContext's it is sometimes
necessary to be able to specify the namingContext for which the add should be
applied.  A particular example using referrals is taken from the OpenLDAP
newsgroup:

At 08:59 AM 10/2/00 -0700, Mark Whitehouse wrote:

>>
>>Assume I have multiple namingContexts on one server i.e.
>>
>>  database ldbm
>>  suffix "ou=people,dc=foo,dc=com"
>>  directory /var/ldbm/foo-people
>>  index objectclass eq
>>
>>  database ldbm
>>  suffix "ou=devices,dc=foo,dc=com"
>>  directory /var/ldbm/foo-devices
>>  index objectclass eq
>>
>>  database ldbm
>>  suffix "dc=foo,dc=com"
>>  directory /var/ldbm/foo
>>  index objectclass eq
>>
>>How do I create the referrals in the third namingContext, which refer
the
>>entries in the first and second.  I need to be able to add the following
>>referral entries to the third naming context:
>>
>>  dn: ou=devices,dc=foo,dc=com
>>  ou: devices
>>  ref: ldap://localhost/ou=devices,dc=foo,dc=com
>>  objectclass: referral
>>  objectclass: extensibleObject
>>
>>  dn: ou=people,dc=foo,dc=com
>>  ou: devices
>>  ref: ldap://localhost/ou=people,dc=foo,dc=com
>>  objectclass: referral
>>  objectclass: extensibleObject
>>
>>However, as far as I can see there is no way to specify a namingContext
to
>>use when performing an ldapadd operation.
 
Kurt D. Zeilenga replies:

>The easiest way to do this is to bring up slapd with only the
>one suffix "dc=foo,dc=com", add the two referral objects,
>and then restart the server with the full configuration.
>
>This really should be handled by our ManageDsaIT code, but
>isn't (yet).

Followup 1

Download message
Date: Tue, 31 Oct 2000 12:03:35 -0800
To: openldap-its@OpenLDAP.org
From: "Mark Whitehouse" <markwhitehouse@home.com> (by way of "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>)
Subject: RE: ManageDsaIT and multiple namingContexts  (ITS#851)
Thanks.  Yes I will test.  Do you have any information on how the
enhancement works from the LDAP C API?  i.e. how do I specify that I want an
LDAP operation to apply to a particular namingContext...

-----Original Message-----
From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org]
Sent: Monday, October 30, 2000 3:12 PM
To: markwhitehouse@home.com
Subject: Re: ManageDsaIT and multiple namingContexts (ITS#851)


HEAD and OPENLDAP_REL_ENG_2 both contain code which provides
improved ManageDsaIt handling.  Please test.

At 04:33 PM 10/20/00 +0000, you wrote:
>Full_Name: Mark Whitehouse
>Version: 2.0.6
>OS: RH Linux 6.2
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (24.0.41.53)
>
>
>Enhancement request:
>  Extend the ManageDsaIT control to be able to handle multiple
namingContext's.
>
>When adding entries into a server with multiple namingContext's it is
sometimes
>necessary to be able to specify the namingContext for which the add should
be
>applied.  A particular example using referrals is taken from the OpenLDAP
>newsgroup:
>
>At 08:59 AM 10/2/00 -0700, Mark Whitehouse wrote:
>
>>>
>>>Assume I have multiple namingContexts on one server i.e.
>>>
>>>  database ldbm
>>>  suffix "ou=people,dc=foo,dc=com"
>>>  directory /var/ldbm/foo-people
>>>  index objectclass eq
>>>
>>>  database ldbm
>>>  suffix "ou=devices,dc=foo,dc=com"
>>>  directory /var/ldbm/foo-devices
>>>  index objectclass eq
>>>
>>>  database ldbm
>>>  suffix "dc=foo,dc=com"
>>>  directory /var/ldbm/foo
>>>  index objectclass eq
>>>
>>>How do I create the referrals in the third namingContext, which
refer the
>>>entries in the first and second.  I need to be able to add the
following
>>>referral entries to the third naming context:
>>>
>>>  dn: ou=devices,dc=foo,dc=com
>>>  ou: devices
>>>  ref: ldap://localhost/ou=devices,dc=foo,dc=com
>>>  objectclass: referral
>>>  objectclass: extensibleObject
>>>
>>>  dn: ou=people,dc=foo,dc=com
>>>  ou: devices
>>>  ref: ldap://localhost/ou=people,dc=foo,dc=com
>>>  objectclass: referral
>>>  objectclass: extensibleObject
>>>
>>>However, as far as I can see there is no way to specify a
namingContext
to
>>>use when performing an ldapadd operation.
>
>Kurt D. Zeilenga replies:
>
>>The easiest way to do this is to bring up slapd with only the
>>one suffix "dc=foo,dc=com", add the two referral objects,
>>and then restart the server with the full configuration.
>>
>>This really should be handled by our ManageDsaIT code, but
>>isn't (yet).



Followup 2

Download message
Date: Tue, 31 Oct 2000 12:15:24 -0800
To: markwhitehouse@home.com
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: RE: ManageDsaIT and multiple namingContexts  (ITS#851)
Cc: openldap-its@OpenLDAP.org
At 08:03 PM 10/31/00 +0000, markwhitehouse@home.com wrote:
>Thanks.  Yes I will test.  Do you have any information on how the
>enhancement works from the LDAP C API?

The enhancement is that OpenLDAP's manageDSAit support is more
consistent with the specification (which is "a work in progress").
The changes are server side, no C API changes needed.

>i.e. how do I specify that I want an
>LDAP operation to apply to a particular namingContext...

You don't.  Like before, you specify that the operation manages
the DSA information tree.  If the requested DN is at the root
of a context and the server holds a subordinate context, the
server processes the operation in the subordinate context.

Kurt



Followup 3

Download message
Date: Thu, 7 Dec 2000 13:27:23 -0800 (PST)
From: Mark Whitehouse <markwhitehouse@yahoo.com>
Subject: RE: ManageDsaIT and multiple namingContexts  (ITS#851)
To: Kurt@OpenLDAP.org, openldap-its@OpenLDAP.org
--0-1102520059-976224443=:3737
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Just got around to testing this today (sorry for the delay)...

I installed 2.0.7 and I still can't add a referral when multiple
namingContext's are active.  

I have attached a tar file with an example slapd.conf and a couple of
scripts to illustrate the problem.  After copying the slapd.conf file
and creating the db dirs (/var/ldbm/foo, /var/ldbm/foo-people,
/var/ldbm/foo-devices) run:

  > ./addinit.bat
  > ./addref.bat

Although the results of the addref.bat script indicate that an entry
has been added, it is nowhere to be found in the directory.  Looking at
the DB dirs it looks like the entry has been added to the foo-people
db.

Mark

--- Kurt@OpenLDAP.org wrote:
> At 08:03 PM 10/31/00 +0000, markwhitehouse@home.com wrote:
> >Thanks.  Yes I will test.  Do you have any information on how the
> >enhancement works from the LDAP C API?
> 
> The enhancement is that OpenLDAP's manageDSAit support is more
> consistent with the specification (which is "a work in progress").
> The changes are server side, no C API changes needed.
> 
> >i.e. how do I specify that I want an
> >LDAP operation to apply to a particular namingContext...
> 
> You don't.  Like before, you specify that the operation manages
> the DSA information tree.  If the requested DN is at the root
> of a context and the server holds a subordinate context, the
> server processes the operation in the subordinate context.
> 
> Kurt
> 
> 
> 
> 


__________________________________________________
Do You Yahoo!?
Yahoo! Shopping - Thousands of Stores. Millions of Products.
http://shopping.yahoo.com/
--0-1102520059-976224443=:3737
Content-Type: application/x-tar; name="ol851.tar"
Content-Transfer-Encoding: base64
Content-Description: ol851.tar
Content-Disposition: attachment; filename="ol851.tar"

YWRkaW5pdC5iYXQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAADAxMDA3NzUAMDAwMDc2NAAwMDAwNzY0ADAwMDAwMDAwMDU1
ADA3MjEzNzc3MzI0ADAxMTY2MgAgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB1c3RhciAgAG1hcmsA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbWFyawAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAABsZGFwYWRkIC1EICJkYz1mb28sZGM9Y29tIiAt
VyA8IGFkZGluaXQubGRpZgoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGFkZGluaXQubGRp
ZgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAw
MTAwNjY0ADAwMDA3NjQAMDAwMDc2NAAwMDAwMDAwMDEzNgAwNzIxMzc3NzMy
NAAwMTIwMjcAIDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAdXN0YXIgIABtYXJrAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAG1hcmsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAZG46ICBkYz1mb28sIGRjPWNvbQpkYzogIGZvbwpvOiAgIGZvbyBj
b3JwCm9iamVjdGNsYXNzOiAgb3JnYW5pemF0aW9uCm9iamVjdGNsYXNzOiAg
ZGNPYmplY3QKCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAABhZGRyZWYuYmF0AAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDEwMDc3NQAwMDAw
NzY0ADAwMDA3NjQAMDAwMDAwMDAwNjQAMDcyMTM3NzczMjQAMDExNDczACAw
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

Message of length 15884 truncated

Up to top level
Archive.Build   Archive.Contrib   Archive.Development   Archive.Documentation   Archive.Historical   Archive.Incoming   Archive.Software Bugs   Archive.Software Enhancements   Archive.Web   Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org