Full_Name: Quanah Gibson-Mount Version: 2.4.35 OS: Linux 2.6 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (75.111.58.125) If the root of the primary database is "", and you try and export a base that doesn't exist via slapcat, the entire database is exported (i.e., it acts like you specified "" as the base): [root@zcs724 ldap]# /opt/zimbra/openldap/sbin/slapcat -b cn=ThisDoesntExist -F /opt/zimbra/data/ldap/config -l /tmp/q.test dn: cn=zimbra objectClass: organizationalRole description: Zimbra Systems Application Data cn: zimbra structuralObjectClass: organizationalRole entryUUID: 1f75edee-6b87-1032-961f-b17f0b52f5bc creatorsName: cn=config createTimestamp: 20130617104800Z entryCSN: 20130617104800.311168Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20130617104800Z dn: cn=admins,cn=zimbra objectClass: organizationalRole description: admin accounts cn: admins structuralObjectClass: organizationalRole entryUUID: 1f7d451c-6b87-1032-9620-b17f0b52f5bc creatorsName: cn=config createTimestamp: 20130617104800Z entryCSN: 20130617104800.359221Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20130617104800Z dn: uid=zimbra,cn=admins,cn=zimbra uid: zimbra objectClass: zimbraAccount objectClass: organizationalPerson cn: zimbra sn: zimbra zimbraAccountStatus: active zimbraIsAdminAccount: TRUE zimbraIsSystemResource: TRUE zimbraId: e0fafd89-1360-11d9-8661-000a95d98ef2 description: The master zimbra admin account userPassword:: text= structuralObjectClass: organizationalPerson entryUUID: 1f7e29e6-6b87-1032-9621-b17f0b52f5bc creatorsName: cn=config createTimestamp: 20130617104800Z zimbraLastLogonTimestamp: 20131202121011Z entryCSN: 20131202121011.054477Z#000000#000#000000 modifiersName: uid=zimbra,cn=admins,cn=zimbra modifyTimestamp: 20131202121011Z (etc)
quanah@OpenLDAP.org wrote: > Full_Name: Quanah Gibson-Mount > Version: 2.4.35 > OS: Linux 2.6 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (75.111.58.125) > > > If the root of the primary database is "", and you try and export a base that > doesn't exist via slapcat, the entire database is exported (i.e., it acts like > you specified "" as the base): Works as designed. -b selects the backend that matches the DN you provided. A backend with suffix "" matches anything that nothing more specific matched. If you wanted to filter down to a specific branch, you should have used -s. Closing this ITS. > > [root@zcs724 ldap]# /opt/zimbra/openldap/sbin/slapcat -b cn=ThisDoesntExist -F > /opt/zimbra/data/ldap/config -l /tmp/q.test > > dn: cn=zimbra > objectClass: organizationalRole > description: Zimbra Systems Application Data > cn: zimbra > structuralObjectClass: organizationalRole > entryUUID: 1f75edee-6b87-1032-961f-b17f0b52f5bc > creatorsName: cn=config > createTimestamp: 20130617104800Z > entryCSN: 20130617104800.311168Z#000000#000#000000 > modifiersName: cn=config > modifyTimestamp: 20130617104800Z > > dn: cn=admins,cn=zimbra > objectClass: organizationalRole > description: admin accounts > cn: admins > structuralObjectClass: organizationalRole > entryUUID: 1f7d451c-6b87-1032-9620-b17f0b52f5bc > creatorsName: cn=config > createTimestamp: 20130617104800Z > entryCSN: 20130617104800.359221Z#000000#000#000000 > modifiersName: cn=config > modifyTimestamp: 20130617104800Z > > dn: uid=zimbra,cn=admins,cn=zimbra > uid: zimbra > objectClass: zimbraAccount > objectClass: organizationalPerson > cn: zimbra > sn: zimbra > zimbraAccountStatus: active > zimbraIsAdminAccount: TRUE > zimbraIsSystemResource: TRUE > zimbraId: e0fafd89-1360-11d9-8661-000a95d98ef2 > description: The master zimbra admin account > userPassword:: text= > structuralObjectClass: organizationalPerson > entryUUID: 1f7e29e6-6b87-1032-9621-b17f0b52f5bc > creatorsName: cn=config > createTimestamp: 20130617104800Z > zimbraLastLogonTimestamp: 20131202121011Z > entryCSN: 20131202121011.054477Z#000000#000#000000 > modifiersName: uid=zimbra,cn=admins,cn=zimbra > modifyTimestamp: 20131202121011Z > > > (etc) > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
--On Wednesday, December 04, 2013 6:52 PM -0800 Howard Chu <hyc@symas.com> wrote: > quanah@OpenLDAP.org wrote: >> Full_Name: Quanah Gibson-Mount >> Version: 2.4.35 >> OS: Linux 2.6 >> URL: ftp://ftp.openldap.org/incoming/ >> Submission from: (NULL) (75.111.58.125) >> >> >> If the root of the primary database is "", and you try and export a base >> that doesn't exist via slapcat, the entire database is exported (i.e., >> it acts like you specified "" as the base): > > Works as designed. -b selects the backend that matches the DN you > provided. A backend with suffix "" matches anything that nothing more > specific matched. If you wanted to filter down to a specific branch, you > should have used -s. Closing this ITS. There is no backend matching cn=accesslog. There is only "" and "cn=monitor" on this particular server. The goal here was not to export a subtree, it was something trying to export the delta-syncrepl accesslog on a server that didn't have one. That should result in an error, not match the primary db rooted at "". I certainly wouldn't expect -n 3 to default to -n 1 if -n 3 doesn't exist. Neither should -b "cn=accesslog" default to -b "". Those clearly do not match. --Quanah -- Quanah Gibson-Mount Architect - Server Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
On Dec 4, 2013, at 9:58 PM, quanah@zimbra.com wrote: > --On Wednesday, December 04, 2013 6:52 PM -0800 Howard Chu <hyc@symas.com> > wrote: > >> quanah@OpenLDAP.org wrote: >>> Full_Name: Quanah Gibson-Mount >>> Version: 2.4.35 >>> OS: Linux 2.6 >>> URL: ftp://ftp.openldap.org/incoming/ >>> Submission from: (NULL) (75.111.58.125) >>> >>> >>> If the root of the primary database is "", and you try and export a base >>> that doesn't exist via slapcat, the entire database is exported (i.e., >>> it acts like you specified "" as the base): >> >> Works as designed. -b selects the backend that matches the DN you >> provided. A backend with suffix "" matches anything that nothing more >> specific matched. If you wanted to filter down to a specific branch, you >> should have used -s. Closing this ITS. > > There is no backend matching cn=accesslog. There is only "" and > "cn=monitor" on this particular server. The goal here was not to export a > subtree, it was something trying to export the delta-syncrepl accesslog on > a server that didn't have one. That should result in an error, not match > the primary db rooted at "". I certainly wouldn't expect -n 3 to default > to -n 1 if -n 3 doesn't exist. Neither should -b "cn=accesslog" default to > -b "". Those clearly do not match. Well, but -b is working as documented. Sadly, the -s parameter is deprecated - so, that really shouldn't be used either. Therefore, since -b simply grabs the -n that would contain the suffix specified (doesn't do an exact suffix match and fail if not found as you wanted, Quanah) and -s is deprecated - how is one to accomplish this in the future? Frank
On 12/05/2013 02:22 PM, Frank.Swasey@uvm.edu wrote: > > --Apple-Mail=_21ABCED4-5B52-47DB-9CA2-DFB23439A062 > Content-Transfer-Encoding: quoted-printable > Content-Type: text/plain; > charset=us-ascii > > On Dec 4, 2013, at 9:58 PM, quanah@zimbra.com wrote: > >> --On Wednesday, December 04, 2013 6:52 PM -0800 Howard Chu = > <hyc@symas.com>=20 >> wrote: >> =20 >>> quanah@OpenLDAP.org wrote: >>>> Full_Name: Quanah Gibson-Mount >>>> Version: 2.4.35 >>>> OS: Linux 2.6 >>>> URL: ftp://ftp.openldap.org/incoming/ >>>> Submission from: (NULL) (75.111.58.125) >>>> =20 >>>> =20 >>>> If the root of the primary database is "", and you try and export a = > base >>>> that doesn't exist via slapcat, the entire database is exported = > (i.e., >>>> it acts like you specified "" as the base): >>> =20 >>> Works as designed. -b selects the backend that matches the DN you >>> provided. A backend with suffix "" matches anything that nothing more >>> specific matched. If you wanted to filter down to a specific branch, = > you >>> should have used -s. Closing this ITS. >> =20 >> There is no backend matching cn=3Daccesslog. There is only "" and=20 >> "cn=3Dmonitor" on this particular server. The goal here was not to = > export a=20 >> subtree, it was something trying to export the delta-syncrepl = > accesslog on=20 >> a server that didn't have one. That should result in an error, not = > match=20 >> the primary db rooted at "". I certainly wouldn't expect -n 3 to = > default=20 >> to -n 1 if -n 3 doesn't exist. Neither should -b "cn=3Daccesslog" = > default to=20 >> -b "". Those clearly do not match. > > > Well, but -b is working as documented. Sadly, the -s parameter is = > deprecated - so, that really shouldn't be used either. Therefore, since = > -b simply grabs the -n that would contain the suffix specified (doesn't = > do an exact suffix match and fail if not found as you wanted, Quanah) = > and -s is deprecated - how is one to accomplish this in the future? -H, as the man page suggests; -s is deprecated because -H does that and more. p. > > Frank > > --Apple-Mail=_21ABCED4-5B52-47DB-9CA2-DFB23439A062 > Content-Transfer-Encoding: 7bit > Content-Disposition: attachment; > filename=signature.asc > Content-Type: application/pgp-signature; > name=signature.asc > Content-Description: Message signed with OpenPGP using GPGMail > > -----BEGIN PGP SIGNATURE----- > Comment: GPGTools - http://gpgtools.org > > iQIcBAEBAgAGBQJSoH4GAAoJEMOj4l6rFnCNMy0QAIpAf0e2XJ5T6/sX2lnaP+ms > DCXvsxIRjy5F/vBKT1VLt0Z9pj6N1fSpnwYg66rViyaN2A3I/2BJfhz2u3V6ita7 > /NeGgt2wEuS1OoVtULlapz1OAf91KuEASw7QLff2QmB3yS2Y3YGVom4Yu/h4EC0h > aEBVKL088gbytJ19mPbRYN+7HYdcbO+QWiMvZER53wSvTV96vkOHFcUcXQf5fj6z > 7QSMLzA9JUFFjYbYpvdjqtE9UqpPgLRLwIihbzN0DTX6HNavYGWPEzQGrMvvoUoN > EP4uWNEGzfeV++yE0PiChGHtyqS/Q94nIQ6P815jBxN583oAtxTfIz6nFOyk4hV4 > RhkdpH36z77S1k/KgWbATt5bUvF/wRzIb3pXY0968gC2XHVfh/KzQtLYcOUNCSBG > yFGbUz9MyBNlicfjlKaDtetHkXUTvS5u8hlx9jO/Ik9L0ZBSzUuWSTQpwt8FXY6T > WTFjeugu/vqxOrRS2/0yrrrT65Z9MbGt32aKk4QwaZOXDJVAoE5o1WScfQsCeX1G > 6DBEC/Y1LXgMcOMCs8aKnzQolnMXAiNz1wuMAMDC8ffSYgA34VR4keCKXcmzonKT > kkiuLCJG2s28vQQrtpwlbnd+OYtAmtBBHcafHZvvYUreap3DlOhbuhbC19QvqCSh > 9WzShIf7BJeIQW/5xeGk > =2cju > -----END PGP SIGNATURE----- > > --Apple-Mail=_21ABCED4-5B52-47DB-9CA2-DFB23439A062-- > > > > -- Pierangelo Masarati Associate Professor Dipartimento di Scienze e Tecnologie Aerospaziali Politecnico di Milano
On Dec 5, 2013, at 8:37 AM, Pierangelo Masarati <pierangelo.masarati@polimi.it> wrote: >> and -s is deprecated - how is one to accomplish this in the future? > > -H, as the man page suggests; -s is deprecated because -H does that and more. Doh! Saw "deprecated" and stopped reading. Too much blood in my caffeine stream, today. Frank
--On Thursday, December 05, 2013 8:22 AM -0500 Francis Swasey <Frank.Swasey@uvm.edu> wrote: > Well, but -b is working as documented. Sadly, the -s parameter is > deprecated - so, that really shouldn't be used either. Therefore, since > -b simply grabs the -n that would contain the suffix specified (doesn't > do an exact suffix match and fail if not found as you wanted, Quanah) and > -s is deprecated - how is one to accomplish this in the future? >From slapd.conf: suffix <dn suffix> Specify the DN suffix of queries that will be passed to this backend database. Multiple suffix lines can be given and at least one is required for each database definition. >From slapcat: -b suffix Use the specified suffix to determine which database to generate output for. Suffix has as specific meaning. Since there is no database configured with a suffix of cn=accesslog or anything else but "", it should not match. --Quanah -- Quanah Gibson-Mount Architect - Server Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
moved from Incoming to Software Bugs