[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3931) slapcat -a doesn't work

--On Saturday, August 13, 2005 10:34 AM +0200 Pierangelo Masarati 
<ando@sys-net.it> wrote:

>> Full_Name: Quanah Gibson-Mount
>> Version: REL ENG 2-3
>> OS: Solaris 8
>> URL: ftp://ftp.openldap.org/incoming/
>> Submission from: (NULL) (
>> From ITS#3112, which added "-a" to slapcat, I find that:
>> ldap-dev1:/root/tmp/db# slapcat -a
>> "(!(entryDN:dnSubtree:=cn=People,dc=stanford,dc=edu))" -l test.ldif
> The correct matchingRule is "dnSubtreeMatch"; with it, the filter you're
> trying doesn't work as expected because the "entryDN" attribute is not
> stored in the entry, but rather generated by the frontend, and slapcat
> doesn't generate it.
> THe solution would be, in case a filter is given, to generate the
> "volatile" attributes before filtering and remove them before writing the
> entry.  Note that this might have side effects (e.g. "volatile" attrs
> generated by overlays/plugins that could not be designed to work in tool
> mode and so).
> I'm not 100% sure this is worth the effort.

To me, part of the problem here is that this filter says: "Dump everything 
in the database that doesn't match".  Which, since it apparently was not a 
valid filter, should have been everything, not nothing (0 size db).  That 
would indicate to me that there are problems with the filter evaulation in 
and of itself.

It sounds from what you are saying that "-a" can also only be used on a 
running slapd, which in and of itself can be problematic.


Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin