[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7226) olcAuditlogFile At dos not accept multiple values



This is a cryptographically signed message in MIME format.

--------------ms010606090903000904060909
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

(Re-added Cc: openldap-its@openldap.org)

Emmanuel L=C3=A9charny wrote:
> Le 4/5/12 1:55 PM, Michael Str=C3=B6der a =C3=A9crit :
>> elecharny@apache.org wrote:
>>> When trying to inject more than one value into the olcAuditlogFile AT=
, we get
>>> the following error :
>>>
>>> LDAP: error code 18 - modify/add: olcAuditlogFile: no equality matchi=
ng rule
>> How did the modification list look like in your modify request?
>>
>> This LDAP error code is typically returned if you try to add or remove=

>> specific value(s) to an existing multi-valued attribute which does not=
 have an
>> equality matching rule defined for it. In this case the server is not =
capable
>> to check whether the value exists or not.
> The olcAuditlogFile does have a Syntax (DirectoryString) thus an equali=
ty MR.

No it does not have an equality matching rule. And the diagnosticMessage
returned by the server is pretty clear on that. Look at the subschema.

> The error is really not associated with the value we are trying to inje=
ct :

It is because...

> Second value :
> #!RESULT ERROR
> #!CONNECTION ldap://10.211.55.4:10389
> #!DATE 2012-04-05T11:32:50.776
> #!ERROR [LDAP: error code 18 - modify/add: olcAuditlogFile: no equality=

> matching rule]
> dn: olcOverlay=3D{0}auditlog,olcDatabase=3D{1}bdb,cn=3Dconfig
> changetype: modify
> add: olcAuditlogFile
> olcAuditlogFile: /ldap/file2.log
> -

=2E..with such a modify request the server wants to check whether the new=
 value
'/ldap/file2.log' is already present in the attribute value set. An equal=
ity
matching rule has to be defined for the attribute type to make this work.=


>> =3D>  Your client should never do that if it's meant to be generally u=
sable.
> Really, it seems to be something the server is not handling correctly.

Nope.

>> Safest approach is to send a MOD_DEL without value and MOD_ADD with al=
l values.
> That would be totally overkilling if you have thousands of values in yo=
ur AT.

It's the only valid approach in case there's no equality matching rule de=
fined
for the attribute type.

> Plus that forces the client to first fetch the values from the server, =
to
> compute locally the differences

Yes.

> (what if the value we try to add is already
> present ?),

It depends... ;-)

> which means we have a way to do the comparison locally, which
> means we have some knowledge about the MR locally.

Yes.

In practice it turned out to be sufficient to compare the byte buffers. :=
-)

And that's why my web2ldap looks for equality matching rule definition in=
 the
schema and generates different attribute value diffs accordingly. Tested =
with
many different LDAP servers...

Ciao, Michael.


--------------ms010606090903000904060909
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIFOzCC
BTcwggMfoAMCAQICAwl4kDANBgkqhkiG9w0BAQUFADB5MRAwDgYDVQQKEwdSb290IENBMR4w
HAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmlu
ZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZzAeFw0xMDEx
MTcxNTQzMzFaFw0xMjExMTYxNTQzMzFaMD8xGDAWBgNVBAMUD01pY2hhZWwgU3Ry9mRlcjEj
MCEGCSqGSIb3DQEJARYUbWljaGFlbEBzdHJvZWRlci5jb20wggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDo2SKth5GhtaDrCyfGtyUG+/hAAa/J52L0NFN4SSRvTtdGf9HfWwwd
NCtgae0TVGWk2lKDbXA9d5vmyIiRhuwxd90H6FLErhRBeB9G67qtw87E8WUoXt2DwPQEUTWV
hqHpPadlmgFw3+i3TGQQTe3O3W9MMMd4GJNhObem2VGRuCD37OXnzBksTcq0FPJgcWAhe3d/
0ItOkNWBqgq8Mf3p7WFBhaQ0a27BC/mKtH8fI3kPcS305imPRja69Msq3EwUZBc9ToVp6FRQ
NYKjfOBybDUzVkmRZl3H8xutQP2w8Zxb8m5f7Q1BfLLrIFScfYvIDgOERxTCd4lab8+/09XH
AgMBAAGjggEAMIH9MAwGA1UdEwEB/wQCMAAwVgYJYIZIAYb4QgENBEkWR1RvIGdldCB5b3Vy
IG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSBoZWFkIG92ZXIgdG8gaHR0cDovL3d3dy5DQWNl
cnQub3JnMEAGA1UdJQQ5MDcGCCsGAQUFBwMEBggrBgEFBQcDAgYKKwYBBAGCNwoDBAYKKwYB
BAGCNwoDAwYJYIZIAYb4QgQBMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDov
L29jc3AuY2FjZXJ0Lm9yZzAfBgNVHREEGDAWgRRtaWNoYWVsQHN0cm9lZGVyLmNvbTANBgkq
hkiG9w0BAQUFAAOCAgEANPf/aLF41eQlvN5dEg3CFnlN//qQK7+EPIXLnHprNWLb4nBwgdPj
/E+qa1umT7px4Py3VS0UTKqLmMdWftwid8MOMHWalZwrfx0Z8U3He+EdJhOSnn9vdd/ug7Xd
dI/hRjLaBSq9ZhCczEUgL6vTxCYPlIoHF56y/oxSJw59vRBjvRFKXvpBZWseeRkcGACQduNH
SNdWC1IqHAbQlgOS9VWQUYlm//BdaLkezRxqnQp5+KJMAcZzHpdNJ3G4SqCJ02Z3n4kk8IKZ
AjgiWxisDFNsfXKDb9Ng5ntnnH2ouxrgPoNnW445tgkz50VKHstylx9s5O3G7uUTtg0J+z63
TA8xbN6kzRx7RgAUkEXhl6WEdW+3EVj5tYY38Uy8vleP+gYZfphKEmQJgIQqy9D2+gesbolT
QdWYgbUYY2AHJOshskMW7pahYnFX2pZmn/ayaPc+JFJlCEqO0+DcYQjYuv6sntQgZGkok7yZ
R4xMbyCp61pTrfGWOufZs/FiScJZg1IWY5qb4URH4VZZjLNMR2pFMRuE4LvgkkMRasbUv7Yv
n3Lzv34lTfJKUqYW6nx//L2NS4rN63o0taPwRygnuBK4kp7EYEcwtLeanJhQoIu4b6If9rwy
D7CFAp51wIewV9VtZ1Is0irNBcMVyhJogIcuIn+VWY1ff1RxySD/djMxggOUMIIDkAIBATCB
gDB5MRAwDgYDVQQKEwdSb290IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcx
IjAgBgNVBAMTGUNBIENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1
cHBvcnRAY2FjZXJ0Lm9yZwIDCXiQMAkGBSsOAwIaBQCgggHoMBgGCSqGSIb3DQEJAzELBgkq
hkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEyMDQwNTEyMTYwNVowIwYJKoZIhvcNAQkEMRYE
FM+iAFFRy97LDfUOWFNxFPhbfyYoMF8GCSqGSIb3DQEJDzFSMFAwCwYJYIZIAWUDBAECMAoG
CCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggq
hkiG9w0DAgIBKDCBkQYJKwYBBAGCNxAEMYGDMIGAMHkxEDAOBgNVBAoTB1Jvb3QgQ0ExHjAc
BgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5n
IEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNlcnQub3JnAgMJeJAwgZMG
CyqGSIb3DQEJEAILMYGDoIGAMHkxEDAOBgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6
Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEh
MB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNlcnQub3JnAgMJeJAwDQYJKoZIhvcNAQEBBQAE
ggEAuMqNcfc7oloFkZwyG6NM8IbEbOenwM9VV9eeNGRgcz3RdhUBt47RCErfi5y8Kae0yI1L
9PMksGezPPCZbtKoTbknMRRrigzpVBRjiKF8MLWF0ny0VzUj8j2uljQWy7xTHE+5yx0e61P7
airHwIQS8u63y50kvg3PT6POJB0TyRQqvZ8UUFBK6JEqXkY7DVrS9VxS6SelbOuJUtiNKkRD
AkEbrE5ug8rTafR+onCa1gNlUNHLomc+0zLKb+8VRr4etfVOyLDhdYLPhJ/u5qePh3PHpX8B
i3/I2bRD72ktlZYL48mwFKEma7LrUPf9Ky0EVYLCk9FR8/w4kCvxEOfmPQAAAAAAAA==
--------------ms010606090903000904060909--