[Date Prev][Date Next]
Re: OpenLDAP with back-sql schemacheck
Remco Post wrote:
again, more questions for back-sql with postgresql
I have some posixaccount entries in my ldap. With schemacheck off, the
slapd is very happy to present these to the clients, but for some reason
these will fail the schemacheck. Unfortunately, with all debugging on
(-d 4095) openldap 2.2.15 still won't tell me what is wrong with the
record or which attribute is wrong, just that it is one of the many.
My organization and organizationalUnit entries in the same database are
ok according to the server, it's just the posixaccount records (and
possibly the shadowaccount attributes too, haven't gotten around to
debugging those) that are causing me headaches....
Schema checking in back-sql is somewhat tricky. There might be some
overconsstraint, since schema checking is right now enforced everytime
an entry is built, in backsql_id2entry(). The fact hat your entries do not
conform to schema is likely related to a real violation (unless there's any
bug in the frontend's schema checking routines, but this is very unlikely,
otherwise it would appear with any backend, not just back-sql).
The opportunity to check schema compliance in search results, however,
is questionable, because we're dealing with entries that are generated on
the fly based on the search request parameters (e.g. the only the explicitly
required attributes are present), and search results may be partial also
because of access restrictions and so; I would favor wiping this check out
of the search operation (or maybe make it a specific back-sql option, for
those who require schema compliance).
any hint on how to check these would be great....In this precise case, the only check is the appropriateness of the
inheritance chain, i.e. a structuralObjectClass must be clearly
from the values of the objectClass attribute.
I'm adding a log of the failure reason, to help debug your problem.
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497