[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP with back-sql schemacheck

On Fri, 20 Aug 2004 09:39:24 +0200
Pierangelo Masarati <ando@sys-net.it> wrote:

> Remco Post wrote:
> >Hi all,
> >
> >again, more questions for back-sql with postgresql
> >
> >I have some posixaccount entries in my ldap. With schemacheck off,
> >the slapd is very happy to present these to the clients, but for some
> >reason these will fail the schemacheck. Unfortunately, with all
> >debugging on(-d 4095) openldap 2.2.15 still won't tell me what is
> >wrong with the record or which attribute is wrong, just that it is
> >one of the many.
> >
> >My organization and organizationalUnit entries in the same database
> >are ok according to the server, it's just the posixaccount records
> >(and possibly the shadowaccount attributes too, haven't gotten around
> >to debugging those) that are causing me headaches....
> >  
> >
> Schema checking in back-sql is somewhat tricky.  There might be some
> overconsstraint, since schema checking is right now enforced everytime
> an entry is built, in backsql_id2entry().  The fact hat your entries
> do not conform to schema is likely related to a real violation (unless
> there's any bug in the frontend's schema checking routines, but this
> is very unlikely, otherwise it would appear with any backend, not just
> back-sql).
> The opportunity to check schema compliance in search results, however,
> is questionable, because we're dealing with entries that are generated
> on the fly based on the search request parameters (e.g. the only the
> explicitly required attributes are present), and search results may be
> partial also because of access restrictions and so; I would favor
> wiping this check out of the search operation (or maybe make it a
> specific back-sql option, for those who require schema compliance).
> >any hint on how to check these would be great....
> >  
> >
> In this precise case, the only check is the appropriateness of the 
> objectClass
> inheritance chain, i.e. a structuralObjectClass must be clearly 
> identifiable
> from the values of the objectClass attribute.

I guess that is my problem, posixaccount has an axillary relation to
top, but no structural. I guess I could change te world around by adding
a person objectclass to my records, to fix this, provided that the other
problem I mentiond, and you are fixing now is solved....

> I'm adding a log of the failure reason, to help debug your problem.
> p.
>     SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax:
>     +390382476497

Met vriendelijke groeten,

Remco Post

SARA - Reken- en Netwerkdiensten                      http://www.sara.nl
High Performance Computing  Tel. +31 20 592 3000    Fax. +31 20 668 3167

"I really didn't foresee the Internet. But then, neither did the
computer industry. Not that that tells us very much of course - the
computer industry didn't even foresee that the century was going to
end." -- Douglas Adams