[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP with back-sql schemacheck

On Sep 2, 2004, at 23:26, Brad Midgley wrote:


The current code in HEAD fixes your problems, i.e. you can explicitly
ask for objectClasses define din ldap_entry_objclasses in ldapsearch
> Due to the nature of back-sql, the test is disbaled by default; one
> needs to
> explicitly enable it AFTER configuring and populating an appropriate

What does it mean to explicitly enable the fix? Enable something in slapd.conf?

the fix is in the current cvs tree, no need to do anything. The test (eg. for make test) depends on a configured database. I guess you don't really need it, though it would be very handy for testing the ldap server before you do a lot of manual labour to fill it.

I have a similar situation to the original poster and I am also using ldap-cvs:

- ldap_entries are all tied to inetOrgPerson (this is a view btw)
- ldap_entry_objclasses is a view that maps all ldap_entries as also being posixAccount objects
- ldap_oc_mappings has rows for both inetorgperson and posixaccount

you need to have ldap_attr_mappings for oc_map_id=<inetOrgPerson oc map id> pointing to posixAccount attributes for back-sql to work. back-sql does not recurse trough the auxillary classes oc_map_id and attribute mappings, you need to tie the attribute mappings to the structural class.

- most attributes are for inetorgperson but uidNumber, gidNumber, homeDirectory refer to the posixaccount ldap_oc_mappings entry
- queries reveal objectClass values of both inetOrgPerson and posixAccount but none of posixAccount's attributes appear

here's the query by the way:

$ ldapsearch -H ldap://xxx.uen.org -D uid=bmidgley,dc=my,dc=uen,dc=org -x -W -d 256 -z 10 "(uid=bmidgley)"
Enter LDAP Password:
request 1 done
# extended LDIF
# LDAPv3
# base <> with scope sub
# filter: (uid=bmidgley)
# requesting: ALL

# bmidgley, my.uen.org
dn: uid=bmidgley,dc=my,dc=uen,dc=org
objectClass: inetOrgPerson
objectClass: posixAccount
cn: Brad Midgley
ou: Utah Education Network
sn: Midgley
uid: bmidgley
mail: bmidgley@uen.org
givenName: Brad
employeeNumber: 74032
request 2 done

# search result
search: 2
result: 4 Size limit exceeded

# numResponses: 2
# numEntries: 1


Met vriendelijke groeten,

Remco Post

SARA - Reken- en Netwerkdiensten                      http://www.sara.nl
High Performance Computing  Tel. +31 20 592 8008    Fax. +31 20 668 3167

"I really didn't foresee the Internet. But then, neither did the
computer industry. Not that that tells us very much of course - the
computer industry didn't even foresee that the century was going
to end."                                       -- Douglas Adams