[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: eduOrg schema and OpenLDAP

To: matt.smith@uconn.edu
Subject: Re: eduOrg schema and OpenLDAP
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Mon, 14 Feb 2005 08:25:01 -0800
Cc: openldap-software <openldap-software@OpenLDAP.org>
In-reply-to: <1108394183.15663.7.camel@d80h243>
References: <1108394183.15663.7.camel@d80h243>

At 07:16 AM 2/14/2005, Matthew J. Smith wrote:
>Does anyone use the eduCause schema for the eduOrg objectclass (and
>attributes) under OpenLDAP?  Including the schema in OpenLDAP 2.2.23, I
>get the following errors (repeated for each attribute):
>
>/etc/openldap/schema/eduorg.schema: line 5: AttributeType inappropriate
>matching rule: "caseExactIA5Match"
>
>The objectclass and attributetypes are defined here:
>http://www.educause.edu/Elements/Attachments/netatedu/pki/eduperson/internet2-mace-dir-eduOrg-200210.htm
>
>I believe the conflict lies in the use of "SYNTAX
>1.3.6.1.4.1.1466.115.121.1.15" (DirectoryString ?) with "EQUALITY
>caseExactIA5Match".  Should OpenLDAP allow this matching rule for this
>syntax,

No.  OpenLDAP doesn't implement IA5 matching against Directory
String attribute values as IA5 matching was to be used in matching
against IA5 attribute values and there is no specification detailing
how various IA5 rules are to behave when operating against directory
strings.

>or is the schema definition broken?

IMO, yes.  I suggest you report a bug to EduCause.

Kurt

References:
- eduOrg schema and OpenLDAP
  - From: "Matthew J. Smith" <matt.smith@uconn.edu>

Prev by Date: Re: Simple authentication with SASL
Next by Date: Re: Upgrading OpenLDAP, problem with data (no structural object class).
Index(es):
- Chronological
- Thread