[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slamd templates making stange errors



At 10:50 AM 5/2/2006, matthew sporleder wrote:
>On 5/1/06, matthew sporleder <msporleder@gmail.com> wrote:
>>Is there was a repository of slamd tests/templates used to test slapd?
>> (I've seen results posted, but never a discussion on how they were
>>reached)  I am having good luck with my search tests, but my
>>add/delete templated tests always give:
>>
>>err=20 matched="" text="attribute 'objectClass' provided more than once"
>>
>>which seems a little odd since objectClass will almost always be
>>repeated on an add.
>>I don't think this is an openldap issue since I can follow my template
>>with 'ldapmodify', but I was just wondering if anyone was publishing
>>this sort of thing.
>>
>>Thanks,
>>_Matt
>
>Well, it would appear that openldap might be throwing error=20 a
>little too liberally:
>
>Here's my tcpdump of ldap traffic:
>slamd:
>(hex deleted, ascii formatted)
>....;uid=test.16@example.net,ou=foo,o=bar,dc=example,dc=net0...
>0...objectClass1...top
>0...objectClass1...person
>0%..objectClass1...organizationalPerson
>0...objectClass1...myLocalPerson
>0...objectClass1...inetOrgPerson
>0...l1...west
>0...myLocald1...16
>0...cn1...User.16
>0...sn1...foo
>0...uid1...test.16@example.net
>0...userPassword1...password
>0...givenName1...test.16@example.net
>0;..postalAddress1*.(test.16@example.net.FOOBAR.LANE,.PHOENIX,.AZ
>0...postalCode1...16666
>0...parentlogin1...boofoomoo
>
>ldapmodify:
>(hex deleted, ascii formatted)
>....@uid=test.matt.01@example.net,ou=foo,o=bar,dc=example,dc=net0
>..T0O..objectclass1@..top..person..organizationalPerson..inetOrgPerson..myLocalPerson
>0...l1...east
>0...myLocalid1...01
>0...sn1...L
>0...cn1...User 01
>0...uid1...test.matt.01@example.net
>0...userPassword1...password
>0...givenName1...test.matt01@example.net
>02..postalAddress1!..555 FOO LN,.MACON,.GA
>0...postalCode1...16666
>0...parentlogin1...boofoomoo
>
>As you can see, ldapmodify puts all of the objectclass's into one
>line,

As the protocol is not line oriented, it more appropriate to
say that ldapmodify is providing all the values of the objectClass
attribute in one instance of the attribute structure in the
sequence of attributes.  That is, ldapmodify is providing
one objectClass attribute with multiple values.
        

>whereas the slamd client is putting them on multiple lines.

whereas this client is providing each value of the objectClass
attribute in a separate instance of the attribute structure in
the sequence of attributes.  That is, this client is providing
multiple objectClass attributes each with one value.

>Why
>does openldap treat this as an error?

An entry cannot more than one attribute of any particular
attribute type (or, if using attribute options, descriptions).

>I can't find any docs that say
>objectclass's should be folded into one line.

It's covered reasonable well in the LDAP Technical Specification
(better in the soon-to-be-published revised LDAP TS, see
draft-ietf-ldapbis-*.txt in the doc/drafts directory).

>(and I'm still not sure
>exactly how to do an ldapmodify with a single-line, multi-value object
>class.)

ldapmodify(1) expects input to be LDIF.  In LDIF, multiple values
of a single attribute are represented as:
        foo: value1
        foo: value2

The LDAP client, when generating LDAP requests, is expected to treat
this as one attribute with two values, not two attributes (of the
same type) each with their own value.  A client which does the
latter is simply broken.  For this, see LDIF technical
specification for details.


>Any help is appreciated,
>_Matt