[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: incomplete slapcat

To: openldap-software@openldap.org
Subject: Re: incomplete slapcat
From: Robert Petkus <rpetkus@bnl.gov>
Date: Wed, 04 Oct 2006 10:21:43 -0400
In-reply-to: <F37F3003FB0EF22D8E75483C@SW-90-717-287-3.stanford.edu>
Organization: Brookhaven National Laboratory
References: <4522B5F4.4090002@bnl.gov> <4AA5240ED975B88B30830BAF@SW-90-717-287-3.stanford.edu> <45230518.3060308@bnl.gov> <F37F3003FB0EF22D8E75483C@SW-90-717-287-3.stanford.edu>
User-agent: Thunderbird 1.5.0.4 (X11/20060614)

Quanah Gibson-Mount wrote:
>
>
> --On Tuesday, October 03, 2006 8:49 PM -0400 Robert Petkus
> <rpetkus@bnl.gov> wrote:
>
>
>
>
>> slapcat ldifs (slapcat -n 2 -l ldap.ldif) are polluted with accesslog
>> entries that *replace* the original entries.  For example, my account dn
>> won't include, say, sshPublicKey, but I'd see a reqMod entry with this
>> attribute.
>
> First, I'd make life simpler by listing the monitoring database last.
>
> Second, your slapcat by definition dumps the accesslog database, not
> your main database, since your databases are:
>
> 1: monitor
> 2: cn=changelog
> 3: dc=bnl,dc=gov
>
>
> Or at least, that's my guess, and it seems to go with what you note. 
> Or, you could change your slapcat to use "-b dc=bnl,dc=gov" which
> would be more explicit.  That is, of course, assuming that you want to
> dump your main DB and not the accesslog DB. ;)
Yeah it would be convenient if I was that dumb ;) , but I had tried
"-b", -n3, removing the accesslog db entries in slapd.conf and rerunning
slapcat.  All with the same results -- most of the main DB with a bunch
of accesslog DB garbage.   What is dogging me *so* much here is that
these are 2 distinct physical databases.

This is an example of the garbage I got yesterday from a slapcat for my
user (an illustration that some attributes are not attached to the main
DB but instead the accesslog DB, yet ldapsearchable to the main DB):

Cheers,
Robert

***********ldapsearch results*****************

# rpetkus, People, racf.bnl.gov
dn: uid=rpetkus,ou=People,dc=stuff,dc=bnl,dc=gov
uid: rpetkus
cn: Robert Petkus
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: racf
objectClass: ldapPublicKey
uidNumber: number
gidNumber: number
homeDirectory: /somewhere/rpetkus
loginShell: /bin/bash
gidNumberAtlas: number
homeDirectoryAtlas: /somewhere/rpetkus
experiment: RHIC/USATLAS
sn: rapetkus
employeeNumber: number
loginShellGateway: /bin/rbash
employeeStatus: Active
gecos: Robert Petkus
sshPublicKey: ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEA36Y8jfKTKJgphUO30oaI9W5QVRUg
 8+fM0FFYIkaiZUuaXBYpKaIiguUcQsy+3P+KjBTI0g1Qr3gewO20S0T4i8pDX1XasdfasdftDvNxbz3w
 se4V+PPGQ/Bm4DXTjGRoMVNBABIoqWo3vYOVCvKasdfasdfId5q6oStWrNuNmpV48=


******Here is the slapcat for my user**************

dn: uid=rpetkus,ou=People,dc=racf,dc=bnl,dc=gov
uid: rpetkus
cn: Robert Petkus
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: racf
uidNumber: number
gidNumber: number
homeDirectory: /somewhere/rpetkus
loginShell: /bin/bash
gidNumberAtlas: number
homeDirectoryAtlas: /somewhere/rpetkus
experiment: RHIC/USATLAS
structuralObjectClass: inetOrgPerson
entryUUID: 689ce5e4-010f-102a-8eef-9882d4436e05
creatorsName: cn=account,dc=bnl,dc=gov
createTimestamp: 20051214170418Z
sn: rapetkus
userPassword::
employeeNumber: number
loginShellGateway: /bin/rbash
sshPublicKey: ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEA36Y8jfKTKJgphUO30oaI9W5QVRUg
 8+fM0FFYIkaiZUuaXBYpKaIiguUcQsy+3P+KjBTI0g1Qr3gewO20S0T4i8pDX1XZELCHtDvNxbz3w
 se4V+PPGQ/Bm4DXTjGRoMVNBABIoqWo3vYOVCvKReqWx5hc9Id5q6oStWrNuNmpV48=
rpetkus@r
 sec00
employeeStatus: Active
gecos: Robert Petkus 1
entryCSN: 20060906145341Z#000000#00#000000
modifiersName: cn=Manager,dc=bnl,dc=gov
modifyTimestamp: 20060906145341Z

dn: reqStart=20060920134512.000000Z,cn=changelog
objectClass: auditModify
structuralObjectClass: auditModify
reqStart: 20060920134512.000000Z
reqEnd: 20060920134512.000001Z
reqType: modify
reqSession: 423
reqAuthzID: cn=Manager,dc=bnl,dc=gov
reqDN: uid=rpetkus,ou=People,dc=racf,dc=bnl,dc=gov
reqResult: 0
reqMod: sshPublicKey:= ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEA36Y8jfKTKJgphUO30oaI9W5QVRUg
8+fM0FFYIkaiZUuaXBYpKaIiguUcQsy+3P+KjBTI0g1Qr3gewO20S0T4i8pDXasdfasdftDvNxbz3w
se4V+PPGQ/Bm4DXTjGRoMVNBABIoqWo3vYOVCvKasdfasdfId5q6oStWrNuNmpV48=
reqMod: entryCSN:= 20060920134512Z#000000#00#000000
reqMod: modifiersName:= cn=account,dc=bnl,dc=gov
reqMod: modifyTimestamp:= 20060920134512Z
entryUUID: fb865d9c-dcf9-102a-8a91-e5d2e62e4f1a
creatorsName: cn=changelog
createTimestamp: 20060920134512Z
entryCSN: 20060920134512Z#000000#00#000000
modifiersName: cn=changelog
modifyTimestamp: 20060920134512Z




>
> --Quanah
>
> -- 
> Quanah Gibson-Mount
> Principal Software Developer
> ITS/Shared Application Services
> Stanford University
> GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html


-- 
Robert Petkus
Brookhaven National Laboratory
Physics Dept. - Bldg. 510A
Upton, New York 11973
Tel.       : +1 (631) 344 3258
Fax.       : +1 (631) 344 7616

http://www.bnl.gov/RHIC
http://www.acf.bnl.gov

Follow-Ups:
- Re: incomplete slapcat
  - From: "matthew sporleder" <msporleder@gmail.com>
- Re: incomplete slapcat
  - From: Robert Petkus <rpetkus@bnl.gov>

References:
- incomplete slapcat
  - From: Robert Petkus <rpetkus@bnl.gov>
- Re: incomplete slapcat
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- Re: incomplete slapcat
  - From: Robert Petkus <rpetkus@bnl.gov>
- Re: incomplete slapcat
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: How to migrate MS - Active Directory to Linux OpenLDAP
Next by Date: Re: incomplete slapcat
Index(es):
- Chronological
- Thread