[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: incomplete slapcat



I don't want to sabotage this thread with my inaccuracies -- I do
appreciate folk's interest in helping out -- this is indeed the same
entry, I just stupidly didn't edit out all the *real* info -- too many
e-mails and things to do and I got careless.

The main point is that an attribute is absent from the main DB entry in
a slapcat, and instead appears attached to an accesslog DB entry. 
ldapsearch shows *all* the attributes.

Since yanking out the accesslog overlay directives, slapcat behaves as
expected.  I'm disappointed because accesslog was useful but my
confidence in reinstantiating the overlay has been disrupted.  I am not
eager to be in a mess like yesterday.

I'm interested to know what kind of environments others are using
accesslog in -- how many changes daily, etc.

Robert

Karsten Künne wrote:
> On Wednesday 04 October 2006 11:28, Robert Petkus wrote:
>   
>> I provided an example but it was the wrong one.  You can see that the
>> sshPublicKey attribute is shown in ldapsearch but isn't attached to the
>> main DB entry produced from a slapcat.
>>
>> ***********ldapsearch results*****************
>>
>> # rpetkus, People, racf.bnl.gov
>> dn: uid=rpetkus,ou=People,dc=stuff,dc=bnl,dc=gov
>> uid: rpetkus
>> cn: Robert Petkus
>> objectClass: inetOrgPerson
>> objectClass: posixAccount
>> objectClass: top
>> objectClass: racf
>> objectClass: ldapPublicKey
>> uidNumber: number
>> gidNumber: number
>> homeDirectory: /somewhere/rpetkus
>> loginShell: /bin/bash
>> gidNumberAtlas: number
>> homeDirectoryAtlas: /somewhere/rpetkus
>> experiment: RHIC/USATLAS
>> sn: rapetkus
>> employeeNumber: number
>> loginShellGateway: /bin/rbash
>> employeeStatus: Active
>> gecos: Robert Petkus
>> sshPublicKey: ssh-rsa
>> AAAAB3NzaC1yc2EAAAABIwAAAIEA36Y8jfKTKJgphUO30oaI9W5QVRUg
>>
>> 8+fM0FFYIkaiZUuaXBYpKaIiguUcQsy+3P+KjBTI0g1Qr3gewO20S0T4i8pDX1XasdfasdftDvN
>> xbz3w se4V+PPGQ/Bm4DXTjGRoMVNBABIoqWo3vYOVCvKasdfasdfId5q6oStWrNuNmpV48=
>>
>>
>> ******Here is the slapcat for my user**************
>>
>> dn: uid=rpetkus,ou=People,dc=racf,dc=bnl,dc=gov
>> uid: rpetkus
>> cn: Robert Petkus
>> objectClass: inetOrgPerson
>> objectClass: posixAccount
>> objectClass: top
>> objectClass: racf
>> uidNumber: number
>> gidNumber: number
>> homeDirectory: /somewhere/rpetkus
>> loginShell: /bin/bash
>> gidNumberAtlas: number
>> homeDirectoryAtlas: /somewhere/rpetkus
>> experiment: RHIC/USATLAS
>> structuralObjectClass: inetOrgPerson
>> entryUUID: 689ce5e4-010f-102a-8eef-9882d4436e05
>> creatorsName: cn=account,dc=bnl,dc=gov
>> createTimestamp: 20051214170418Z
>> sn: rapetkus
>> userPassword::
>> employeeNumber: number
>> loginShellGateway: /bin/rbash
>> employeeStatus: Active
>> gecos: Robert Petkus 1
>> entryCSN: 20060906145341Z#000000#00#000000
>> modifiersName: cn=Manager,dc=bnl,dc=gov
>> modifyTimestamp: 20060906145341Z
>>
>>     
>
> The DN's are different, the first one is "...,dc=stuff,...", the second one is 
> "...,dc=racf,...". Also the gecos attributes are different ("Robert Petkus" 
> versus "Robert Petkus 1"). Are you sure you're looking at the same entries? 
> Maybe you should also get the operations attributes via ldapsearch and 
> compare the entryUUID's?
>
>   
>> dn: reqStart=20060920134512.000000Z,cn=changelog
>> objectClass: auditModify
>> structuralObjectClass: auditModify
>> reqStart: 20060920134512.000000Z
>> reqEnd: 20060920134512.000001Z
>> reqType: modify
>> reqSession: 423
>> reqAuthzID: cn=Manager,dc=bnl,dc=gov
>> reqDN: uid=rpetkus,ou=People,dc=racf,dc=bnl,dc=gov
>> reqResult: 0
>> reqMod: sshPublicKey:= ssh-rsa
>> AAAAB3NzaC1yc2EAAAABIwAAAIEA36Y8jfKTKJgphUO30oaI9W5QVRUg
>> 8+fM0FFYIkaiZUuaXBYpKaIiguUcQsy+3P+KjBTI0g1Qr3gewO20S0T4i8pDXasdfasdftDvNxb
>> z3w se4V+PPGQ/Bm4DXTjGRoMVNBABIoqWo3vYOVCvKasdfasdfId5q6oStWrNuNmpV48=
>> reqMod: entryCSN:= 20060920134512Z#000000#00#000000
>> reqMod: modifiersName:= cn=account,dc=bnl,dc=gov
>> reqMod: modifyTimestamp:= 20060920134512Z
>> entryUUID: fb865d9c-dcf9-102a-8a91-e5d2e62e4f1a
>> creatorsName: cn=changelog
>> createTimestamp: 20060920134512Z
>> entryCSN: 20060920134512Z#000000#00#000000
>> modifiersName: cn=changelog
>> modifyTimestamp: 20060920134512Z
>>
>>     
>
> That was a modification to the "racf" entry, not the "stuff" entry.
>
>
> Karsten.
>   


-- 
Robert Petkus
Brookhaven National Laboratory
Physics Dept. - Bldg. 510A
Upton, New York 11973
Tel.       : +1 (631) 344 3258
Fax.       : +1 (631) 344 7616

http://www.bnl.gov/RHIC
http://www.acf.bnl.gov