[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: nisNetgroupTriple trouble

On Sat, Apr 07, 2007 at 12:48:55AM -0700, Howard Chu wrote:
> Ryan Lovett wrote:
> >I turned up the logging on the OpenLDAP server and spotted several
> >instances of:
> >
> >get_ava: illegal value for attributeType nisNetgroupTriple
> >
> >I've looked over RFC 2307 and the values stored in OpenLDAP seem to be
> >consistent with the defined syntax. Additionally, the server did not object
> >when I inserted the data so I don't know why there is a problem when
> >reading it.
> Most likely this error message is reporting the wrong thing. In fact 
> there is no equality matching rule for the nisNetgroupTriple 
> attributetype, so it cannot be used in a search filter.
Thanks for your feedback. Given your information I searched a bit more and
found this post:


where someone changed the attributetype from

   attributetype ( NAME 'nisNetgroupTriple'
        DESC 'Netgroup triple'
        SYNTAX )


   attributetype ( NAME 'nisNetgroupTriple'
        DESC 'Netgroup triple'
        EQUALITY caseExactIA5Match
        SUBSTR caseExactIA5SubstringsMatch
        SYNTAX )

This quieted the get_ava message and solved my problem where the client
wasn't able to lookup the netgroup data. Apparently this has also helped a
few other people with Solaris clients:


I'm mentioning these reports in case it helps other people.