[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Attribute type is operational

To: Jonathan Clarke <jonathan@phillipoux.net>
Subject: Re: Attribute type is operational
From: Howard Chu <hyc@symas.com>
Date: Mon, 12 Jul 2010 02:35:41 -0700
Cc: Stuart Cherrington <stuart_cherrington@hotmail.co.uk>, openldap-technical@openldap.org
In-reply-to: <f4fc83dec18b3d3b4d9e7528b868619f@localhost>
References: <BAY119-W1EBA46BE63FEA4B12838FA3B80@phx.gbl> <f4fc83dec18b3d3b4d9e7528b868619f@localhost>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; rv:1.9.3a6pre) Gecko/20100708 Firefox 3.6

Jonathan Clarke wrote:

On Mon, 12 Jul 2010 08:10:56 +0000, Stuart Cherrington
<stuart_cherrington@hotmail.co.uk>  wrote:

Hi,

I'm running Openldap 2.4 on Rhel5. I've got the basics working, user
accounts etc, but have tried adding some new schemas which I'm getting
problems with. I followed a VERY helpful Blog at

http://oracle-cookies.blogspot.com/2007/01/get-tnsnamesora-from-openldap.html

which allowed me to install some Oracle OID schema's so we can move away
from Oracle OID.

This Blog is a little out of date and I have some attributetypes which I
need to add-in to the schema. I've added the following 2 lines:

attributetypes ( 2.16.840.1.113894.1.1.37 NAME 'orclGuid' EQUALITY
caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
'1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE NO-USER-MODIFICATION USAGE
directoryOperation )

attributetypes ( 2.16.840.1.113894.1.1.1000 NAME 'orclnormdn' EQUALITY
distinguishedNameMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.12'

SINGLE-VALUE

NO-USER-MODIFICATION USAGE directoryOperation )

I took these from the current 10.2.0 OID installation so wasn't 100% sure
they were correct but they are similar in construct the others found on

the

blog.

When I restart ldap2.4 I get error:

  service ldap2.4 restart
Checking config file /etc/openldap2.4/slapd.conf:          [FAILED]
/etc/openldap2.4/schema/oidbase.schema: line 27 attributetypes:
"2.16.840.1.113894.1.1.37" is operational
slaptest2.4: bad configuration file!


This error message is complaining that the attributetype declared is an
operational attribute ("USAGE directoryOperation").

Reading through the code, I see the following comment: "operational
attributes should be defined internally". I therefore presume that you
cannot define operational attributes by way of schema files.

Correct. Operational attributes are, by definition, used internally by adirectory server. They have no meaning unless you provide code that implementsthem.

These attributes won't be "operational" anyway in the sense that they will
not be automatically managed by the OpenLDAP server, since it knows nothing
about them. If you just need them for compatibility with OID, I suggest you
change the declaration to make them non-operational. You'll probably want
to remove the "NO-USER-MODIFICATION" flag too, if you want to be able to
modify them with user accounts.


--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

References:
- Attribute type is operational
  - From: Stuart Cherrington <stuart_cherrington@hotmail.co.uk>
- Re: Attribute type is operational
  - From: Jonathan Clarke <jonathan@phillipoux.net>

Prev by Date: Re: How to best handle DN+String and DN+Binary in OL?
Next by Date: Re: How to best handle DN+String and DN+Binary in OL?
Index(es):
- Chronological
- Thread