[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: PROXIED attributeDescription "<foo>" inserted

To: openldap-technical@openldap.org
Subject: Re: PROXIED attributeDescription "<foo>" inserted
From: btb@bitrate.net
Date: Thu, 10 Nov 2016 22:09:22 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bitrate.net; s=default; t=1478833764; bh=slE+6TnXzqvc27YazR8g3K9tJ2BbbFBVewNX5T2FK2c=; h=Subject:From:In-Reply-To:Date:References:To; b=A6/fBSmktebMMS3QIeYkrj76MFx7Hp5aJuE8hjG1475I2fnlZzYzU8legaciaQsdZ 7iXsdfxvRHa/KsAKRofOEa+JrEwmC7v4M6dEkvko1yr78ivYjZz4u/9jaDrvM73Ex6 Aqv75Fg9JR+82pxLMyfqlDBusSYP2ZCty8p3ll0k=
In-reply-to: <d566374b-dec2-ca65-7d0a-778f911ccc7d@symas.com>
References: <CA9E4819-45C1-4241-864D-5F96A8D10DF8@bitrate.net> <WM!9f287aaf9548b9873255b766bbef6fa678030961314572231966dec5e4d783258b1ff6fc6b225ddeefe8974f1978fc2f!@mailstronghold-1.zmailcloud.com> <d566374b-dec2-ca65-7d0a-778f911ccc7d@symas.com>

On Nov 10, 2016, at 20.47, Howard Chu <hyc@symas.com> wrote:
> 
> btb@bitrate.net wrote:
>> recently i noticed these entries in slapcat output:
>> 
>>> slapcat -F '/var/lib/ldap/config' -b 'cn=config' -H 'ldap:///cn=config??base'
>> 5824aae9 PROXIED attributeDescription "OU" inserted.
>> 5824aae9 PROXIED attributeDescription "DC" inserted.
>> dn: cn=config
>> objectClass: olcGlobal
>> cn: config
>> olcArgsFile: /var/run/slapd/slapd.args
>> olcConnMaxPending: 1000
>> olcConnMaxPendingAuth: 1000
>> olcGentleHUP: FALSE
>> olcIdleTimeout: 0
>> olcPidFile: /var/run/slapd/slapd.pid
>> olcReadOnly: FALSE
>> olcReverseLookup: FALSE
>> olcSaslSecProps: noanonymous
>> olcTLSCACertificateFile: /etc/pki/trusted_root_authorities/example_corp_
>> root_ca-cert.pem
>> olcTLSCertificateFile: /etc/ldap/pki/dsa1.example.net-cert.pem
>> olcTLSCertificateKeyFile: /etc/ldap/pki/dsa1.example.net-key.pem
>> olcTLSVerifyClient: never
>> olcAttributeTypes: {0}( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' )
>> DESC '
>> RFC2256: organizational unit this object belongs to' SUP name )
>> olcAttributeTypes: {1}( 0.9.2342.19200300.100.1.25 NAME ( 'dc'
>> 'domainComponen
>> t' ) DESC 'RFC1274/2247: domain component' EQUALITY caseIgnoreIA5Match
>> SUBSTR
>> caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
>> SINGLE-VAL
>> UE )
>> structuralObjectClass: olcGlobal
>> entryUUID: 65ca1166-8375-102d-9386-497a4dd6665c
>> creatorsName: cn=config
>> createTimestamp: 20090130235646Z
>> contextCSN: 20120805020044.490450Z#000000#000#000000
>> contextCSN: 20120317151625.496021Z#000000#001#000000
>> olcLogLevel: stats sync
>> entryCSN: 20161110171407.752985Z#000000#000#000000
>> modifiersName: uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net
>> modifyTimestamp: 20161110171407Z
>> 
>> in the past, i'd seen this, due to ou and dc attributes being referenced
>> before their schema elements were loaded.  so, as can be seen above, i
>> moved the declarations of these attributes to the beginning of the config,
>> so to speak, at which point, the messages were no longer printed.
>> 
>> but now they're back, and i'm curious why.  there is very little parsed
>> prior to the attribute declarations, i believe?  what am i missing?
>> presumably, it's as it was before, and something is referencing these attributes, but how can i determine what?
> 
> It is the cn=config entry itself. The LDIF is parsed into Attributes before the Attributes themselves are processed by the config engine. In this case you can either ignore the message, since it's harmless, or change your admin DNs to avoid using non-core attributes.

ah, modifiersName - thanks for the gentle cluebat.  i'm now remembering this was the other half of the exercise in the past, and it had been so long since i'd modified cn=config itself that i'd forgotten.

References:
- PROXIED attributeDescription "<foo>" inserted
  - From: btb@bitrate.net
- Re: PROXIED attributeDescription "<foo>" inserted
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: PROXIED attributeDescription "<foo>" inserted
Next by Date: OpenLDAP ACL causing error code 49
Index(es):
- Chronological
- Thread