[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [Q] amendments to schemes existent

To: "Andrew Findlay" <andrew.findlay@skills-1st.co.uk>
Subject: Re: [Q] amendments to schemes existent
From: "Zeus Panchenko" <zeus@ibs.dn.ua>
Date: Thu, 19 Oct 2017 08:28:29 +0300
Cc: openldap-technical@openldap.org
Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAFVBMVEWxsbGdnZ3U1NQTExN cXFzx8fG/v7+f8hyWAAACXUlEQVQ4jUWSwXYiIRBFi4yyhtjtWpmRdTL0ZC3TJOukDa6Rc+T/P2F eFepwtFvr8upVFVDua8mLWw6La4VIKTuMdAPOebdU55sQs3n/D1xFFPFGVGh4AHKttr5K0bS6g7N ZCge7qpVLB+f1Z2WAj2OKXwIWt/bXpdXSiu8KXbviWkHxF5td9+lg2e3xlI2SCvatK8YLfHyh9lw 15yrad8Va5eXg4Llr7QmAaC+dL9sDt9iad/DX3OKvLMBf+dm0A0QuMrTvYIevSik1IaSVvgjIHt5 lSCG2ynNRpEcBZ8cgDWk+Ns99qzsYYV3MZoppWzGtYlTO9+meG6m/g92iNO9LfQB2JZsMpoJs7QG ku2KtabRK0bZRwDLyBDvwlxTm6ZlP7qyOqLcfqtLexpDSB4M0H3I/PQy1emvjjzgK+A0LmMKl6Lq zlqzh0VGAw440F6MJd8cY0nI7wiF/fVIBGY7UNCAXy6DmfYGCLLI0wtDbVcDUMqtJLmAhLqODQAe riERAxXJ1/QYGpa0ymqyytpKC19MNXHjvFmEsfcHIrncFR4xdbYWgmfEGLCcZokpGbGj1egMR+6M 1BkNX1pDdhPcOXpAnAeLQUwQLYepgQoZVNGS61yaE8CYA7gYAcWKzwGstACY2HTFvvOwk4FXAG/a mKHni/EcA/GkOk7I0IK7UMIf3+SahU8/FJdiE7KcuWdM3MFocUDEEIX9LfJoo4xV5tnNKc3jJuSs SZWgnnhepgU1zN4Hii18yW4RwDX52CXUtk0Hqz6cHOIUkWaX8fDcB+J7y1y2xDHwjv/8Buu8Ekz6 7tXQAAAAASUVORK5CYII=
In-reply-to: Your message of Wed, 18 Oct 2017 10:34:51 +0100 <20171018093451.GA10619@slab.skills-1st.co.uk>
Organization: I.B.S. LLC
References: <472170f5b7db5e94057fb0db506e116e@ibs.dn.ua> <20171018093451.GA10619@slab.skills-1st.co.uk>

thank you for reply

Andrew Findlay <andrew.findlay@skills-1st.co.uk> wrote:
> You should not change the definitions of standard attributes or
> objectclasses.

I remember that, though I wasn't able to get that working without patching ...

> That does not stop you from setting up an index for the
> attribute though, and most LDAP servers will then allow you to search
> for it even if the published schema does not allow for the possibility.

here is my story, what I tryed and what worked:

================================================================================================================
1. INDEX SUB
================================================================================================================
index   authorizedService sub,eq

in line 180 of slapd.conf and original ldapns.schema, slapd doesn't
start and complains with:

/usr/local/etc/openldap/slapd.conf: line 180: substr index of attribute "authorizedService" disallowed





================================================================================================================
2. ORIGINAL ldapns.schema - no substring search result
================================================================================================================

---[ slapd.conf ]-------------------------------------------
index   default eq,sub
index   authorizedService eq
---[ slapd.conf ]-------------------------------------------



---[ slapd.log with original ldapns.schema ]----------------------------------------
Oct 19 08:00:52 host slapd[1245]: conn=1008 op=1 SRCH base="ou=People,dc=foo" scope=2 deref=0 filter="(?authorizedService=web@*)"
Oct 19 08:00:52 host slapd[1245]: conn=1008 op=1 SRCH attr=* createTimestamp creatorsName modifiersName modifyTimestamp
Oct 19 08:00:52 host slapd[1245]: conn=1008 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
---[ slapd.log with original ldapns.schema ]----------------------------------------





================================================================================================================
3. PATCHED ldapns.schema - successful substring search
================================================================================================================

---[ ldapns.schema.patch ]-------------------------------------------
--- ldapns.schema.orig  2014-09-15 23:47:56.135989000 +0300
+++ ldapns.schema       2015-02-15 23:50:53.714906292 +0200
@@ -1,6 +1,7 @@
 attributetype ( 1.3.6.1.4.1.5322.17.2.1 NAME 'authorizedService'
  DESC 'IANA GSS-API authorized service name'
  EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreIA5SubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

 objectclass ( 1.3.6.1.4.1.5322.17.1.1 NAME 'authorizedServiceObject'
---[ ldapns.schema.patch ]-------------------------------------------
 


---[ slapd.conf ]-------------------------------------------
index   default eq,sub
index   authorizedService sub,eq
---[ slapd.conf ]-------------------------------------------



---[ slapd.log with patched ldapns.schema ]-------------------------------------------
Oct 19 08:04:40 host slapd[1367]: conn=1041 op=1 SRCH base="ou=People,dc=foo" scope=2 deref=0 filter="(authorizedService=web@*)"
Oct 19 08:04:40 host slapd[1367]: conn=1041 op=1 SRCH attr=* createTimestamp creatorsName modifiersName modifyTimestamp
Oct 19 08:04:40 host slapd[1367]: conn=1041 op=1 SEARCH RESULT tag=101 err=0 nentries=8 text=
---[ slapd.log with patched ldapns.schema ]-------------------------------------------

-- 
Zeus V. Panchenko				jid:zeus@im.ibs.dn.ua
IT Dpt., I.B.S. LLC					  GMT+2 (EET)

Attachment: signature.asc
Description: PGP signature

References:
- [Q] amendments to schemes existent
  - From: Zeus Panchenko <zeus@ibs.dn.ua>
- Re: [Q] amendments to schemes existent
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>

Prev by Date: Re: [ldapmodify] multiple entries of the same attibute
Next by Date: ldapsearch and inherit attributes
Index(es):
- Chronological
- Thread