[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Error when try modify olcTLS*
- To: Quanah Gibson-Mount <quanah@symas.com>, Igor Sousa <igorvolt@gmail.com>
- Subject: Re: Error when try modify olcTLS*
- From: Howard Chu <hyc@symas.com>
- Date: Fri, 12 Jul 2019 02:56:12 +0100
- Cc: openldap-technical@openldap.org
- In-reply-to: <758427B3CD8C6FF7EDCBA715@[192.168.1.39]>
- References: <CAAg2ztWXNS0=G1zT=BO2KPTMzC0gc0Q+7ecRH_8N8gawvbrTVg@mail.gmail.com> <ECDFD8D8BD5A32677D782E4D@192.168.1.39> <CAAg2ztUUYCbw=7UD5eoLsPzyOC9FQLJN+gEjycdRqiLOnxtPEQ@mail.gmail.com> <758427B3CD8C6FF7EDCBA715@[192.168.1.39]>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0 SeaMonkey/2.53
Quanah Gibson-Mount wrote:
> --On Thursday, July 11, 2019 5:29 PM -0300 Igor Sousa <igorvolt@gmail.com> wrote:
>
>> I've tested your suggestion and delete operation has worked fine, but
>> I've still had the same problem described previously when I've tried add
>> new olcTLSCertificateFile or new olcTLSCertificateKeyFile or new
>> olcTLSCACertificateFile. I don't understand the reason for that.
>
>>> You're likely hitting ITS#8286 with the replace operations. Another
> idea may be to change replace to a delete+add in the same operation sequence.
>
>
> <https://www.openldap.org/its/index.cgi/?findid=8286>
>
> The details in the ITS aren't as flushed out as they probably should be, but if a configuration element is missing an EQUALITY matching rule, then you generally
> cannot use a replace OP on them.
That's not correct. A replace op always works. It is only [Delete/Add] value that requires an equality rule.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/