[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: (ITS#4670) Problem with nisNetgroupTriple SYNTAX definition according to Sun support
Maybe I'm not understanding something clearly...
I see that nisNetgroupTripleSyntax is 1.3.6.1.1.1.0.0 according to
RFC2307, and that is how it is defined in the nis.schema file from
openldap. What I don't see is any definition of 1.3.6.1.1.1.0.0.
If nisNetgroupTripleSyntax were a simple string value, that might be
fine, but in the spec it is a 3 valued sequence:
nisNetgroupTripleSyntax ::= SEQUENCE {
hostname [0] IA5String OPTIONAL,
username [1] IA5String OPTIONAL,
domainname [2] IA5String OPTIONAL
}
How is that represented in openldap?
I do see this at the top of nis.schema:
# Syntaxes are under 1.3.6.1.1.1.0 (two new syntaxes are defined)
# validaters for these syntaxes are incomplete, they only
# implement printable string validation (which is good as the
# common use of these syntaxes violates the specification).
So, here's what I'm unclear on is what the behavior of searches will be?
I know that the solaris client sending requests to search for netgroup
membership is not parsing properly - it looked like it was searching as
a single string with embedded encoding characters, which obviously isn't
going to match anything.
As soon as we made that change on the server side, the searches were
parsed properly with no change at all to the data contained in the
database.
Is it perhaps that the nisNetgroupTripleValidate routine in
servers/slapd/schema_init.c needs to be enhanced and they just gave us
that different syntax as a workaround? i.e. is it possible that the
validate routine is treating a valid/common query on that attribute as
invalid?
-- Nathan
------------------------------------------------------------
Nathan Neulinger EMail: nneul@umr.edu
University of Missouri - Rolla Phone: (573) 341-6679
UMR Information Technology Fax: (573) 341-4216
> -----Original Message-----
> From: Quanah Gibson-Mount [mailto:quanah@stanford.edu]
> Sent: Monday, September 11, 2006 1:17 PM
> To: Neulinger, Nathan; openldap-its@OpenLDAP.org
> Subject: Re: (ITS#4670) Problem with nisNetgroupTriple SYNTAX
> definition according to Sun support
>
>
>
> --On Monday, September 11, 2006 5:36 PM +0000 nneul@umr.edu wrote:
>
> > Full_Name: Nathan Neulinger
> > Version: 2.3.27
> > OS: RHEL4
> > URL:
> > Submission from: (NULL) (216.229.75.78)
> >
> >
> > The definition of the nisNetgroupTriple in nis.schema is incorrect
> > according to Sun technical support. They has us change this
> entry in the
> > schema from:
>
> I suggest you refer Sun support to RFC2307, which is the RFC
> that defines
> the nisNetgroupTriple attribute.
>
> <http://www.ietf.org/rfc/rfc2307.txt>
>
> The RFC quite clearly states that the definition is:
>
> ( nisSchema.1.14 NAME 'nisNetgroupTriple'
> DESC 'Netgroup triple'
> SYNTAX 'nisNetgroupTripleSyntax' )
>
>
> It sounds like Sun has made a non-RFC compliant change to
> their schema
> definitions. Of course, this is an experimental schema and
> subject to
> change. However, the current working copy does not have the
> definition
> provided to you by Sun.
>
> Regards,
> Quanah
>
> --
> Quanah Gibson-Mount
> Principal Software Developer
> ITS/Shared Application Services
> Stanford University
> GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
>
>