[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: (ITS#4670) Problem with nisNetgroupTriple SYNTAX definition according to Sun support

--On Monday, September 11, 2006 7:15 PM +0000 nneul@umr.edu wrote:

> Maybe I'm not understanding something clearly...
> I see that nisNetgroupTripleSyntax is according to
> RFC2307, and that is how it is defined in the nis.schema file from
> openldap. What I don't see is any definition of


> If nisNetgroupTripleSyntax were a simple string value, that might be
> fine, but in the spec it is a 3 valued sequence:
>         nisNetgroupTripleSyntax ::= SEQUENCE {
>          hostname  [0] IA5String OPTIONAL,
>          username  [1] IA5String OPTIONAL,
>          domainname  [2] IA5String OPTIONAL
>         }
> How is that represented in openldap?
> I do see this at the top of nis.schema:
># Syntaxes are under (two new syntaxes are defined)
>#       validaters for these syntaxes are incomplete, they only
>#       implement printable string validation (which is good as the
>#       common use of these syntaxes violates the specification).
> So, here's what I'm unclear on is what the behavior of searches will be?
> I know that the solaris client sending requests to search for netgroup
> membership is not parsing properly - it looked like it was searching as
> a single string with embedded encoding characters, which obviously isn't
> going to match anything.
> As soon as we made that change on the server side, the searches were
> parsed properly with no change at all to the data contained in the
> database.
> Is it perhaps that the nisNetgroupTripleValidate routine in
> servers/slapd/schema_init.c needs to be enhanced and they just gave us
> that different syntax as a workaround? i.e. is it possible that the
> validate routine is treating a valid/common query on that attribute as
> invalid?

There is a reason RFC2307 is an *experimental* schema.  Since the syntaxes, 
etc, are not currently defined, there is no way for them to be interpreted.


Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html