Re: redMod with single colon

[Ondřej Kuzník <ondra@mistotebe.net>]

On Wed, Jun 28, 2017 at 05:33:26PM +0200, Michael Ströder wrote:
> HI!
> 
> I have several accesslog entries with 'reqMod' containing a single colon. :-/
> 
> Example (excerpt):
> 
> [..]
> reqMod: aeTicketId:- IAM-31
> reqMod:: Og==
> reqMod: aeTicketId:+ IAM-201
> reqMod: member:- uid=foo1,cn=ae,ou=ae-dir
> reqMod: member:- uid=foo2,cn=ae,ou=ae-dir
> reqMod:: Og==
> reqMod: member:+ uid=foo1,cn=ae,ou=ae-dir
> reqMod: member:+ uid=foo2,cn=ae,ou=ae-dir
> reqMod: member:+ uid=foo3,cn=ae,ou=ae-dir
> reqMod: memberUid:- foo1
> reqMod: memberUid:- foo2
> reqMod:: Og==
> reqMod: memberUid:+ foo1
> reqMod: memberUid:+ foo2
> reqMod: memberUid:+ foo3
> [..]
> 
> (before you ask: An account foo3 added to Æ-DIR user group with hybrid group schema
> compatible to RFC2307 and RFC2307bis.)
> 
> Under which circumstances is slapo-accesslog writing a single colon?
> 
> Currently I cannot easily reproduce it and I don't know what was so special about this
> particular modify operation (sent by web2ldap).

Hi,
this is intended and how the issue in ITS#6545 has been fixed.

The operation you are looking at has removed some values, then added
other values for the same attribute straight away as another modify
within the same op.

Regards,

-- 
Ondřej Kuzník
Senior Software Engineer
Symas Corporation                       http://www.symas.com
Packaged, certified, and supported LDAP solutions powered by OpenLDAP