[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: issues with equality matching and slapd death

To: Christopher Paul <chris.paul@rexconsulting.net>, openldap-technical@openldap.org
Subject: Re: issues with equality matching and slapd death
From: Quanah Gibson-Mount <quanah@symas.com>
Date: Fri, 28 Sep 2018 10:11:43 -0700
Content-disposition: inline
In-reply-to: <87270bec-8e52-5c1b-5e0c-b179ff11e28a@rexconsulting.net>
References: <f23d83db-f263-63d6-cbcf-34b23ed462a0@rexconsulting.net> <4C00FB10-C9F1-43AA-9D48-0A07FED4BF79@rexconsulting.net> <9444621599F90C8FC7E2B97B@[192.168.1.39]> <10ab8aa7-8b64-6c08-0838-354bc0c50196@rexconsulting.net> <723233FB596E61734E787E17@[192.168.1.39]> <87270bec-8e52-5c1b-5e0c-b179ff11e28a@rexconsulting.net>

--On Thursday, September 27, 2018 8:16 PM -0700 Christopher Paul<chris.paul@rexconsulting.net> wrote:

Well yeah it works now, after adding the EQUALITY rule to the
attribute(*). Can someone pls explain this to me? I'm not getting why
LDAP_MOD_REPLACE won't work without an EQUALITY rule.

If you mean the python LDAP_MOD_REPLACE, it's entire purpose is to ensureit works whether or not there is an EQUALITY rule (from what I read). Ifthat's not working right, you probably need to take that up with thepython-ldap folks.

Also, please note my original post on this thread. I just wanted to add
one attribute. It seems a lot more efficient, if I just want to add one
attribute (in this case to a multi-valued attribute) to be able to use
LDAP_MOD_ADD, instead of LDAP_MOD_REPLACE (or especially instead of
LDAP_MOD_DELETE/LDAP_MOD_ADD pair).

If you read back on my earlier responses, you'll note I mentioned"normalization" of the values.


Basic breakdown:

If an attribute is defined in the schema with an EQUALITY rule, then thevalues get normalized.If an attribute is defined in the schema without an EQUALITY rule, thereare no normalized values.


Case a: Normalized values

You can use changetype: modify + add to add value(s) to an attributebecause slapd has the knowledge with which to check for duplicate valuesbased on the EQUALITY rule.


Case b: No normalized values

You cannot use changetype: modify + add to add value(s) to an attributebecause slapd has no knowledge about whether or not there are duplicatevalues. You must use changetype: modify + replace.


I.e., if I have:

dn: uid=joe,cn=people,dc=example,dc=com
mail: joe@example.com

And in this case "mail" has no EQUALITY rule, if I try to do:

dn: uid=joe,cn=people,dc=example,dc=com
changetype: modify
add: joe@example2.com

it will fail, because there are no normalized values that slapd can use toensure I'm not adding a duplicate to what already exists. Instead, I mustdo:


dn: uid=joe,cn=people,dc=example,dc=com
changetype: modify
replace: mail
mail: joe@example.com
mail: joe@example2.com


Hope that helps.

--Quanah






--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

Follow-Ups:
- Re: issues with equality matching and slapd death
  - From: Michael Ströder <michael@stroeder.com>
- Re: issues with equality matching and slapd death
  - From: Christopher Paul <chris.paul@rexconsulting.net>

References:
- issues with equality matching and slapd death
  - From: Christopher Paul <chris.paul@rexconsulting.net>
- Re: issues with equality matching and slapd death
  - From: Chris Paul <chris.paul@rexconsulting.net>
- Re: issues with equality matching and slapd death
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: issues with equality matching and slapd death
  - From: Christopher Paul <chris.paul@rexconsulting.net>
- Re: issues with equality matching and slapd death
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: issues with equality matching and slapd death
  - From: Christopher Paul <chris.paul@rexconsulting.net>

Prev by Date: Re: olcTLSCACertificateFile and olcTLSCertificateFile displayed as encrypted?
Next by Date: Re: issues with equality matching and slapd death
Index(es):
- Chronological
- Thread