[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: JDNI allows non-schema changes (ITS#2151)



Kurt,

Ah, hm, I think I see what you are saying.   Currently, suPerson does not 
have the following objectclasses as MUSTS (although they really are 
required for it to be a valid suPerson entry):

person
organizationalPerson
inetOrgPerson
eduPerson
suPerson
suKerberosService
krb5Principal

So, we should have those as MUSTS in the suPerson entry for the add I 
showed you to fail, correct?

--Quanah

--On Friday, October 25, 2002 10:02 AM -0700 "Kurt D. Zeilenga" 
<Kurt@OpenLDAP.org> wrote:

> At 09:50 AM 2002-10-25, Quanah Gibson-Mount wrote:
>> Kurt,
>>
>> Output from slapd with debugging at 65535 has been uploaded to the ftp
>> server, named output.2151-1 Output from an ldapsearch on a correct
>> entry, and the bad entry, has been uploaded to the ftp server, named
>> output.2151-2.
>>
>> As you can see from the 2 entries, the objectclasses are missing on the
>> entry created by JNDI.  Note that this was done on Openldap 2.1.8.
>
> According to first log, the client did provide an objectClass
> value of suPerson for the entry. According to the second log,
> ldapsearch(1) obtained this value for the entry.  I don't
> see anything wrong here.
>
>
>> --Quanah
>>
>> --On Wednesday, October 23, 2002 5:35 PM -0700 "Kurt D. Zeilenga"
>> <Kurt@OpenLDAP.org> wrote:
>>
>>> Please provide a log of the LDAP Add message sent.
>>> This can be collected by enabling detail logging
>>> in slapd(8) or using tcpdump(8) or similar tools.
>>>
>>> At 02:27 PM 2002-10-23, quanah@stanford.edu wrote:
>>>> Full_Name: Quanah Gibson-Mount
>>>> Version: 2.1.5
>>>> OS: Solaris 8
>>>> URL: ftp://ftp.openldap.org/incoming/
>>>> Submission from: (NULL) (171.64.19.82)
>>>>
>>>>
>>>> System setup:
>>>>
>>>> cyrus-sasl 2.1.7
>>>> Berkeley DB 4.0.14 + Openldap suggested patches
>>>> Kerberos5 1.2.1
>>>> Openldap 2.1.5
>>>> Openssl 0.9.6g
>>>> OS: Solaris 8
>>>>
>>>> When using JNDI to connect to the master directory server, we are able
>>>> to add entries without any objectclasses using jndi
>>>> -no complaints or errors and the entry is searchable ...just doesn't
>>>> have any objectclasses lists.
>>>> schemachecking is on and is very strict about doing this on the
>>>> commandline
>>>>
>>>> --Quanah
>>
>>
>>
>> --
>> Quanah Gibson-Mount
>> Senior Systems Administrator
>> ITSS/TSS/Computing Systems
>> Stanford University
>> GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
>



--
Quanah Gibson-Mount
Senior Systems Administrator
ITSS/TSS/Computing Systems
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html