[Date Prev][Date Next] [Chronological] [Thread] [Top]

nisNetgrouptriple

To: OpenLDAP list <openldap-software@OpenLDAP.org>
Subject: nisNetgrouptriple
From: Paul Jakma <paul@clubi.ie>
Date: Sun, 22 Feb 2004 22:55:00 +0000 (GMT)

Hi,

I have a problem adding nisNetgrouptriple's to existing netgroups:

$ cat /tmp/netgroups
# linux-i386-hosts, Netgroup, jakma.org
dn: cn=linux-i386-hosts,ou=Netgroup,dc=jakma,dc=org
changetype: modify
add: nisNetgroupTriple
nisNetgroupTriple: (rossi,,)
nisNetgroupTriple: (edwards,,)
$ ldapmodify -f /tmp/netgroups
modifying entry "cn=linux-i386-hosts,ou=Netgroup,dc=jakma,dc=org"
ldapmodify: update failed: 
cn=linux-i386-hosts,ou=Netgroup,dc=jakma,dc=org
ldap_modify: Inappropriate matching (18)
        additional info: modify/add: nisNetgroupTriple: no equality 
matching rule

nisNetgrouptriple appears to use a dedicated syntax, 1.3.6.1.1.1.0.0, 
defined, from RFC2307:

( nisSchema.0.0 NAME 'nisNetgroupTripleSyntax'
             DESC 'NIS netgroup triple' )

   Values in this syntax are represented by the following:

        nisnetgrouptriple = "(" hostname "," username "," domainname ")"
        hostname          = "" / "-" / keystring
        username          = "" / "-" / keystring
        domainname        = "" / "-" / keystring

Used by netnisgrouptriple:

   ( nisSchema.1.14 NAME 'nisNetgroupTriple'
          DESC 'Netgroup triple'
          SYNTAX 'nisNetgroupTripleSyntax' )

Which is then referenced in the nisnetgroup objectclass:

  ( nisSchema.2.8 NAME 'nisNetgroup' SUP top STRUCTURAL
          DESC 'Abstraction of a netgroup. May refer to other netgroups'
          MUST cn
          MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) )

My questions:

- in the absence of any definition for equality in the rfc, what 
equality can we assume? and can an equality be added to openldap?

- abd would a patch be accepted to add an equality ( test to
mrule_defs for nisNetgroupTriple? (is that the right way to do it? 
which OID would be suitable?)

In the meantime, (thanks to someone who replied to this same question
a long time ago on the openldap list, strangely, in answer to me :) )
I've worked round the problem by changing the nis.scheme entry for
attributetype nisNetgroupTriple to IA5String, which has an equality
operator defined in its syntax:

--- nis.schema.default  2003-10-23 15:26:01.000000000 +0100
+++ nis.schema  2004-02-22 22:12:51.000000000 +0000
@@ -87,7 +87,8 @@
 
 attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple'
        DESC 'Netgroup triple'
-       SYNTAX 1.3.6.1.1.1.0.0 )
+       EQUALITY caseExactIA5Match
+       SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 
 attributetype ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort'
        EQUALITY integerMatch


regards,
-- 
Paul Jakma	paul@clubi.ie	paul@jakma.org	Key ID: 64A2FF6A
	warning: do not ever send email to spam@dishone.st
Fortune:
"Life sucks, but it's better than the alternative."
-- Peter da Silva

Prev by Date: Re: Library version naming confusion
Next by Date: Internet scans on port 389
Index(es):
- Chronological
- Thread