[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OpenLDAP with back-sql schemacheck
On Fri, 20 Aug 2004 09:39:24 +0200
Pierangelo Masarati <ando@sys-net.it> wrote:
> Remco Post wrote:
>
> >Hi all,
> >
> >again, more questions for back-sql with postgresql
> >
> >I have some posixaccount entries in my ldap. With schemacheck off,
> >the slapd is very happy to present these to the clients, but for some
> >reason these will fail the schemacheck. Unfortunately, with all
> >debugging on(-d 4095) openldap 2.2.15 still won't tell me what is
> >wrong with the record or which attribute is wrong, just that it is
> >one of the many.
> >
> >My organization and organizationalUnit entries in the same database
> >are ok according to the server, it's just the posixaccount records
> >(and possibly the shadowaccount attributes too, haven't gotten around
> >to debugging those) that are causing me headaches....
> >
> >
> Schema checking in back-sql is somewhat tricky. There might be some
> overconsstraint, since schema checking is right now enforced everytime
> an entry is built, in backsql_id2entry(). The fact hat your entries
> do not conform to schema is likely related to a real violation (unless
> there's any bug in the frontend's schema checking routines, but this
> is very unlikely, otherwise it would appear with any backend, not just
> back-sql).
>
> The opportunity to check schema compliance in search results, however,
> is questionable, because we're dealing with entries that are generated
> on the fly based on the search request parameters (e.g. the only the
> explicitly required attributes are present), and search results may be
> partial also because of access restrictions and so; I would favor
> wiping this check out of the search operation (or maybe make it a
> specific back-sql option, for those who require schema compliance).
>
> >any hint on how to check these would be great....
> >
> >
> In this precise case, the only check is the appropriateness of the
> objectClass
> inheritance chain, i.e. a structuralObjectClass must be clearly
> identifiable
> from the values of the objectClass attribute.
>
I guess that is my problem, posixaccount has an axillary relation to
top, but no structural. I guess I could change te world around by adding
a person objectclass to my records, to fix this, provided that the other
problem I mentiond, and you are fixing now is solved....
> I'm adding a log of the failure reason, to help debug your problem.
>
> p.
>
>
>
>
> SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax:
> +390382476497
>
--
Met vriendelijke groeten,
Remco Post
SARA - Reken- en Netwerkdiensten http://www.sara.nl
High Performance Computing Tel. +31 20 592 3000 Fax. +31 20 668 3167
"I really didn't foresee the Internet. But then, neither did the
computer industry. Not that that tells us very much of course - the
computer industry didn't even foresee that the century was going to
end." -- Douglas Adams