[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Comparing slapcat output
My OpenLDAP 2.2.23 is rather quiescent at about 02:00 AM so
I do a `slapcat' on each slave to check whether the output
is identical to that of the master in order to check consistency.
I notice that entries which have been modified by Heimdal Kerberos
over slapi differ for the modifiersName and creatorsName attribute
types:
| $ diff master.ldif slave.ldif
| < modifiersName: uidnumber=0+gidnumber=0,cn=peercred,cn=external,cn=auth
| ---
| > modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
| 1257507c1257507
| < creatorsName: uidnumber=0+gidnumber=0,cn=peercred,cn=external,cn=auth
| ---
| > creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
The relevant portion of the ACL is:
| access to dn.subtree="ou=KerberosPrincipals,ou=Devices,dc=retail-sc,dc=com"
| by peername.path="/var/run/slapd-master.sock" write
| by dn.exact="uidnumber=0+gidnumber=0,cn=peercred,cn=external,cn=auth" write
| by * none
What is the reason for the differing order of the RDN of the
modifier/creator?
Thanks,
-JP