[Date Prev][Date Next] [Chronological] [Thread] [Top]

Comparing slapcat output



My OpenLDAP 2.2.23 is rather quiescent at about 02:00 AM so
I do a `slapcat' on each slave to check whether the output
is identical to that of the master in order to check consistency.
 I notice that entries which have been modified by Heimdal Kerberos
over slapi differ for the modifiersName and creatorsName attribute
types:

| $ diff master.ldif slave.ldif
| < modifiersName: uidnumber=0+gidnumber=0,cn=peercred,cn=external,cn=auth
| ---
| > modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
| 1257507c1257507
| < creatorsName: uidnumber=0+gidnumber=0,cn=peercred,cn=external,cn=auth
| ---
| > creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth


The relevant portion of the ACL is:


| access to dn.subtree="ou=KerberosPrincipals,ou=Devices,dc=retail-sc,dc=com"
|        by peername.path="/var/run/slapd-master.sock"     write
|        by dn.exact="uidnumber=0+gidnumber=0,cn=peercred,cn=external,cn=auth" write
|        by * none

What is the reason for the differing order of the RDN of the
modifier/creator?

Thanks,
	-JP