[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: incomplete slapcat



I provided an example but it was the wrong one.  You can see that the
sshPublicKey attribute is shown in ldapsearch but isn't attached to the
main DB entry produced from a slapcat.

***********ldapsearch results*****************

# rpetkus, People, racf.bnl.gov
dn: uid=rpetkus,ou=People,dc=stuff,dc=bnl,dc=gov
uid: rpetkus
cn: Robert Petkus
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: racf
objectClass: ldapPublicKey
uidNumber: number
gidNumber: number
homeDirectory: /somewhere/rpetkus
loginShell: /bin/bash
gidNumberAtlas: number
homeDirectoryAtlas: /somewhere/rpetkus
experiment: RHIC/USATLAS
sn: rapetkus
employeeNumber: number
loginShellGateway: /bin/rbash
employeeStatus: Active
gecos: Robert Petkus
sshPublicKey: ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEA36Y8jfKTKJgphUO30oaI9W5QVRUg
 8+fM0FFYIkaiZUuaXBYpKaIiguUcQsy+3P+KjBTI0g1Qr3gewO20S0T4i8pDX1XasdfasdftDvNxbz3w
 se4V+PPGQ/Bm4DXTjGRoMVNBABIoqWo3vYOVCvKasdfasdfId5q6oStWrNuNmpV48=


******Here is the slapcat for my user**************

dn: uid=rpetkus,ou=People,dc=racf,dc=bnl,dc=gov
uid: rpetkus
cn: Robert Petkus
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: racf
uidNumber: number
gidNumber: number
homeDirectory: /somewhere/rpetkus
loginShell: /bin/bash
gidNumberAtlas: number
homeDirectoryAtlas: /somewhere/rpetkus
experiment: RHIC/USATLAS
structuralObjectClass: inetOrgPerson
entryUUID: 689ce5e4-010f-102a-8eef-9882d4436e05
creatorsName: cn=account,dc=bnl,dc=gov
createTimestamp: 20051214170418Z
sn: rapetkus
userPassword::
employeeNumber: number
loginShellGateway: /bin/rbash
employeeStatus: Active
gecos: Robert Petkus 1
entryCSN: 20060906145341Z#000000#00#000000
modifiersName: cn=Manager,dc=bnl,dc=gov
modifyTimestamp: 20060906145341Z

dn: reqStart=20060920134512.000000Z,cn=changelog
objectClass: auditModify
structuralObjectClass: auditModify
reqStart: 20060920134512.000000Z
reqEnd: 20060920134512.000001Z
reqType: modify
reqSession: 423
reqAuthzID: cn=Manager,dc=bnl,dc=gov
reqDN: uid=rpetkus,ou=People,dc=racf,dc=bnl,dc=gov
reqResult: 0
reqMod: sshPublicKey:= ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEA36Y8jfKTKJgphUO30oaI9W5QVRUg
8+fM0FFYIkaiZUuaXBYpKaIiguUcQsy+3P+KjBTI0g1Qr3gewO20S0T4i8pDXasdfasdftDvNxbz3w
se4V+PPGQ/Bm4DXTjGRoMVNBABIoqWo3vYOVCvKasdfasdfId5q6oStWrNuNmpV48=
reqMod: entryCSN:= 20060920134512Z#000000#00#000000
reqMod: modifiersName:= cn=account,dc=bnl,dc=gov
reqMod: modifyTimestamp:= 20060920134512Z
entryUUID: fb865d9c-dcf9-102a-8a91-e5d2e62e4f1a
creatorsName: cn=changelog
createTimestamp: 20060920134512Z
entryCSN: 20060920134512Z#000000#00#000000
modifiersName: cn=changelog
modifyTimestamp: 20060920134512Z





> >
> > 


Robert Petkus wrote:
> Quanah Gibson-Mount wrote:
>   
>> --On Tuesday, October 03, 2006 8:49 PM -0400 Robert Petkus
>> <rpetkus@bnl.gov> wrote:
>>
>>
>>
>>
>>     
>>> slapcat ldifs (slapcat -n 2 -l ldap.ldif) are polluted with accesslog
>>> entries that *replace* the original entries.  For example, my account dn
>>> won't include, say, sshPublicKey, but I'd see a reqMod entry with this
>>> attribute.
>>>       
>> First, I'd make life simpler by listing the monitoring database last.
>>
>> Second, your slapcat by definition dumps the accesslog database, not
>> your main database, since your databases are:
>>
>> 1: monitor
>> 2: cn=changelog
>> 3: dc=bnl,dc=gov
>>
>>
>> Or at least, that's my guess, and it seems to go with what you note. 
>> Or, you could change your slapcat to use "-b dc=bnl,dc=gov" which
>> would be more explicit.  That is, of course, assuming that you want to
>> dump your main DB and not the accesslog DB. ;)
>>     
> Yeah it would be convenient if I was that dumb ;) , but I had tried
> "-b", -n3, removing the accesslog db entries in slapd.conf and rerunning
> slapcat.  All with the same results -- most of the main DB with a bunch
> of accesslog DB garbage.   What is dogging me *so* much here is that
> these are 2 distinct physical databases.
>
> This is an example of the garbage I got yesterday from a slapcat for my
> user (an illustration that some attributes are not attached to the main
> DB but instead the accesslog DB, yet ldapsearchable to the main DB):
>
> Cheers,
> Robert
>
> ***********ldapsearch results*****************
>
> # rpetkus, People, racf.bnl.gov
> dn: uid=rpetkus,ou=People,dc=stuff,dc=bnl,dc=gov
> uid: rpetkus
> cn: Robert Petkus
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: top
> objectClass: racf
> objectClass: ldapPublicKey
> uidNumber: number
> gidNumber: number
> homeDirectory: /somewhere/rpetkus
> loginShell: /bin/bash
> gidNumberAtlas: number
> homeDirectoryAtlas: /somewhere/rpetkus
> experiment: RHIC/USATLAS
> sn: rapetkus
> employeeNumber: number
> loginShellGateway: /bin/rbash
> employeeStatus: Active
> gecos: Robert Petkus
> sshPublicKey: ssh-rsa
> AAAAB3NzaC1yc2EAAAABIwAAAIEA36Y8jfKTKJgphUO30oaI9W5QVRUg
>  8+fM0FFYIkaiZUuaXBYpKaIiguUcQsy+3P+KjBTI0g1Qr3gewO20S0T4i8pDX1XasdfasdftDvNxbz3w
>  se4V+PPGQ/Bm4DXTjGRoMVNBABIoqWo3vYOVCvKasdfasdfId5q6oStWrNuNmpV48=
>
>
> ******Here is the slapcat for my user**************
>
> dn: uid=rpetkus,ou=People,dc=racf,dc=bnl,dc=gov
> uid: rpetkus
> cn: Robert Petkus
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: top
> objectClass: racf
> uidNumber: number
> gidNumber: number
> homeDirectory: /somewhere/rpetkus
> loginShell: /bin/bash
> gidNumberAtlas: number
> homeDirectoryAtlas: /somewhere/rpetkus
> experiment: RHIC/USATLAS
> structuralObjectClass: inetOrgPerson
> entryUUID: 689ce5e4-010f-102a-8eef-9882d4436e05
> creatorsName: cn=account,dc=bnl,dc=gov
> createTimestamp: 20051214170418Z
> sn: rapetkus
> userPassword::
> employeeNumber: number
> loginShellGateway: /bin/rbash
> sshPublicKey: ssh-rsa
> AAAAB3NzaC1yc2EAAAABIwAAAIEA36Y8jfKTKJgphUO30oaI9W5QVRUg
>  8+fM0FFYIkaiZUuaXBYpKaIiguUcQsy+3P+KjBTI0g1Qr3gewO20S0T4i8pDX1XZELCHtDvNxbz3w
>  se4V+PPGQ/Bm4DXTjGRoMVNBABIoqWo3vYOVCvKReqWx5hc9Id5q6oStWrNuNmpV48=
> rpetkus@r
>  sec00
> employeeStatus: Active
> gecos: Robert Petkus 1
> entryCSN: 20060906145341Z#000000#00#000000
> modifiersName: cn=Manager,dc=bnl,dc=gov
> modifyTimestamp: 20060906145341Z
>
> dn: reqStart=20060920134512.000000Z,cn=changelog
> objectClass: auditModify
> structuralObjectClass: auditModify
> reqStart: 20060920134512.000000Z
> reqEnd: 20060920134512.000001Z
> reqType: modify
> reqSession: 423
> reqAuthzID: cn=Manager,dc=bnl,dc=gov
> reqDN: uid=rpetkus,ou=People,dc=racf,dc=bnl,dc=gov
> reqResult: 0
> reqMod: sshPublicKey:= ssh-rsa
> AAAAB3NzaC1yc2EAAAABIwAAAIEA36Y8jfKTKJgphUO30oaI9W5QVRUg
> 8+fM0FFYIkaiZUuaXBYpKaIiguUcQsy+3P+KjBTI0g1Qr3gewO20S0T4i8pDXasdfasdftDvNxbz3w
> se4V+PPGQ/Bm4DXTjGRoMVNBABIoqWo3vYOVCvKasdfasdfId5q6oStWrNuNmpV48=
> reqMod: entryCSN:= 20060920134512Z#000000#00#000000
> reqMod: modifiersName:= cn=account,dc=bnl,dc=gov
> reqMod: modifyTimestamp:= 20060920134512Z
> entryUUID: fb865d9c-dcf9-102a-8a91-e5d2e62e4f1a
> creatorsName: cn=changelog
> createTimestamp: 20060920134512Z
> entryCSN: 20060920134512Z#000000#00#000000
> modifiersName: cn=changelog
> modifyTimestamp: 20060920134512Z
>
>
>
>
>   
>> --Quanah
>>
>> -- 
>> Quanah Gibson-Mount
>> Principal Software Developer
>> ITS/Shared Application Services
>> Stanford University
>> GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
>>     
>
>
>   


-- 
Robert Petkus
Brookhaven National Laboratory
Physics Dept. - Bldg. 510A
Upton, New York 11973
Tel.       : +1 (631) 344 3258
Fax.       : +1 (631) 344 7616

http://www.bnl.gov/RHIC
http://www.acf.bnl.gov