[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: nisNetgroupTriple trouble
On Sat, Apr 07, 2007 at 12:48:55AM -0700, Howard Chu wrote:
> Ryan Lovett wrote:
> >I turned up the logging on the OpenLDAP server and spotted several
> >instances of:
> >
> >get_ava: illegal value for attributeType nisNetgroupTriple
> >
> >I've looked over RFC 2307 and the values stored in OpenLDAP seem to be
> >consistent with the defined syntax. Additionally, the server did not object
> >when I inserted the data so I don't know why there is a problem when
> >reading it.
>
> Most likely this error message is reporting the wrong thing. In fact
> there is no equality matching rule for the nisNetgroupTriple
> attributetype, so it cannot be used in a search filter.
Thanks for your feedback. Given your information I searched a bit more and
found this post:
http://osdir.com/ml/ldap.padl.nss/2005-02/msg00004.html
where someone changed the attributetype from
attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple'
DESC 'Netgroup triple'
SYNTAX 1.3.6.1.1.1.0.0 )
to
attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple'
DESC 'Netgroup triple'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
This quieted the get_ava message and solved my problem where the client
wasn't able to lookup the netgroup data. Apparently this has also helped a
few other people with Solaris clients:
http://www.openldap.org/lists/openldap-software/200402/msg00584.html
http://sapiens.wustl.edu/~sysmain/info/openldap/schemas/nis.schema
http://www.archivesat.com/OpenLDAP_bugs/thread1581049.htm
I'm mentioning these reports in case it helps other people.
Regards,
Ryan