[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Substrings in attributes - changing schemas

To: Quanah Gibson-Mount <quanah@zimbra.com>
Subject: Re: Substrings in attributes - changing schemas
From: Nick Milas <nick@eurobjects.com>
Date: Fri, 14 Jan 2011 13:31:55 +0200
Cc: openldap-technical@openldap.org
In-reply-to: <F8E82E6AB805C0BD4979F185@[192.168.1.2]>
References: <4D287ED8.7000205@eurobjects.com> <4D2CAF59.9090101@eurobjects.com> <F8E82E6AB805C0BD4979F185@[192.168.1.2]>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20101207 Lightning/1.0b2 Thunderbird/3.1.7

Thanks Quanah,

But, in the meantime, problems went worse!

I found this message/thread:http://www.openldap.org/lists/openldap-software/200612/msg00095.htmlwhich indicates that that user couldn't even do exact matches (withaRecord attribute values).


I then tested, and found he was right! I can't do exact matches as well!

In my slapd.conf I have:

   index associatedDomain pres,eq,sub
   index aRecord pres,eq

And here is the result of my queries (exact match):

   # ldapsearch2.4 -x -v -D "cn=Manager,dc=noa,dc=gr" -W -s sub -b
   "ou=dns1,dc=noa,dc=gr" arecord=195.251.202.63 dn
   ldap_initialize( <DEFAULT> )
   Enter LDAP Password:
   filter: arecord=195.251.202.63
   requesting: dn
   # extended LDIF
   #
   # LDAPv3
   # base <ou=dns1,dc=noa,dc=gr> with scope subtree
   # filter: arecord=195.251.202.63
   # requesting: dn
   #

   # search result
   search: 2
   result: 0 Success

   # numResponses: 1

But, if I search with another attribute (also exact match):

   # ldapsearch2.4 -x -v -D "cn=Manager,dc=noa,dc=gr" -W -s sub -b
   "ou=dns1,dc=noa,dc=gr" associateddomain=nmilas1.astro.noa.gr dn
   ldap_initialize( <DEFAULT> )
   Enter LDAP Password:
   filter: associateddomain=nmilas1.astro.noa.gr
   requesting: dn
   # extended LDIF
   #
   # LDAPv3
   # base <ou=dns1,dc=noa,dc=gr> with scope subtree
   # filter: associateddomain=nmilas1.astro.noa.gr
   # requesting: dn
   #

   # nmilas1.astro, noa.gr, dns1, noa.gr
   dn: dc=nmilas1.astro,dc=noa.gr,ou=dns1,dc=noa,dc=gr

   # search result
   search: 2
   result: 0 Success

   # numResponses: 2
   # numEntries: 1

What may be wrong?

In that case, you (Quanah) tested with a "junk schema". Would it makesense to test with the real schemas ?


Here is the whole entry (on which searches were conducted):

   dn: dc=nmilas1.astro,dc=noa.gr,ou=dns1,dc=noa,dc=gr
   objectClass: dNSDomain2
   objectClass: domainRelatedObject
   dc: nmilas1.astro
   associatedDomain: nmilas1.astro.noa.gr
   aRecord: 195.251.202.63

domainRelatedObject is in cosine.schema, associatedDomain is incore.schema, aRecord is in cosine.schema. Definitions:


   attributetype ( 0.9.2342.19200300.100.1.26 NAME 'aRecord'
   EQUALITY caseIgnoreIA5Match
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

   attributetype ( 0.9.2342.19200300.100.1.37
   NAME 'associatedDomain'
   DESC 'RFC1274: domain associated with object'
   EQUALITY caseIgnoreIA5Match
   SUBSTR caseIgnoreIA5SubstringsMatch
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

Nick


On 11/1/2011 9:38 μμ, Quanah Gibson-Mount wrote:

Yes. The proper thing to do would be to start an updated RFC to getthe old definitions updated, or to create your own attribute that hasimproved matching rules. A lot of the old RFCs were created at a timewhen their current uses weren't imagined, or a need for doing thingsdifferently than what they were designed to do wasn't thought of.
--Quanah

Follow-Ups:
- Re: Substrings in attributes - changing schemas
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

References:
- Substrings in attributes - changing schemas
  - From: Nick Milas <nick@eurobjects.com>
- Re: Substrings in attributes - changing schemas
  - From: Nick Milas <nick@eurobjects.com>
- Re: Substrings in attributes - changing schemas
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: Re: Problems importing ppolicy LDIF: LDAP_INVALID_SYNTAX
Next by Date: Re: Substrings in attributes - changing schemas
Index(es):
- Chronological
- Thread