Ori Bani wrote: > On Mon, Jan 21, 2013 at 12:50 PM, Michael Ströder <michael@stroeder.com> wrote: >> Ori Bani wrote: >>> On Mon, Jan 21, 2013 at 12:42 PM, Michael Ströder <michael@stroeder.com> wrote: >>>> Ori Bani wrote: >>>>> Thanks so much for the reply. Can you please clarify -- >>>>> >>>>>>> Am I doing something wrong? Here is an example: >>>>>>> >>>>>>> $ ldapmodify -c -x -D 'cn=config' -W >>>>>>> Enter LDAP Password: <password> >>>>>>> dn: olcDatabase={0}config,cn=config >>>>>>> changetype: modify >>>>>>> delete: olcSizeLimit >>>>>>> - >>>>>>> modifying entry "olcDatabase={0}config,cn=config" >>>>>>> ldap_modify: No such attribute (16) >>>>>>> additional info: modify/delete: olcSizeLimit: no such attribute >>>>>> >>>>>> Option -c does not mean that you can override any server-side checking. It >>>>>> just means that processing the LDIF input is continued. >>>>>> >>>>>> In your case entry olcDatabase={0}config,cn=config simply does not contain >>>>>> attribute 'olcSizeLimit' which is what the error message says. >>>>> >>>>> I'd be fine if that was the case, but I'm not seeing it work as you >>>>> suggest (processing does NOT continue). Surely I'm doing something >>>>> wrong. Here is an example of a situation where the subsequest action >>>>> in the LDIF is ignored after the error: >>>>> >>>>> $ ldapmodify -c -x -D 'cn=config' -W >>>>> Enter LDAP Password: <password> >>>>> dn: olcDatabase={0}config,cn=config >>>>> changetype: modify >>>>> delete: olcSizeLimit >>>>> - >>>>> add: olcSizeLimit >>>>> olcSizeLimit: 250 >>>>> - >>>>> modifying entry "olcDatabase={0}config,cn=config" >>>>> ldap_modify: No such attribute (16) >>>>> additional info: modify/delete: olcSizeLimit: no such attribute >>>> >>>> Why don't you just use this if attribute 'olcSizeLimit' is not in >>>> the entry yet? >>> >>> Part of an automated system. >> >> Then fix that system. > > Spare the snide comments. This was good advice and not a snide comment. >>> If -c worked as the man page states, >>> this should not be a problem. >> >> You misinterpret completely what the man page says about option -c. > > It's easy to interpret it as I have given the vague quality of the man page. > > -c Continuous operation mode. Errors are reported, but ldapmodify will > continue with modifications. The default is to exit > after reporting > an error. > > It says nothing about *where* it will continue. Next line, next > entry, what? As I've said in my last email, by trial and error, I > determined that it continues with the next entry. Well, because of the LDAP functional model a single LDAP write operation will completely succeed or completely fail. And a single LDIF change record piped to ldapmodify will result in a *single* write operation. >> Read RFC 2849 about how LDIF is structured. And then understand that your LDIF >> change record leads to a *single* modify request which obviously fails because >> of 'olcSizeLimit' not existing (which is a feature not a bug). > > Is your answer to all OpenLDAP users coming here for assistance really > to read the RFC to clarify vague man pages and other > misunderstandings? If you're aim is to write an automated system - as you wrote before - you have to understand how LDIF input data is structured and how LDAP operations are processed. Reading RFCs is simply helpful for understanding. So this is simply meant as good advice. Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature