[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OpenLDAP incroyable!
- To: Onno van der Straaten <onno.van.der.straaten@gmail.com>, openldap-technical@openldap.org
- Subject: Re: OpenLDAP incroyable!
- From: Quanah Gibson-Mount <quanah@zimbra.com>
- Date: Wed, 26 Nov 2014 09:55:43 -0800
- Content-disposition: inline
- Dkim-filter: OpenDKIM Filter v2.9.2 edge02.zimbra.com 15B2EA627D
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zimbra.com; s=C2AA288C-EE47-11E2-9BB0-E820BDD9BDBF; t=1417024557; bh=H8TnvzKwwzETvIUsf1vJG5VlBij/fv4i7sSd69i+gJc=; h=Date:From:To:Subject:Message-ID:MIME-Version:Content-Type: Content-Transfer-Encoding; b=U4FL2vapUS6ETHYCpZjG+2pLWjGkJW7rawjCZHr9nWKsAgypN3GL8bbtYA8C1COYL PiNQRI3C1g53Q2tTlQqsRsHehxDQm3C58XmyJj4Ak2NGQI2Wcgoq+n11VeDTUj7PAa CQ+l8ZCE/jlXSq1rINFgvdHrxiB6MJOX6ZOtpDHs=
--On Wednesday, November 26, 2014 12:13 PM +0100 Onno van der Straaten
<onno.van.der.straaten@gmail.com> wrote:
And....another one. Amazing. So hard to understand the OpenLDAP
interface. Might just as well have been in Chinese.
$ ldapmodify -h zimbra.server.com -p 389 -D "cn=config" -f
olc_password_hash.ldif -W
ldap_initialize( ldap://zimbra.onknows.com:389 )
Enter LDAP Password:
replace olcPasswordHash:
{SSHA}
modifying entry "olcDatabase={-1}frontend,cn=config"
modify complete
So the "modify complete" sort of suggestive of some kind of success
completion or change applied. One would think. No.
The olcPasswordHash was "modified complete" to have exact same value as
before. Sort of expected OpenLDAP to be "unwilling to perform", which
often it is. Not now. It just is "willing to ignore". Almost human.
Your list of complaints so far:
a) You told OpenLDAP to load a file that didn't exist
b) You modified a file, by hand, where the first comment in the file is:
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
c) In doing (b), you failed to preserve proper file permissions
d) You failed to use the correct tools for doing what you wanted to do,
after you broke the configuration (slapcat/slapadd)
I'm not really sure what to make of your above complaint. It seems you are
saying you think it is an error for ldap to replace a value with itself?
All LDAP servers will do that with a replace operation.
I.e., there is significant user error present here, and you got yourself
into a bad spot, and made it worse via your own actions. A lack of
understanding how to use a piece of software does not indicate the software
itself is flawed. I will agree that it takes some time to learn how to
work with LDAP in general, regardless of it is OpenLDAP, 389, Apache DS,
etc. It may indeed be best in your case, to have a graphical UI hiding the
grisly details from you, since those details are apparently causing
significant challenge in your case. However, in the long run, it pays off
significantly to understand the technology you're attempting to use.
--Quanah
--
Quanah Gibson-Mount
Server Architect
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration