[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Strange slapadd behavior

To: Michael Ströder <michael@stroeder.com>, Ezsra McDonald <ezsra.mcdonald@gmail.com>
Subject: Re: Strange slapadd behavior
From: Quanah Gibson-Mount <quanah@symas.com>
Date: Mon, 15 Apr 2019 12:54:55 -0700
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <a370ff40-be02-156b-7892-bd9f6a79ef4e@stroeder.com>
References: <CAGo-12BHxtP=_m5_Fezrx_wZ0GnN1NG-4BWGV_xiVWvERqswsg@mail.gmail.com> <9F83C8F00F03A5F46726EE82@192.168.1.39> <CAGo-12BR4HaE3wFn+rz80yr7dEWWSnuY2XAf3_OtV_YOEHP1Cg@mail.gmail.com> <a370ff40-be02-156b-7892-bd9f6a79ef4e@stroeder.com>

--On Monday, April 15, 2019 10:47 PM +0200 Michael Ströder<michael@stroeder.com> wrote:

On 4/15/19 7:53 PM, Ezsra McDonald wrote:

We were hoping to carry over all the operational attributes associated
with objects in the LDAP. If I remember correctly, ldapadd will not
apply operational attributes.


Provided you're using a bind-DN with manage privilege you can use Relax
Rules control [1] for also adding operational attributes via LDAP:

ldapadd -e relax

[1] https://tools.ietf.org/html/draft-zeilenga-ldap-relax

I would note that while it looks like that would work in this case, itdoesn't work for all operational attributes (for example, the ones added bythe ppolicy overlay).


--Quanah



--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

References:
- Strange slapadd behavior
  - From: Ezsra McDonald <ezsra.mcdonald@gmail.com>
- Re: Strange slapadd behavior
  - From: Ezsra McDonald <ezsra.mcdonald@gmail.com>
- Re: Strange slapadd behavior
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: Strange slapadd behavior
Next by Date: Re: Strange slapadd behavior
Index(es):
- Chronological
- Thread