Re: issues with equality matching and slapd death

Fri, 28 Sep 2018 10:12:34 -0700

--On Thursday, September 27, 2018 8:16 PM -0700 Christopher Paul <[email protected]> wrote: 


Well yeah it works now, after adding the EQUALITY rule to the
attribute(*). Can someone pls explain this to me? I'm not getting why
LDAP_MOD_REPLACE won't work without an EQUALITY rule.



If you mean the python LDAP_MOD_REPLACE, it's entire purpose is to ensure 
it works whether or not there is an EQUALITY rule (from what I read).  If 
that's not working right, you probably need to take that up with the 
python-ldap folks.



Also, please note my original post on this thread. I just wanted to add
one attribute. It seems a lot more efficient, if I just want to add one
attribute (in this case to a multi-valued attribute) to be able to use
LDAP_MOD_ADD, instead of LDAP_MOD_REPLACE (or especially instead of
LDAP_MOD_DELETE/LDAP_MOD_ADD pair).



If you read back on my earlier responses, you'll note I mentioned 
"normalization" of the values.


Basic breakdown:


If an attribute is defined in the schema with an EQUALITY rule, then the 
values get normalized.
If an attribute is defined in the schema without an EQUALITY rule, there 
are no normalized values.


Case a: Normalized values


You can use changetype: modify + add to add value(s) to an attribute 
because slapd has the knowledge with which to check for duplicate values 
based on the EQUALITY rule.


Case b: No normalized values


You cannot use changetype: modify + add to add value(s) to an attribute 
because slapd has no knowledge about whether or not there are duplicate 
values.  You must use changetype: modify + replace.


I.e., if I have:

dn: uid=joe,cn=people,dc=example,dc=com
mail: [email protected]

And in this case "mail" has no EQUALITY rule, if I try to do:

dn: uid=joe,cn=people,dc=example,dc=com
changetype: modify
add: [email protected]


it will fail, because there are no normalized values that slapd can use to 
ensure I'm not adding a duplicate to what already exists.  Instead, I must 
do:


dn: uid=joe,cn=people,dc=example,dc=com
changetype: modify
replace: mail
mail: [email protected]
mail: [email protected]


Hope that helps.

--Quanah






--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

























					Reply via email to