Discussion:
implementation specific error trying to modify olcSyncProvConfig object
(too old to reply)
Angel L. Mateo
2015-10-02 09:56:38 UTC
Permalink
Raw Message
Content preview: Hello, I am trying to modify an already existing configuration
in my openldap servers (I have tried with 2.4.31 an 2.4.41). Its current
ldif is: dn: olcOverlay={0}syncprov objectClass: olcConfig objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig olcOverlay: {0}syncprov structuralObjectClass:
olcSyncProvConfig entryUUID: ef486ea8-bf26-1034-850e-938b6f4c1ac2 creatorsName:
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth createTimestamp:
20150715102100Z entryCSN: 20151002093808.730729Z#000000#01e#000000 modifiersName:
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth modifyTimestamp:
20151002093808Z [...]

Content analysis details: (-1.9 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.0 RCVD_IN_DNSWL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to DNSWL
was blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[155.54.212.162 listed in list.dnswl.org]
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: um.es]
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
-0.0 SPF_PASS SPF: sender matches SPF record
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]

Hello,

I am trying to modify an already existing configuration in my openldap
servers (I have tried with 2.4.31 an 2.4.41). Its current ldif is:

dn: olcOverlay={0}syncprov
objectClass: olcConfig
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: {0}syncprov
structuralObjectClass: olcSyncProvConfig
entryUUID: ef486ea8-bf26-1034-850e-938b6f4c1ac2
creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
createTimestamp: 20150715102100Z
entryCSN: 20151002093808.730729Z#000000#01e#000000
modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifyTimestamp: 20151002093808Z

Now, I'm trying to add olcSpSessionlog and olcCheckpoint attributes, so
I have this update ldif:

dn: olcOverlay={0}syncprov,olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSpCheckpoint
olcSpCheckpoint: 100 10
-
replace: olcSpSessionlog
olcSpSessionlog: 100

(I know I could use add operations instead of replace, but the ldif is
generated from a configuration system). When I try to run this ldif I get:

# /usr/bin/ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/update.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcOverlay={0}syncprov,olcDatabase={2}hdb,cn=config"
ldap_modify: Other (e.g., implementation specific) error (80)

This is a rare behaviour, because I have tried changing the order of
the modifications and it works:

# /usr/bin/ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/update.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcOverlay={0}syncprov,olcDatabase={2}hdb,cn=config"

I have also tried separating the modifications in two different
operations (first with olcSpCheckpoint) and then I get a "no such
attribute" error:

# /usr/bin/ldapmodify -Y EXTERNAL -H ldapi:///
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
dn: olcOverlay={0}syncprov,olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSpCheckpoint
olcSpCheckpoint: 100 10

modifying entry "olcOverlay={0}syncprov,olcDatabase={2}hdb,cn=config"

dn: olcOverlay={0}syncprov,olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSpSessionlog
olcSpSessionlog: 100

modifying entry "olcOverlay={0}syncprov,olcDatabase={2}hdb,cn=config"
ldap_modify: Other (e.g., implementation specific) error (80)
additional info: modify/delete: olcSpSessionlog: no such attribute

The same operation but trying to update first the olcSpSessionlog
attribute also errors with "no such attribute":

# /usr/bin/ldapmodify -Y EXTERNAL -H ldapi:///
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
dn: olcOverlay={0}syncprov,olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSpSessionlog
olcSpSessionlog: 100

modifying entry "olcOverlay={0}syncprov,olcDatabase={2}hdb,cn=config"
ldap_modify: Other (e.g., implementation specific) error (80)
additional info: modify/delete: olcSpSessionlog: no such attribute

Is this a bug? If not, why I'm having this error? Any idea?
--
Angel L. Mateo Martínez
Sección de Telemática
Área de Tecnologías de la Información
y las Comunicaciones Aplicadas (ATICA)
http://www.um.es/atica
Tfo: 868887590
Fax: 868888337
Quanah Gibson-Mount
2015-10-05 20:27:40 UTC
Permalink
Raw Message
Content preview: --On Friday, October 02, 2015 12:56 PM +0200 "Angel L. Mateo"
<***@um.es> wrote: > Is this a bug? If not, why I'm having this error?
Any idea? No, it is by design. You are encountering the error because that's
what it is designed to do. Whether or not that is the correct design is a
different question. But everything is working here as it is supposed to currently.
[...]

Content analysis details: (-4.3 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
-2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/, medium
trust
[162.209.122.184 listed in list.dnswl.org]
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: um.es]
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
-0.0 SPF_PASS SPF: sender matches SPF record
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

--On Friday, October 02, 2015 12:56 PM +0200 "Angel L. Mateo"
Post by Angel L. Mateo
Is this a bug? If not, why I'm having this error? Any idea?
No, it is by design. You are encountering the error because that's what it
is designed to do. Whether or not that is the correct design is a
different question. But everything is working here as it is supposed to
currently.

--Quanah


--

Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration

Loading...