Discussion:
ldapcompare for booleans ?
Croesus Kall
2015-10-21 10:50:04 UTC
Permalink
Hi,

I am trying to use the ldapcompare command to evaluate a boolean value.

Namely I want to check if the olcMirrorMode attribute is set to false.

The command and result is:

ldapcompare -Y EXTERNAL -H ldapi:/// olcDatabase={0}config,cn=config
"olcMirrorMode:FALSE"
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
Compare Result: Inappropriate matching (18)
Additional info: inappropriate matching request
UNDEFINED

Is there a way to tell the ldapcompare command that this is a boolean
comparison ?


The attribute itself: olcMirrorMode / 1.3.6.1.4.1.4203.1.12.2.3.2.0.16

has a "booleanMatch" matching rule, so I'm guessing this should be possible
?
Quanah Gibson-Mount
2015-10-21 20:17:43 UTC
Permalink
Content preview: --On Wednesday, October 21, 2015 1:50 PM +0200 Croesus Kall
<***@gmail.com> wrote: > > Hi, > > > I am trying to use the ldapcompare
command to evaluate a boolean value. > > > Namely I want to check if the
Post by Croesus Kall
[...]
Content analysis details: (-4.3 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
-2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/, medium
trust
[162.209.122.174 listed in list.dnswl.org]
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: zimbra.com]
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
-0.0 SPF_PASS SPF: sender matches SPF record
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

--On Wednesday, October 21, 2015 1:50 PM +0200 Croesus Kall
Post by Croesus Kall
Hi,
I am trying to use the ldapcompare command to evaluate a boolean value.
Namely I want to check if the olcMirrorMode attribute is set to false.
It works fine with data dbs, however it is definitely broken for cn=config.

--Quanah

--

Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
Quanah Gibson-Mount
2015-10-21 20:22:11 UTC
Permalink
Content preview: --On Wednesday, October 21, 2015 2:17 PM -0700 Quanah Gibson-Mount
<***@zimbra.com> wrote: > It works fine with data dbs, however it is definitely
broken for > cn=config. Missing matching rule: <http://www.openldap.org/its/index.cgi/?findid=8286>
[...]

Content analysis details: (-4.3 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
-2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/, medium
trust
[162.209.122.174 listed in list.dnswl.org]
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: openldap.org]
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
-0.0 SPF_PASS SPF: sender matches SPF record
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

--On Wednesday, October 21, 2015 2:17 PM -0700 Quanah Gibson-Mount
Post by Quanah Gibson-Mount
It works fine with data dbs, however it is definitely broken for cn=config.
Missing matching rule: <http://www.openldap.org/its/index.cgi/?findid=8286>

--Quanah



--

Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration

Loading...