Hello all,
We are having some difficulties with the new syntax validation built in to LDAP. Consider the following schema (formatted for readability):
dn: cn=schema attributeTypes: ( 1.2.840.113554.4.2.1.1 NAME 'scriptsVhostName' DESC 'Canonical server name' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'scripts.mit.edu' ) attributeTypes: ( 1.2.840.113554.4.2.1.2 NAME 'scriptsVhostAlias' DESC 'Other server names' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'scripts.mit.edu' ) attributeTypes: ( 1.2.840.113554.4.2.1.3 NAME 'scriptsVhostDirectory' DESC 'Directory under $HOME/Scripts/$service for the root of this service' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'scripts.mit.edu' ) attributeTypes: ( 1.2.840.113554.4.2.1.4 NAME 'scriptsVhostAccount' DESC 'User account for finding home direcory and suexec uid/gid' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'scripts.mit.edu' ) objectClasses: ( 1.2.840.113554.4.2.2.1 NAME 'scriptsVhost' DESC 'Configuration for a scripts virtual host' SUP top AUXILIARY MUST ( scriptsVhostName $ scriptsVhostDirectory $ scriptsVhostAccount ) MAY ( scriptsVhostAlias ) X-ORIGIN 'scripts.mit.edu' )
The syntax validation then rejects a directory entry of the following form.
0 scriptsVhostName=ezyang.scripts.mit.edu,ou=VirtualHosts,dc=scripts,dc=mit,dc=edu objectClass: scriptsVhost objectClass: top scriptsVhostName: ezyang.scripts.mit.edu scriptsVhostAlias: ezyang.scripts scriptsVhostAccount: uid=ezyang,ou=People,dc=scripts,dc=mit,dc=edu scriptsVhostDirectory:
With the following error:
[16/Sep/2010:14:19:39 -0400] syntax-plugin - Syntax validate task starting (base: "scriptsVhostName=ezyang.scripts.mit.edu,ou=VirtualHosts,dc=scripts,dc=mit,dc=edu", filter: "(objectclass=*)") ... [16/Sep/2010:14:19:40 -0400] syntax-plugin - Entry "scriptsVhostName=ezyang.scripts.mit.edu,ou=VirtualHosts,dc=scripts,dc=mit,dc=edu" violates syntax. scriptsVhostDirectory: value #0 invalid per syntax [16/Sep/2010:14:19:41 -0400] syntax-plugin - Syntax validate task complete. Found 1 invalid entries.
It is difficult for me to tell what value #0 is referring to, but if it is scriptsVhostName, as far as I can tell it is a perfectly fine DirectoryString. Is our schema wrong or is there a bug in the syntax validation?
Cheers, Edward
On 09/16/2010 11:21 AM, Edward Z. Yang wrote:
Hello all,
We are having some difficulties with the new syntax validation built in to LDAP. Consider the following schema (formatted for readability):
dn: cn=schema attributeTypes: ( 1.2.840.113554.4.2.1.1 NAME 'scriptsVhostName' DESC 'Canonical server name' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'scripts.mit.edu' ) attributeTypes: ( 1.2.840.113554.4.2.1.2 NAME 'scriptsVhostAlias' DESC 'Other server names' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'scripts.mit.edu' ) attributeTypes: ( 1.2.840.113554.4.2.1.3 NAME 'scriptsVhostDirectory' DESC 'Directory under $HOME/Scripts/$service for the root of this service' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'scripts.mit.edu' ) attributeTypes: ( 1.2.840.113554.4.2.1.4 NAME 'scriptsVhostAccount' DESC 'User account for finding home direcory and suexec uid/gid' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'scripts.mit.edu' ) objectClasses: ( 1.2.840.113554.4.2.2.1 NAME 'scriptsVhost' DESC 'Configuration for a scripts virtual host' SUP top AUXILIARY MUST ( scriptsVhostName $ scriptsVhostDirectory $ scriptsVhostAccount ) MAY ( scriptsVhostAlias ) X-ORIGIN 'scripts.mit.edu' )
The syntax validation then rejects a directory entry of the following form.
0 scriptsVhostName=ezyang.scripts.mit.edu,ou=VirtualHosts,dc=scripts,dc=mit,dc=edu objectClass: scriptsVhost objectClass: top scriptsVhostName: ezyang.scripts.mit.edu scriptsVhostAlias: ezyang.scripts scriptsVhostAccount: uid=ezyang,ou=People,dc=scripts,dc=mit,dc=edu scriptsVhostDirectory:
With the following error:
[16/Sep/2010:14:19:39 -0400] syntax-plugin - Syntax validate task starting (base: "scriptsVhostName=ezyang.scripts.mit.edu,ou=VirtualHosts,dc=scripts,dc=mit,dc=edu", filter: "(objectclass=*)") ... [16/Sep/2010:14:19:40 -0400] syntax-plugin - Entry "scriptsVhostName=ezyang.scripts.mit.edu,ou=VirtualHosts,dc=scripts,dc=mit,dc=edu" violates syntax. scriptsVhostDirectory: value #0 invalid per syntax [16/Sep/2010:14:19:41 -0400] syntax-plugin - Syntax validate task complete. Found 1 invalid entries.
It is difficult for me to tell what value #0 is referring to, but if it is scriptsVhostName, as far as I can tell it is a perfectly fine DirectoryString. Is our schema wrong or is there a bug in the syntax validation?
It looks to me like your scriptsVhostDirectory attribute value is empty. Per RFC 4517, a Directory String must consist of one or more UTF8 characters. An empty value is invalid.
-NGK
Cheers, Edward -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Excerpts from Nathan Kinder's message of Thu Sep 16 14:39:54 -0400 2010:
It looks to me like your scriptsVhostDirectory attribute value is empty. Per RFC 4517, a Directory String must consist of one or more UTF8 characters. An empty value is invalid.
Good to know! What syntax should I use instead, in that case?
Cheers, Edward
Excerpts from Edward Z. Yang's message of Thu Sep 16 14:52:48 -0400 2010:
Excerpts from Nathan Kinder's message of Thu Sep 16 14:39:54 -0400 2010:
It looks to me like your scriptsVhostDirectory attribute value is empty. Per RFC 4517, a Directory String must consist of one or more UTF8 characters. An empty value is invalid.
Good to know! What syntax should I use instead, in that case?
For those playing along, we will probably start using UTF8String ( IANA-ASSIGNED-OID.2 DESC 'UTF8String' ) instead. Unfortunately, we've never done this sort of schema migration before, especially on a replicated setup, so if anyone has any experiences here I'd love to hear them.
Cheers, Edward
389-users@lists.fedoraproject.org
-
Edward Z. Yang -
Nathan Kinder