Hello,
I need to do ldapcompare in cn=encryption,cn=config and have no idea why I can’t:
root@ldap01:/home/ubuntu# ldapcompare -h localhost -D cn=root -wadmin cn=encryption,cn=config nsSSL2:off Compare Result: Server is unwilling to perform (53) Additional info: Operation on Directory Specific Entry not allowed
cn=root is the directory manager user.
What can I do to change this?
389-ds 1.3.5.15 - ubuntu
Thanks
Michal
On Fri, 2017-09-29 at 12:26 +0200, Michal Medvecky wrote:
Hello,
I need to do ldapcompare in cn=encryption,cn=config and have no idea why I can’t:
root@ldap01:/home/ubuntu# ldapcompare -h localhost -D cn=root -wadmin cn=encryption,cn=config nsSSL2:off Compare Result: Server is unwilling to perform (53) Additional info: Operation on Directory Specific Entry not allowed
At run time the cn=config is stored in an in memory DB and synced to the ldif file. That code is based on the root DSE code, and I think it must not support ldapcompare extended operation :(
cn=root is the directory manager user.
What can I do to change this?
I think it's a "lack of a feature" in the server. If you want, raise an issue about it, and we'll look at it when we can, :)
A work around is to do ldapsearch for the object and attr and compare externally.
Hope that helps,
389-ds 1.3.5.15 - ubuntu
Thanks
Michal _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Hello,
thanks for the reply.
I think it's a "lack of a feature" in the server. If you want, raise an issue about it, and we'll look at it when we can, :)
It’s actually required by Ansible ldap_attr module….
A work around is to do ldapsearch for the object and attr and compare externally.
… but using state: exact for my particular usage is fine.
But expect other people using Ansible complaining about this lack of feature.
Michal
On Tue, 2017-10-03 at 17:53 +0200, Michal Medvecky wrote:
Hello,
thanks for the reply.
I think it's a "lack of a feature" in the server. If you want, raise an
issue about it, and we'll look at it when we can, :)
It’s actually required by Ansible ldap_attr module….
A work around is to do ldapsearch for the object and attr and compare
externally.
We could patch the ansible module to do this in the meantime ....
… but using state: exact for my particular usage is fine.
But expect other people using Ansible complaining about this lack of feature.
We need to raise it as an issue then.
We need to raise it as an issue then.
For the record, https://pagure.io/389-ds-base/issue/49390 https://pagure.io/389-ds-base/issue/49390
389-users@lists.fedoraproject.org