Rich, thanks for the suggestions. I tested setting both nsslapd-dn-validate-strict and nsslapd-syntaxcheck to off, but no luck. Finally had a go at disabling "cn=Distinguished Name Syntax,cn=plugins,cn=config" entirely (nsslapd-pluginEnabled: off) but the server wouldn't start at all with this gone. Can't see any other attributes in dse.ldif that seem to apply.
-Audun On Thu, Jun 26, 2014 at 4:01 PM, Rich Megginson <[email protected]> wrote: > On 06/26/2014 07:59 AM, Rich Megginson wrote: > > On 06/26/2014 07:50 AM, Audun Røe wrote: > > Hello, > > I'm trying to delete some problematic entries from our 389 directory. > The entry DNs contain < and > (probably found their way into the directory > years ago). This causes problems with JNDI where DNs from search results > are fed directly back into more searches because these particular DNs are > somehow returned in in escaped form. E.g. > ou=my<problematic>entry,dc=example,dc=com becomes > ou=my\<problematic\>entry,dc=example,dc=com, causing error 32. I'm not sure > if it's the directory server or JNDI adding the escaping, as ldapsearch > from the command line doesn't seem to behave this way, but it doesn't > really matter: I want to remove the entries and get rid of the issue. > Unfortunately, I'm unable to: > > $ ldapdelete -D "cn=directory manager" -WxH "ldap://example.com:389"; > "ou=my<problematic>entry,dc=example,dc=com" > Enter LDAP Password: > ldap_delete: Invalid DN syntax (34) > additional info: DN value invalid per syntax > > I've also tried deleting through Apache Directory Studio, error 34 there > as well. > > So, any ideas on how to get rid of them? The only thing I can think of > is to db2ldif the entire directory, manually excise the entries from the > LDIF file and then re-import. But I'd rather not take this step unless > there's no other way. > > > You could try disabling syntax checking - nsslapd-syntaxcheck > > > Sorry - disable DN syntax checking - I believe that may be different than > regular syntax checking > > > > > -Audun > > > -- > 389 users mailing > [email protected]https://admin.fedoraproject.org/mailman/listinfo/389-users > > > > > -- > 389 users mailing > [email protected]https://admin.fedoraproject.org/mailman/listinfo/389-users > > > > -- > 389 users mailing list > [email protected] > https://admin.fedoraproject.org/mailman/listinfo/389-users >
-- 389 users mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/389-users
