On 06/26/2014 08:21 AM, Audun Røe wrote:
Rich, thanks for the suggestions.
I tested setting both nsslapd-dn-validate-strict
and nsslapd-syntaxcheck to off, but no luck. Finally had a go at
disabling "cn=Distinguished Name Syntax,cn=plugins,cn=config" entirely
(nsslapd-pluginEnabled: off) but the server wouldn't start at all with
this gone. Can't see any other attributes in dse.ldif that seem to apply.
What is your version of 389-ds-base? rpm -q 389-ds-base
-Audun
On Thu, Jun 26, 2014 at 4:01 PM, Rich Megginson <[email protected]
<mailto:[email protected]>> wrote:
On 06/26/2014 07:59 AM, Rich Megginson wrote:
On 06/26/2014 07:50 AM, Audun Røe wrote:
Hello,
I'm trying to delete some problematic entries from our 389
directory. The entry DNs contain < and > (probably found their
way into the directory years ago). This causes problems with
JNDI where DNs from search results are fed directly back into
more searches because these particular DNs are somehow returned
in in escaped form. E.g.
ou=my<problematic>entry,dc=example,dc=com becomes
ou=my\<problematic\>entry,dc=example,dc=com, causing error 32.
I'm not sure if it's the directory server or JNDI adding the
escaping, as ldapsearch from the command line doesn't seem to
behave this way, but it doesn't really matter: I want to remove
the entries and get rid of the issue. Unfortunately, I'm unable to:
$ ldapdelete -D "cn=directory manager" -WxH
"ldap://example.com:389 <http://example.com:389>"
"ou=my<problematic>entry,dc=example,dc=com"
Enter LDAP Password:
ldap_delete: Invalid DN syntax (34)
additional info: DN value invalid per syntax
I've also tried deleting through Apache Directory Studio, error
34 there as well.
So, any ideas on how to get rid of them? The only thing I can
think of is to db2ldif the entire directory, manually excise the
entries from the LDIF file and then re-import. But I'd rather
not take this step unless there's no other way.
You could try disabling syntax checking - nsslapd-syntaxcheck
Sorry - disable DN syntax checking - I believe that may be
different than regular syntax checking
-Audun
--
389 users mailing list
[email protected]
<mailto:[email protected]>
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
[email protected]
<mailto:[email protected]>
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
[email protected]
<mailto:[email protected]>
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/389-users
