On 08/21/2014 02:32 AM, Rich Megginson wrote:
On 08/20/2014 05:28 PM, William wrote:
How did you manage to add an attribute value with a trailing space?

Excellent question: Someone else in my workplace managed to stuff this
one up, so that a users objectClass has a trailing space, thus is
returning is base64 on search now.

Ok.  As to how to fix it:
ldapsearch -xLLL -D "cn=directory manager" -W -s base -b "the dn with the broken objectclass" 'objectclass=*' objectclass > junk.ldif

then edit junk.ldif to look like this:

dn: the dn with the broken objectclass
changetype: modify
replace: objectclass
objectclass: ....
objectclass: ....


Basically, all of the objectclasses from ldapsearch, but fixing the one with the trailing space

Then use ldapmodify

ldapmodify -x -D "cn=directory manager" -W -f junk.ldif

As to your original question - I'm not sure - I would have thought the correct way to do it would have been to use the ldap escape sequence for space in the ldap search filter.
I think the behaviour is correct, in caseIgnore match leading and trailing spaces are insignificant and any clever way to pass the space will be normalized away

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to