[EMAIL PROTECTED] wrote: > [EMAIL PROTECTED] wrote: >> [EMAIL PROTECTED] wrote: >>> First this raises the question what to do if filters are not valid in >>> configuration. I'd prefer if slapo-constraint would cause invalidFilter >>> with an appropriate diagnosticMessage pointing to slapo-constraint >>> configuration to be returned instead of silently assuming the attribute >>> value is wrong. >> AFAIK, an invalid filter in the configuration would prevent slapd from >> starting, although right now checks are not that tight. > > ldap:///ou=Departments,ou=schulung,dc=stroeder,dc=local?ou?one?(objectClass=organizationalUnit)) > > obviously contains an invalid filter. But slapd starts without complaining.
OK, this type of error is not caught basically because no real check is done besides parsing the URI. I was more concerned about erroneous filters as a result of constructing the constraint filter. However, I notice that even in case of an incorrect filter, str2filter() will not fail, but rather generate a filter with erroneous terminal filters marked as erroneous, without complaining. Moreover, the internal search will return as successful but likely with no results. This is the expected behavior for a real search. So tracing an incorrect filter is not that obvious. >>> Still it does not work for me. The filter seems to be ok now and returns >>> the correct search result. But still the attribute value "Abteilung 1" >>> is not accepted. >> Can you provide the filter, the relevant data (or an excerpt of it) and >> the operation you're trying to perform? > > I could provide a complete canned config in a personal e-mail if you want. I'll let you know if that's needed. Maybe what you posted below is enough. p. > Just for the ITS: > > ---------------------- excerpt slapd.conf ---------------------- > overlay constraint > constraint_attribute gender regex ^[0129]?$ > constraint_attribute departmentNumber uri > ldap:///ou=Departments,ou=schulung,dc=stroeder,dc=local?ou?one?(objectClass=organizationalUnit) > constraint_attribute manager uri > ldap:///ou=Managers,ou=schulung,dc=stroeder,dc=local?entryDN?one?(objectClass=inetOrgPerson) > ---------------------- entry to be modified ---------------------- > dn: cn=Michael Stroeder,ou=People,ou=schulung,dc=stroeder,dc=local > cn: Michael Stroeder > givenName: Michael > hasSubordinates: FALSE > objectClass: inetOrgPerson > sn: Stroeder > > ---------------------- modification operation ---------------------- > dn: cn=Michael Stroeder,ou=People,ou=schulung,dc=stroeder,dc=local > changetype: modify > add: departmentNumber > departmentNumber: Abteilung 1 > - > > ---------------------- departments ---------------------- > dn: ou=Departments,ou=schulung,dc=stroeder,dc=local > objectClass: organizationalUnit > ou: Departments > > dn: ou=Abteilung 1,ou=Departments,ou=schulung,dc=stroeder,dc=local > objectClass: organizationalUnit > ou: Abteilung 1 > > dn: ou=Abteilung 2,ou=Departments,ou=schulung,dc=stroeder,dc=local > objectClass: organizationalUnit > ou: Abteilung 2 > > -------------------------------------------------------------- > > Ciao, Michael > > Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: [EMAIL PROTECTED] -----------------------------------
