I provided an example but it was the wrong one. You can see that the sshPublicKey attribute is shown in ldapsearch but isn't attached to the main DB entry produced from a slapcat.
***********ldapsearch results***************** # rpetkus, People, racf.bnl.gov dn: uid=rpetkus,ou=People,dc=stuff,dc=bnl,dc=gov uid: rpetkus cn: Robert Petkus objectClass: inetOrgPerson objectClass: posixAccount objectClass: top objectClass: racf objectClass: ldapPublicKey uidNumber: number gidNumber: number homeDirectory: /somewhere/rpetkus loginShell: /bin/bash gidNumberAtlas: number homeDirectoryAtlas: /somewhere/rpetkus experiment: RHIC/USATLAS sn: rapetkus employeeNumber: number loginShellGateway: /bin/rbash employeeStatus: Active gecos: Robert Petkus sshPublicKey: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA36Y8jfKTKJgphUO30oaI9W5QVRUg 8+fM0FFYIkaiZUuaXBYpKaIiguUcQsy+3P+KjBTI0g1Qr3gewO20S0T4i8pDX1XasdfasdftDvNxbz3w se4V+PPGQ/Bm4DXTjGRoMVNBABIoqWo3vYOVCvKasdfasdfId5q6oStWrNuNmpV48= ******Here is the slapcat for my user************** dn: uid=rpetkus,ou=People,dc=racf,dc=bnl,dc=gov uid: rpetkus cn: Robert Petkus objectClass: inetOrgPerson objectClass: posixAccount objectClass: top objectClass: racf uidNumber: number gidNumber: number homeDirectory: /somewhere/rpetkus loginShell: /bin/bash gidNumberAtlas: number homeDirectoryAtlas: /somewhere/rpetkus experiment: RHIC/USATLAS structuralObjectClass: inetOrgPerson entryUUID: 689ce5e4-010f-102a-8eef-9882d4436e05 creatorsName: cn=account,dc=bnl,dc=gov createTimestamp: 20051214170418Z sn: rapetkus userPassword:: employeeNumber: number loginShellGateway: /bin/rbash employeeStatus: Active gecos: Robert Petkus 1 entryCSN: 20060906145341Z#000000#00#000000 modifiersName: cn=Manager,dc=bnl,dc=gov modifyTimestamp: 20060906145341Z dn: reqStart=20060920134512.000000Z,cn=changelog objectClass: auditModify structuralObjectClass: auditModify reqStart: 20060920134512.000000Z reqEnd: 20060920134512.000001Z reqType: modify reqSession: 423 reqAuthzID: cn=Manager,dc=bnl,dc=gov reqDN: uid=rpetkus,ou=People,dc=racf,dc=bnl,dc=gov reqResult: 0 reqMod: sshPublicKey:= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA36Y8jfKTKJgphUO30oaI9W5QVRUg 8+fM0FFYIkaiZUuaXBYpKaIiguUcQsy+3P+KjBTI0g1Qr3gewO20S0T4i8pDXasdfasdftDvNxbz3w se4V+PPGQ/Bm4DXTjGRoMVNBABIoqWo3vYOVCvKasdfasdfId5q6oStWrNuNmpV48= reqMod: entryCSN:= 20060920134512Z#000000#00#000000 reqMod: modifiersName:= cn=account,dc=bnl,dc=gov reqMod: modifyTimestamp:= 20060920134512Z entryUUID: fb865d9c-dcf9-102a-8a91-e5d2e62e4f1a creatorsName: cn=changelog createTimestamp: 20060920134512Z entryCSN: 20060920134512Z#000000#00#000000 modifiersName: cn=changelog modifyTimestamp: 20060920134512Z > > > > Robert Petkus wrote: > Quanah Gibson-Mount wrote: > >> --On Tuesday, October 03, 2006 8:49 PM -0400 Robert Petkus >> <[EMAIL PROTECTED]> wrote: >> >> >> >> >> >>> slapcat ldifs (slapcat -n 2 -l ldap.ldif) are polluted with accesslog >>> entries that *replace* the original entries. For example, my account dn >>> won't include, say, sshPublicKey, but I'd see a reqMod entry with this >>> attribute. >>> >> First, I'd make life simpler by listing the monitoring database last. >> >> Second, your slapcat by definition dumps the accesslog database, not >> your main database, since your databases are: >> >> 1: monitor >> 2: cn=changelog >> 3: dc=bnl,dc=gov >> >> >> Or at least, that's my guess, and it seems to go with what you note. >> Or, you could change your slapcat to use "-b dc=bnl,dc=gov" which >> would be more explicit. That is, of course, assuming that you want to >> dump your main DB and not the accesslog DB. ;) >> > Yeah it would be convenient if I was that dumb ;) , but I had tried > "-b", -n3, removing the accesslog db entries in slapd.conf and rerunning > slapcat. All with the same results -- most of the main DB with a bunch > of accesslog DB garbage. What is dogging me *so* much here is that > these are 2 distinct physical databases. > > This is an example of the garbage I got yesterday from a slapcat for my > user (an illustration that some attributes are not attached to the main > DB but instead the accesslog DB, yet ldapsearchable to the main DB): > > Cheers, > Robert > > ***********ldapsearch results***************** > > # rpetkus, People, racf.bnl.gov > dn: uid=rpetkus,ou=People,dc=stuff,dc=bnl,dc=gov > uid: rpetkus > cn: Robert Petkus > objectClass: inetOrgPerson > objectClass: posixAccount > objectClass: top > objectClass: racf > objectClass: ldapPublicKey > uidNumber: number > gidNumber: number > homeDirectory: /somewhere/rpetkus > loginShell: /bin/bash > gidNumberAtlas: number > homeDirectoryAtlas: /somewhere/rpetkus > experiment: RHIC/USATLAS > sn: rapetkus > employeeNumber: number > loginShellGateway: /bin/rbash > employeeStatus: Active > gecos: Robert Petkus > sshPublicKey: ssh-rsa > AAAAB3NzaC1yc2EAAAABIwAAAIEA36Y8jfKTKJgphUO30oaI9W5QVRUg > > 8+fM0FFYIkaiZUuaXBYpKaIiguUcQsy+3P+KjBTI0g1Qr3gewO20S0T4i8pDX1XasdfasdftDvNxbz3w > se4V+PPGQ/Bm4DXTjGRoMVNBABIoqWo3vYOVCvKasdfasdfId5q6oStWrNuNmpV48= > > > ******Here is the slapcat for my user************** > > dn: uid=rpetkus,ou=People,dc=racf,dc=bnl,dc=gov > uid: rpetkus > cn: Robert Petkus > objectClass: inetOrgPerson > objectClass: posixAccount > objectClass: top > objectClass: racf > uidNumber: number > gidNumber: number > homeDirectory: /somewhere/rpetkus > loginShell: /bin/bash > gidNumberAtlas: number > homeDirectoryAtlas: /somewhere/rpetkus > experiment: RHIC/USATLAS > structuralObjectClass: inetOrgPerson > entryUUID: 689ce5e4-010f-102a-8eef-9882d4436e05 > creatorsName: cn=account,dc=bnl,dc=gov > createTimestamp: 20051214170418Z > sn: rapetkus > userPassword:: > employeeNumber: number > loginShellGateway: /bin/rbash > sshPublicKey: ssh-rsa > AAAAB3NzaC1yc2EAAAABIwAAAIEA36Y8jfKTKJgphUO30oaI9W5QVRUg > 8+fM0FFYIkaiZUuaXBYpKaIiguUcQsy+3P+KjBTI0g1Qr3gewO20S0T4i8pDX1XZELCHtDvNxbz3w > se4V+PPGQ/Bm4DXTjGRoMVNBABIoqWo3vYOVCvKReqWx5hc9Id5q6oStWrNuNmpV48= > [EMAIL PROTECTED] > sec00 > employeeStatus: Active > gecos: Robert Petkus 1 > entryCSN: 20060906145341Z#000000#00#000000 > modifiersName: cn=Manager,dc=bnl,dc=gov > modifyTimestamp: 20060906145341Z > > dn: reqStart=20060920134512.000000Z,cn=changelog > objectClass: auditModify > structuralObjectClass: auditModify > reqStart: 20060920134512.000000Z > reqEnd: 20060920134512.000001Z > reqType: modify > reqSession: 423 > reqAuthzID: cn=Manager,dc=bnl,dc=gov > reqDN: uid=rpetkus,ou=People,dc=racf,dc=bnl,dc=gov > reqResult: 0 > reqMod: sshPublicKey:= ssh-rsa > AAAAB3NzaC1yc2EAAAABIwAAAIEA36Y8jfKTKJgphUO30oaI9W5QVRUg > 8+fM0FFYIkaiZUuaXBYpKaIiguUcQsy+3P+KjBTI0g1Qr3gewO20S0T4i8pDXasdfasdftDvNxbz3w > se4V+PPGQ/Bm4DXTjGRoMVNBABIoqWo3vYOVCvKasdfasdfId5q6oStWrNuNmpV48= > reqMod: entryCSN:= 20060920134512Z#000000#00#000000 > reqMod: modifiersName:= cn=account,dc=bnl,dc=gov > reqMod: modifyTimestamp:= 20060920134512Z > entryUUID: fb865d9c-dcf9-102a-8a91-e5d2e62e4f1a > creatorsName: cn=changelog > createTimestamp: 20060920134512Z > entryCSN: 20060920134512Z#000000#00#000000 > modifiersName: cn=changelog > modifyTimestamp: 20060920134512Z > > > > > >> --Quanah >> >> -- >> Quanah Gibson-Mount >> Principal Software Developer >> ITS/Shared Application Services >> Stanford University >> GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html >> > > > -- Robert Petkus Brookhaven National Laboratory Physics Dept. - Bldg. 510A Upton, New York 11973 Tel. : +1 (631) 344 3258 Fax. : +1 (631) 344 7616 http://www.bnl.gov/RHIC http://www.acf.bnl.gov
