[389-users] Double quoted distinguished names

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, 3 Jun 2009, tamarin p wrote:

> Hi,
>
> i apologize that i am revisiting this topic yet again but as we found out,
> double quoted distinguished names are no longer possible in 1.2.0. We
> initially discovered the problem for the aliasedobjectname class but it
> later turned out its a fault with double quoted dns in general and the
> schema violation we got for aliasedobjectname was because a doublequoted dn
> always leads for some bizare reason to the creation of an attribute with the
> double quoted part as the attr/value pair, so the schema violation was
> effect rather than cause.. we are also fairly certain they worked prior to
> this as we initially did some tests with 1.1.0, 1.1.2 and 1.1.3 without
> encountering into any problems with this.
>
> I was told in another thread that the double quoted syntax is deprecated and
> that escapes should be used instead. Is it then safe to assume that double
> quoted style will not be fixed (or at least have extremely low priority)? We
> have some clients who sometimes give us LDIFs for adding to the directory
> and they prefer the double quoted syntax as more easily readable. I can
> write convert script for them easily enough to handle the obvious cases but
> I won't go through the effort if there is a chance this will be fixed one
> minor version down the road.

I just ran into the same problem, actually, and found one of your old
mailing list posts on it; I'd been meaning to ask about it on the
mailing list, so thanks for reminding me. :)

The ns-newpwpolicy.pl script creates double-quoted DNs, which are then
impossible (AFAICT) to modify.  In other words, if you follow the
documented procedure for creating per-user or per-subtree password
policies, it doesn't work because the policy container is created with
a double-quoted DN.

In addition to the OP's question, what's the Right Thing to do with
password policies?  Will it work if I create the policy containers by
hand with the hex escape syntax?  Or do I need to create them by hand
and populate them at creation time (since it's apparently still
possible to _add_ entries with double-quoted DNs, just not modify
them), and delete-and-recreate if I need to modify my policy?

Thanks!

Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux