On 09/16/2010 11:21 AM, Edward Z. Yang wrote: > Hello all, > > We are having some difficulties with the new syntax validation built in > to LDAP. Consider the following schema (formatted for > readability): > > dn: cn=schema > attributeTypes: ( 1.2.840.113554.4.2.1.1 > NAME 'scriptsVhostName' > DESC 'Canonical server name' > SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 > SINGLE-VALUE > X-ORIGIN 'scripts.mit.edu' ) > attributeTypes: ( 1.2.840.113554.4.2.1.2 > NAME 'scriptsVhostAlias' > DESC 'Other server names' > SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 > X-ORIGIN 'scripts.mit.edu' ) > attributeTypes: ( 1.2.840.113554.4.2.1.3 > NAME 'scriptsVhostDirectory' > DESC 'Directory under $HOME/Scripts/$service for the root of this service' > SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 > SINGLE-VALUE > X-ORIGIN 'scripts.mit.edu' ) > attributeTypes: ( 1.2.840.113554.4.2.1.4 > NAME 'scriptsVhostAccount' > DESC 'User account for finding home direcory and suexec uid/gid' > SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 > SINGLE-VALUE > X-ORIGIN 'scripts.mit.edu' ) > objectClasses: ( 1.2.840.113554.4.2.2.1 > NAME 'scriptsVhost' > DESC 'Configuration for a scripts virtual host' > SUP top > AUXILIARY > MUST ( scriptsVhostName $ scriptsVhostDirectory $ scriptsVhostAccount ) > MAY ( scriptsVhostAlias ) > X-ORIGIN 'scripts.mit.edu' ) > > The syntax validation then rejects a directory entry of the following > form. > > 0 scriptsVhostName=ezyang.scripts.mit.edu,ou=VirtualHosts,dc=scripts,dc=mit,dc=edu > objectClass: scriptsVhost > objectClass: top > scriptsVhostName: ezyang.scripts.mit.edu > scriptsVhostAlias: ezyang.scripts > scriptsVhostAccount: uid=ezyang,ou=People,dc=scripts,dc=mit,dc=edu > scriptsVhostDirectory: > > With the following error: > > [16/Sep/2010:14:19:39 -0400] syntax-plugin - Syntax validate task starting (base: "scriptsVhostName=ezyang.scripts.mit.edu,ou=VirtualHosts,dc=scripts,dc=mit,dc=edu", filter: "(objectclass=*)") ... > [16/Sep/2010:14:19:40 -0400] syntax-plugin - Entry "scriptsVhostName=ezyang.scripts.mit.edu,ou=VirtualHosts,dc=scripts,dc=mit,dc=edu" violates syntax. > scriptsVhostDirectory: value #0 invalid per syntax > [16/Sep/2010:14:19:41 -0400] syntax-plugin - Syntax validate task complete. Found 1 invalid entries. > > It is difficult for me to tell what value #0 is referring to, but if it > is scriptsVhostName, as far as I can tell it is a perfectly fine DirectoryString. > Is our schema wrong or is there a bug in the syntax validation? > It looks to me like your scriptsVhostDirectory attribute value is empty. Per RFC 4517, a Directory String must consist of one or more UTF8 characters. An empty value is invalid. -NGK > Cheers, > Edward > -- > 389 users mailing list > 389-users at lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users >
