Re: [389-users] Double quoted distinguished names

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 3 Jun 2009, tamarin p wrote:

Hi,

i apologize that i am revisiting this topic yet again but as we found out,
double quoted distinguished names are no longer possible in 1.2.0. We
initially discovered the problem for the aliasedobjectname class but it
later turned out its a fault with double quoted dns in general and the
schema violation we got for aliasedobjectname was because a doublequoted dn
always leads for some bizare reason to the creation of an attribute with the
double quoted part as the attr/value pair, so the schema violation was
effect rather than cause.. we are also fairly certain they worked prior to
this as we initially did some tests with 1.1.0, 1.1.2 and 1.1.3 without
encountering into any problems with this.

I was told in another thread that the double quoted syntax is deprecated and
that escapes should be used instead. Is it then safe to assume that double
quoted style will not be fixed (or at least have extremely low priority)? We
have some clients who sometimes give us LDIFs for adding to the directory
and they prefer the double quoted syntax as more easily readable. I can
write convert script for them easily enough to handle the obvious cases but
I won't go through the effort if there is a chance this will be fixed one
minor version down the road.

I just ran into the same problem, actually, and found one of your old
mailing list posts on it; I'd been meaning to ask about it on the
mailing list, so thanks for reminding me. :)

The ns-newpwpolicy.pl script creates double-quoted DNs, which are then
impossible (AFAICT) to modify.  In other words, if you follow the
documented procedure for creating per-user or per-subtree password
policies, it doesn't work because the policy container is created with
a double-quoted DN.

In addition to the OP's question, what's the Right Thing to do with
password policies?  Will it work if I create the policy containers by
hand with the hex escape syntax?  Or do I need to create them by hand
and populate them at creation time (since it's apparently still
possible to _add_ entries with double-quoted DNs, just not modify
them), and delete-and-recreate if I need to modify my policy?

Thanks!

Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux