Bug 720480
Summary: | nisDomain schema is incorrect, causes errors upon upgrade | ||
---|---|---|---|
Product: | [Retired] 389 | Reporter: | Michael Mohr <mohr> |
Component: | Schema | Assignee: | Rich Megginson <rmeggins> |
Status: | CLOSED UPSTREAM | QA Contact: | Chandrasekar Kannan <ckannan> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 1.2.10 | CC: | benl, dpal, nhosoi, nkinder, rmeggins, shaines |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | 389-ds-base-1.2.10.rc1 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-02-07 16:10:53 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Michael Mohr
2011-07-11 18:57:01 UTC
The problem is that nisDomain inherits from 'name' - but name is defined as DirectoryString. I'm not sure which rfc or other doc defines nisDomain, but it is likely that the definition has changed in the meantime and we need to update our schema. (In reply to comment #1) > The problem is that nisDomain inherits from 'name' - but name is defined as > DirectoryString. I'm not sure which rfc or other doc defines nisDomain, but it > is likely that the definition has changed in the meantime and we need to update > our schema. http://www.padl.com/~lukeh/rfc2307bis.txt It has always been a part of the 2307bis schema. The problem is that we include an older version of the 2307 schema (60nis.ldif) which has this: attributeTypes: ( 1.3.6.1.4.1.1.1.1.12 NAME 'nisDomain' DESC 'NIS domain' SUP name SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) This worked fine in earlier versions, but breaks in recent versions because we now validate the syntax against the matching rules and vice versa. The defintion of 'name' is this: attributeTypes: ( 2.5.4.41 NAME 'name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4519' ) 'name' is defined with DirectoryString (i.e. allows any valid utf-8 character) with appropriate equality and substring matching rules (that is, the matching rules apply only to DirectoryString and syntaxes compatible with DirectoryString). nisDomain is defined with a different syntax IA5String (i.e. allow only 7-bit clean ASCII characters, not utf-8) - it should _not_ have SUP 'name' because it is incompatible - instead, it should define its own matching rules. The bug here is in 60nis.ldif - we should change the definition to remove the SUP 'name' and add the IA5String compatible matching rules. Upstream ticket: https://fedorahosted.org/389/ticket/38 Fixed in 389-ds-base-1.2.10.rc1 now in Fedora/EPEL Testing |