Discussion:
[Jxplorer-users] possible bug in JXplorer - explained
Richard Geoffrion
2007-04-13 23:44:51 UTC
Permalink
Greetings list!

---Background---
LDAP server: OpenLDAP 2.3.27
Schemas in use: core.schema, cosine.schema, inetorgperson.schema,
nis.schema, and samba.schema
JXplorer version: build JXv3.2 2007-02-26 21:08 EST


Issue:
Where objectclass equals "account" and objectclass equals
"posixAccount", JXplorer considers uid AND userid values as "mandatory"
but an attempt to fill in the missing value for userid causes the
error: LDAP: error code 20 - modify/add: uid: value #0 already exists];
remaining name 'uid=testuser,ou=People,dc=example,dc=lan'

Possible bug:

I think JXplorer is pulling uid from nis.schema and userid from
cosine.schema...which causes jxplorer to falsely require the "double
needs" for something that is in actuality....the same value.

or said another way....

I think JXplorer is using the account objectClass from RFC1274 and the
posixAccount objectClass from RFC2307. one references userID as a must,
the other one as uid as a must and jxplorer treats these as
different..which it shouldn't
--
Richard
Douglas E. Engert
2007-04-16 14:19:45 UTC
Permalink
I sent a patch in for this very problem Febr 28.
The jx.diff.txt patch is attached.

The js.sasl.qop.txt will allow GSSAPI tracfic to be encryted.
Post by Richard Geoffrion
Greetings list!
---Background---
LDAP server: OpenLDAP 2.3.27
Schemas in use: core.schema, cosine.schema, inetorgperson.schema,
nis.schema, and samba.schema
JXplorer version: build JXv3.2 2007-02-26 21:08 EST
Where objectclass equals "account" and objectclass equals
"posixAccount", JXplorer considers uid AND userid values as "mandatory"
but an attempt to fill in the missing value for userid causes the
error: LDAP: error code 20 - modify/add: uid: value #0 already exists];
remaining name 'uid=testuser,ou=People,dc=example,dc=lan'
I think JXplorer is pulling uid from nis.schema and userid from
cosine.schema...which causes jxplorer to falsely require the "double
needs" for something that is in actuality....the same value.
or said another way....
I think JXplorer is using the account objectClass from RFC1274 and the
posixAccount objectClass from RFC2307. one references userID as a must,
the other one as uid as a must and jxplorer treats these as
different..which it shouldn't
--
Douglas E. Engert <***@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
Douglas E. Engert
2007-04-17 02:39:49 UTC
Permalink
Hi Guys,
What Directory implementation are you experiencing this problem with?
OpenLDAP with stock schemas. Problem is one schema has a MUST uid,
the other has a MUST userid, but table editor does not realized they
are the aliases for each other, and lists both as must.

core.schema:
#
# Derived from RFC 1274, but with new "short names"
#
#attributetype ( 0.9.2342.19200300.100.1.1
# NAME ( 'uid' 'userid' )
# DESC 'RFC1274: user identifier'
# EQUALITY caseIgnoreMatch
# SUBSTR caseIgnoreSubstringsMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
...
objectclass ( 0.9.2342.19200300.100.4.5 NAME 'account'
SUP top STRUCTURAL
MUST userid
MAY ( description $ seeAlso $ localityName $
organizationName $ organizationalUnitName $ host )
)

nis.schema:

objectclass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount'
DESC 'Abstraction of an account with POSIX attributes'
SUP top AUXILIARY
MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory )
MAY ( userPassword $ loginShell $ gecos $ description ) )


Most entries are both posixAccount and account
Regards,
Trudi.
-----Original Message-----
Douglas E. Engert
Sent: Tuesday, 17 April 2007 12:20 AM
To: Richard Geoffrion
Subject: Re: [Jxplorer-users] possible bug in JXplorer - explained
I sent a patch in for this very problem Febr 28.
The jx.diff.txt patch is attached.
The js.sasl.qop.txt will allow GSSAPI tracfic to be encryted.
Post by Richard Geoffrion
Greetings list!
---Background---
LDAP server: OpenLDAP 2.3.27
Schemas in use: core.schema, cosine.schema, inetorgperson.schema,
nis.schema, and samba.schema
JXplorer version: build JXv3.2 2007-02-26 21:08 EST
Where objectclass equals "account" and objectclass equals
"posixAccount", JXplorer considers uid AND userid values as
"mandatory"
Post by Richard Geoffrion
but an attempt to fill in the missing value for userid causes the
error: LDAP: error code 20 - modify/add: uid: value #0 already
exists];
Post by Richard Geoffrion
remaining name 'uid=testuser,ou=People,dc=example,dc=lan'
I think JXplorer is pulling uid from nis.schema and userid from
cosine.schema...which causes jxplorer to falsely require the "double
needs" for something that is in actuality....the same value.
or said another way....
I think JXplorer is using the account objectClass from RFC1274 and the
posixAccount objectClass from RFC2307. one references userID as a
must,
Post by Richard Geoffrion
the other one as uid as a must and jxplorer treats these as
different..which it shouldn't
--
Douglas E. Engert <***@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
Loading...