Hi all, Simple issue here perhaps. I had set up my LDIF files like this example (variables get set of course) to change a users shadowAccount password under FDS 1.0.4 and all my updates seem to work just fine using ldapmodify.
dn: uid=$UID, ou=People, $DNDOMAIN changetype: modify shadowLastChange: $TODAY userPassword: $PWHASH
But recent research into LDIF revealed that the proper way to update attributes is using this "replace" method.
dn: uid=$UID, ou=People, $DNDOMAIN changetype: modify replace: shadowLastChange shadowLastChange: $TODAY
dn: uid=$UID, ou=People, $DNDOMAIN changetype: modify replace: userPassword userPassword: $PWHASH
Are both legal or permitted or did I just get lucky or is it not really doing what I think? All ldapsearch results look the same after using either?
Kyle Tucker wrote:
But recent research into LDIF revealed that the proper way
What do you mean by "recent" here? RFC 2849 was published in 2000, and I don't think there was much further research. That document illustrate even wiser (and syntactically correct) means to perform the modifications you need.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati@sys-net.it ------------------------------------------
Kyle Tucker wrote:
But recent research into LDIF revealed that the proper way
What do you mean by "recent" here? RFC 2849 was published in 2000, and I don't think there was much further research. That document illustrate even wiser (and syntactically correct) means to perform the modifications you need.
I was referring to my research. I was more looking into why the other non-replace method works, if it was some optional syntax or if it wasn't even working as it seemed, although all evidence I saw indicated it was.
Kyle Tucker wrote:
Kyle Tucker wrote:
But recent research into LDIF revealed that the proper way
What do you mean by "recent" here? RFC 2849 was published in 2000, and I don't think there was much further research. That document illustrate even wiser (and syntactically correct) means to perform the modifications you need.
I was referring to my research. I was more looking into why the other non-replace method works, if it was some optional syntax or if it wasn't even working as it seemed, although all evidence I saw indicated it was.
dn: uid=$UID, ou=People, $DNDOMAIN changetype: modify shadowLastChange: $TODAY userPassword: $PWHASH
The above is a bug (feature?) of the LDIF parsing routine, a bit too liberal
dn: uid=$UID, ou=People, $DNDOMAIN changetype: modify replace: shadowLastChange shadowLastChange: $TODAY
dn: uid=$UID, ou=People, $DNDOMAIN changetype: modify replace: userPassword userPassword: $PWHASH
The above, according to RFC 2849, can be summarized in
dn: uid=$UID, ou=People, $DNDOMAIN changetype: modify replace: shadowLastChange shadowLastChange: $TODAY - replace: userPassword userPassword: $PWHASH -
with two relevant consequences: 1) only one operation is performed instead of two; 2) as a consequence, the modification is atomic, i.e. either they both succeed or they both fail; the way you indicated, they could have independently succeeded or failed.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati@sys-net.it ------------------------------------------
389-users@lists.fedoraproject.org