You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@directory.apache.org by Markus Pohle <ap...@webunity.de> on 2007/07/21 18:38:11 UTC
Difference between the following ldif files
Hi list,
I used a ApacheDS in version 1.5.0 (officially released version
downloaded from directory website) on my server and created my on
partition with the following ldap structure:
dn: dc=DOUGLASHOLDING
objectClass: domain
objectClass: extensibleObject
objectClass: top
dc: douglasholding
dn: dc=VERWALTUNG,dc=DOUGLASHOLDING
objectClass: domain
objectClass: top
0.9.2342.19200300.100.1.25: verwaltung
dc: VERWALTUNG
dn: cn=users,dc=VERWALTUNG,dc=DOUGLASHOLDING
objectClass: organizationalRole
objectClass: top
2.5.4.3: users
cn: users
dn: dc=APPLICATIONS,dc=DOUGLASHOLDING
objectClass: domain
objectClass: top
0.9.2342.19200300.100.1.25: applications
dc: APPLICATIONS
dn: cn=cms,dc=APPLICATIONS,dc=DOUGLASHOLDING
objectClass: organizationalRole
objectClass: top
2.5.4.3: cms
cn: cms
Then I needed to switch to apacheds-1.5.1-snapshot release that Alex
Karasulu due to apacheds-tools problems with version 1.5.0 build for me.
And what I found out browsing the ldap schema using LDAP Studio on the
apacheds-1.5.1-snapshot is the following:
dn: dc=DOUGLASHOLDING
objectClass: domain
objectClass: extensibleObject
objectClass: top
dc: douglasholding
dn: dc=VERWALTUNG,dc=DOUGLASHOLDING
objectClass: domain
objectClass: top
dc: VERWALTUNG
dn: cn=users,dc=VERWALTUNG,dc=DOUGLASHOLDING
objectClass: organizationalRole
objectClass: top
cn: users
dn: dc=APPLICATIONS,dc=DOUGLASHOLDING
objectClass: domain
objectClass: top
dc: APPLICATIONS
dn: cn=cms,dc=APPLICATIONS,dc=DOUGLASHOLDING
objectClass: organizationalRole
objectClass: top
cn: cms
And here comes the question:
What are these additional objectclasses for that can be seen in the
upper example of the ldap structure, e.g.:
0.9.2342.19200300.100.1.25: applications
2.5.4.3: cms
What are they good for? Are they essentially/neccessary? And why can the
ldap schema on the apacheds-1.5.1-snapshot run without them?
Any explanation is really appreciated.
TIA
Markus
Re: Difference between the following ldif files
Posted by Alex Karasulu <ak...@apache.org>.
Hi Markus,
On 7/21/07, Markus Pohle <ap...@webunity.de> wrote:
>
> Hi list,
>
> I used a ApacheDS in version 1.5.0 (officially released version
> downloaded from directory website) on my server and created my on
> partition with the following ldap structure:
>
> dn: dc=DOUGLASHOLDING
> objectClass: domain
> objectClass: extensibleObject
> objectClass: top
> dc: douglasholding
>
> dn: dc=VERWALTUNG,dc=DOUGLASHOLDING
> objectClass: domain
> objectClass: top
> 0.9.2342.19200300.100.1.25: verwaltung
> dc: VERWALTUNG
>
> dn: cn=users,dc=VERWALTUNG,dc=DOUGLASHOLDING
> objectClass: organizationalRole
> objectClass: top
> 2.5.4.3: users
> cn: users
>
> dn: dc=APPLICATIONS,dc=DOUGLASHOLDING
> objectClass: domain
> objectClass: top
> 0.9.2342.19200300.100.1.25: applications
> dc: APPLICATIONS
>
> dn: cn=cms,dc=APPLICATIONS,dc=DOUGLASHOLDING
> objectClass: organizationalRole
> objectClass: top
> 2.5.4.3: cms
> cn: cms
>
> Then I needed to switch to apacheds-1.5.1-snapshot release that Alex
> Karasulu due to apacheds-tools problems with version 1.5.0 build for me.
>
> And what I found out browsing the ldap schema using LDAP Studio on the
> apacheds-1.5.1-snapshot is the following:
>
> dn: dc=DOUGLASHOLDING
> objectClass: domain
> objectClass: extensibleObject
> objectClass: top
> dc: douglasholding
>
> dn: dc=VERWALTUNG,dc=DOUGLASHOLDING
> objectClass: domain
> objectClass: top
> dc: VERWALTUNG
>
> dn: cn=users,dc=VERWALTUNG,dc=DOUGLASHOLDING
> objectClass: organizationalRole
> objectClass: top
> cn: users
>
> dn: dc=APPLICATIONS,dc=DOUGLASHOLDING
> objectClass: domain
> objectClass: top
> dc: APPLICATIONS
>
> dn: cn=cms,dc=APPLICATIONS,dc=DOUGLASHOLDING
> objectClass: organizationalRole
> objectClass: top
> cn: cms
>
> And here comes the question:
> What are these additional objectclasses for that can be seen in the
> upper example of the ldap structure, e.g.:
>
> 0.9.2342.19200300.100.1.25: applications
> 2.5.4.3: cms
These are the normalized representations of attributes dc and cn
respectively. These
numbers are their OIDs.
Looks to me like your LDIF export contained them and so ApacheDS preserved
them as
you loaded them into the server. ApacheDS is required to return entries as
you entered
them without modifying the entries attribute names. BTW in LDAP you can use
OID, or
an alias like cn, or even commonName. What ever you choose on the import or
add
operation should be returned back to you as it was imported/added.
Now this leads us to the question of why the export from ApacheDS resulted
in returning
these canonical representations instead of the attribute aliases which you
probably
originally provided like cn and dc instead. I presume before the LDIF
export you took, you
initially added these entries to the first ADS instance using dc and cn
correct?
If this is happening the server may be reverting indexed attribute
identifiers to their OID.
If so this is a bug we need to fix. However there was a switch in the
server that forces denormalization which I had thought was enabled by
default.
I recommend performing a little test to see what is going on. Just delete
the structure you
loaded and massage your export file to just use the alias names dc and cn
instead of using
their OIDs. Then load it into the server again and see if in studio the OID
appears instead.
Let us know if the server is changing these attribute identifiers back into
their OID. Also
take an export to LDIF again and see if that export has replaced cn and dc
with their OID.
HTH,
Alex
Re: Difference between the following ldif files
Posted by Emmanuel Lecharny <el...@gmail.com>.
0.9.2342.19200300.100.1.25 is the OID for DomainComponent (AKA dc)
2.5.4.3 is the OID for CommonName (AKA cn)
You can use either 2.5.4.3, CommonName or CN, they represent exactly
the same thing. However, I engage you to use 'cn' which is shorter...
Emmanuel
On 7/21/07, Markus Pohle <ap...@webunity.de> wrote:
> Hi list,
>
> I used a ApacheDS in version 1.5.0 (officially released version
> downloaded from directory website) on my server and created my on
> partition with the following ldap structure:
>
> dn: dc=DOUGLASHOLDING
> objectClass: domain
> objectClass: extensibleObject
> objectClass: top
> dc: douglasholding
>
> dn: dc=VERWALTUNG,dc=DOUGLASHOLDING
> objectClass: domain
> objectClass: top
> 0.9.2342.19200300.100.1.25: verwaltung
> dc: VERWALTUNG
>
> dn: cn=users,dc=VERWALTUNG,dc=DOUGLASHOLDING
> objectClass: organizationalRole
> objectClass: top
> 2.5.4.3: users
> cn: users
>
> dn: dc=APPLICATIONS,dc=DOUGLASHOLDING
> objectClass: domain
> objectClass: top
> 0.9.2342.19200300.100.1.25: applications
> dc: APPLICATIONS
>
> dn: cn=cms,dc=APPLICATIONS,dc=DOUGLASHOLDING
> objectClass: organizationalRole
> objectClass: top
> 2.5.4.3: cms
> cn: cms
>
> Then I needed to switch to apacheds-1.5.1-snapshot release that Alex
> Karasulu due to apacheds-tools problems with version 1.5.0 build for me.
>
> And what I found out browsing the ldap schema using LDAP Studio on the
> apacheds-1.5.1-snapshot is the following:
>
> dn: dc=DOUGLASHOLDING
> objectClass: domain
> objectClass: extensibleObject
> objectClass: top
> dc: douglasholding
>
> dn: dc=VERWALTUNG,dc=DOUGLASHOLDING
> objectClass: domain
> objectClass: top
> dc: VERWALTUNG
>
> dn: cn=users,dc=VERWALTUNG,dc=DOUGLASHOLDING
> objectClass: organizationalRole
> objectClass: top
> cn: users
>
> dn: dc=APPLICATIONS,dc=DOUGLASHOLDING
> objectClass: domain
> objectClass: top
> dc: APPLICATIONS
>
> dn: cn=cms,dc=APPLICATIONS,dc=DOUGLASHOLDING
> objectClass: organizationalRole
> objectClass: top
> cn: cms
>
> And here comes the question:
> What are these additional objectclasses for that can be seen in the
> upper example of the ldap structure, e.g.:
>
> 0.9.2342.19200300.100.1.25: applications
> 2.5.4.3: cms
>
>
> What are they good for? Are they essentially/neccessary? And why can the
> ldap schema on the apacheds-1.5.1-snapshot run without them?
> Any explanation is really appreciated.
>
> TIA
> Markus
>
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com
Re: Difference between the following ldif files
Posted by Markus Pohle <ap...@webunity.de>.
Hi Emmanuel,
yes I did use replication, as Martin suggested.
Markus
Emmanuel Lecharny schrieb:
> Hi Markus, Martin
>
> I suddenly realized that some objectClasses were duplicated (2.5.4.3
> and cn) i the first LDIF file. How possibly did you obtained this
> extract ? It seems to be a bug.
>
> Did you used replication as suggested by Martin ?
>
> On 7/23/07, Martin Alderson <Ma...@salfordsoftware.co.uk> wrote:
>>
>> Hi Markus,
>>
>> Sorry for the delay with this message, I am having some problems with
>> the mailing lists at the moment so I don't get to see messages for 1-2
>> days.
>>
>> I suspect your problem is caused by the replication service
>> (mitosis). When it is enabled it seems to like adding the naming
>> component (e.g. cn, dc) with OID's to entries when they are created.
>> I don't believe they are necessary but I don't think they will cause
>> you any problems either. If you want, I think you can stop this
>> happening by removing the following lines from
>> org.apache.directory.mitosis.operation.AddEntryOperation.execute0:
>>
>> String rdn = normalizedName.get( normalizedName.size() - 1 );
>> // Remove the attribute first in case we're using a buggy
>> // AttributesImpl which doesn't replace old attributes
>> // when we put a new one.
>> entry.remove( NamespaceTools.getRdnAttribute( rdn ) );
>> entry.put( NamespaceTools.getRdnAttribute( rdn ),
>> NamespaceTools.getRdnValue( rdn ) );
>>
>> It seems to be quite specific in what it is doing but I can't really
>> see why it should be done!
>>
>> Martin
>>
>>
>>
>> >>> Markus Pohle <ap...@webunity.de> 21/07/2007 17:38 >>>
>> Hi list,
>>
>> I used a ApacheDS in version 1.5.0 (officially released version
>> downloaded from directory website) on my server and created my on
>> partition with the following ldap structure:
>>
>> dn: dc=DOUGLASHOLDING
>> objectClass: domain
>> objectClass: extensibleObject
>> objectClass: top
>> dc: douglasholding
>>
>> dn: dc=VERWALTUNG,dc=DOUGLASHOLDING
>> objectClass: domain
>> objectClass: top
>> 0.9.2342.19200300.100.1.25: verwaltung
>> dc: VERWALTUNG
>>
>> dn: cn=users,dc=VERWALTUNG,dc=DOUGLASHOLDING
>> objectClass: organizationalRole
>> objectClass: top
>> 2.5.4.3: users
>> cn: users
>>
>> dn: dc=APPLICATIONS,dc=DOUGLASHOLDING
>> objectClass: domain
>> objectClass: top
>> 0.9.2342.19200300.100.1.25: applications
>> dc: APPLICATIONS
>>
>> dn: cn=cms,dc=APPLICATIONS,dc=DOUGLASHOLDING
>> objectClass: organizationalRole
>> objectClass: top
>> 2.5.4.3: cms
>> cn: cms
>>
>> Then I needed to switch to apacheds-1.5.1-snapshot release that Alex
>> Karasulu due to apacheds-tools problems with version 1.5.0 build for me.
>>
>> And what I found out browsing the ldap schema using LDAP Studio on the
>> apacheds-1.5.1-snapshot is the following:
>>
>> dn: dc=DOUGLASHOLDING
>> objectClass: domain
>> objectClass: extensibleObject
>> objectClass: top
>> dc: douglasholding
>>
>> dn: dc=VERWALTUNG,dc=DOUGLASHOLDING
>> objectClass: domain
>> objectClass: top
>> dc: VERWALTUNG
>>
>> dn: cn=users,dc=VERWALTUNG,dc=DOUGLASHOLDING
>> objectClass: organizationalRole
>> objectClass: top
>> cn: users
>>
>> dn: dc=APPLICATIONS,dc=DOUGLASHOLDING
>> objectClass: domain
>> objectClass: top
>> dc: APPLICATIONS
>>
>> dn: cn=cms,dc=APPLICATIONS,dc=DOUGLASHOLDING
>> objectClass: organizationalRole
>> objectClass: top
>> cn: cms
>>
>> And here comes the question:
>> What are these additional objectclasses for that can be seen in the
>> upper example of the ldap structure, e.g.:
>>
>> 0.9.2342.19200300.100.1.25: applications
>> 2.5.4.3: cms
>>
>>
>> What are they good for? Are they essentially/neccessary? And why can the
>> ldap schema on the apacheds-1.5.1-snapshot run without them?
>> Any explanation is really appreciated.
>>
>> TIA
>> Markus
>>
>> ---- Scanned by M+ Guardian Messaging Firewall ----
>>
>>
>>
>> ---- Scanned by M+ Guardian Messaging Firewall ----
>>
>>
>>
>
>
Re: Difference between the following ldif files
Posted by Emmanuel Lecharny <el...@gmail.com>.
Hi Markus, Martin
I suddenly realized that some objectClasses were duplicated (2.5.4.3
and cn) i the first LDIF file. How possibly did you obtained this
extract ? It seems to be a bug.
Did you used replication as suggested by Martin ?
On 7/23/07, Martin Alderson <Ma...@salfordsoftware.co.uk> wrote:
>
> Hi Markus,
>
> Sorry for the delay with this message, I am having some problems with the mailing lists at the moment so I don't get to see messages for 1-2 days.
>
> I suspect your problem is caused by the replication service (mitosis). When it is enabled it seems to like adding the naming component (e.g. cn, dc) with OID's to entries when they are created. I don't believe they are necessary but I don't think they will cause you any problems either. If you want, I think you can stop this happening by removing the following lines from org.apache.directory.mitosis.operation.AddEntryOperation.execute0:
>
> String rdn = normalizedName.get( normalizedName.size() - 1 );
> // Remove the attribute first in case we're using a buggy
> // AttributesImpl which doesn't replace old attributes
> // when we put a new one.
> entry.remove( NamespaceTools.getRdnAttribute( rdn ) );
> entry.put( NamespaceTools.getRdnAttribute( rdn ), NamespaceTools.getRdnValue( rdn ) );
>
> It seems to be quite specific in what it is doing but I can't really see why it should be done!
>
> Martin
>
>
>
> >>> Markus Pohle <ap...@webunity.de> 21/07/2007 17:38 >>>
> Hi list,
>
> I used a ApacheDS in version 1.5.0 (officially released version
> downloaded from directory website) on my server and created my on
> partition with the following ldap structure:
>
> dn: dc=DOUGLASHOLDING
> objectClass: domain
> objectClass: extensibleObject
> objectClass: top
> dc: douglasholding
>
> dn: dc=VERWALTUNG,dc=DOUGLASHOLDING
> objectClass: domain
> objectClass: top
> 0.9.2342.19200300.100.1.25: verwaltung
> dc: VERWALTUNG
>
> dn: cn=users,dc=VERWALTUNG,dc=DOUGLASHOLDING
> objectClass: organizationalRole
> objectClass: top
> 2.5.4.3: users
> cn: users
>
> dn: dc=APPLICATIONS,dc=DOUGLASHOLDING
> objectClass: domain
> objectClass: top
> 0.9.2342.19200300.100.1.25: applications
> dc: APPLICATIONS
>
> dn: cn=cms,dc=APPLICATIONS,dc=DOUGLASHOLDING
> objectClass: organizationalRole
> objectClass: top
> 2.5.4.3: cms
> cn: cms
>
> Then I needed to switch to apacheds-1.5.1-snapshot release that Alex
> Karasulu due to apacheds-tools problems with version 1.5.0 build for me.
>
> And what I found out browsing the ldap schema using LDAP Studio on the
> apacheds-1.5.1-snapshot is the following:
>
> dn: dc=DOUGLASHOLDING
> objectClass: domain
> objectClass: extensibleObject
> objectClass: top
> dc: douglasholding
>
> dn: dc=VERWALTUNG,dc=DOUGLASHOLDING
> objectClass: domain
> objectClass: top
> dc: VERWALTUNG
>
> dn: cn=users,dc=VERWALTUNG,dc=DOUGLASHOLDING
> objectClass: organizationalRole
> objectClass: top
> cn: users
>
> dn: dc=APPLICATIONS,dc=DOUGLASHOLDING
> objectClass: domain
> objectClass: top
> dc: APPLICATIONS
>
> dn: cn=cms,dc=APPLICATIONS,dc=DOUGLASHOLDING
> objectClass: organizationalRole
> objectClass: top
> cn: cms
>
> And here comes the question:
> What are these additional objectclasses for that can be seen in the
> upper example of the ldap structure, e.g.:
>
> 0.9.2342.19200300.100.1.25: applications
> 2.5.4.3: cms
>
>
> What are they good for? Are they essentially/neccessary? And why can the
> ldap schema on the apacheds-1.5.1-snapshot run without them?
> Any explanation is really appreciated.
>
> TIA
> Markus
>
> ---- Scanned by M+ Guardian Messaging Firewall ----
>
>
>
> ---- Scanned by M+ Guardian Messaging Firewall ----
>
>
>
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com
Re: Difference between the following ldif files
Posted by Martin Alderson <Ma...@salfordsoftware.co.uk>.
Hi Markus,
Sorry for the delay with this message, I am having some problems with the mailing lists at the moment so I don't get to see messages for 1-2 days.
I suspect your problem is caused by the replication service (mitosis). When it is enabled it seems to like adding the naming component (e.g. cn, dc) with OID's to entries when they are created. I don't believe they are necessary but I don't think they will cause you any problems either. If you want, I think you can stop this happening by removing the following lines from org.apache.directory.mitosis.operation.AddEntryOperation.execute0:
String rdn = normalizedName.get( normalizedName.size() - 1 );
// Remove the attribute first in case we're using a buggy
// AttributesImpl which doesn't replace old attributes
// when we put a new one.
entry.remove( NamespaceTools.getRdnAttribute( rdn ) );
entry.put( NamespaceTools.getRdnAttribute( rdn ), NamespaceTools.getRdnValue( rdn ) );
It seems to be quite specific in what it is doing but I can't really see why it should be done!
Martin
>>> Markus Pohle <ap...@webunity.de> 21/07/2007 17:38 >>>
Hi list,
I used a ApacheDS in version 1.5.0 (officially released version
downloaded from directory website) on my server and created my on
partition with the following ldap structure:
dn: dc=DOUGLASHOLDING
objectClass: domain
objectClass: extensibleObject
objectClass: top
dc: douglasholding
dn: dc=VERWALTUNG,dc=DOUGLASHOLDING
objectClass: domain
objectClass: top
0.9.2342.19200300.100.1.25: verwaltung
dc: VERWALTUNG
dn: cn=users,dc=VERWALTUNG,dc=DOUGLASHOLDING
objectClass: organizationalRole
objectClass: top
2.5.4.3: users
cn: users
dn: dc=APPLICATIONS,dc=DOUGLASHOLDING
objectClass: domain
objectClass: top
0.9.2342.19200300.100.1.25: applications
dc: APPLICATIONS
dn: cn=cms,dc=APPLICATIONS,dc=DOUGLASHOLDING
objectClass: organizationalRole
objectClass: top
2.5.4.3: cms
cn: cms
Then I needed to switch to apacheds-1.5.1-snapshot release that Alex
Karasulu due to apacheds-tools problems with version 1.5.0 build for me.
And what I found out browsing the ldap schema using LDAP Studio on the
apacheds-1.5.1-snapshot is the following:
dn: dc=DOUGLASHOLDING
objectClass: domain
objectClass: extensibleObject
objectClass: top
dc: douglasholding
dn: dc=VERWALTUNG,dc=DOUGLASHOLDING
objectClass: domain
objectClass: top
dc: VERWALTUNG
dn: cn=users,dc=VERWALTUNG,dc=DOUGLASHOLDING
objectClass: organizationalRole
objectClass: top
cn: users
dn: dc=APPLICATIONS,dc=DOUGLASHOLDING
objectClass: domain
objectClass: top
dc: APPLICATIONS
dn: cn=cms,dc=APPLICATIONS,dc=DOUGLASHOLDING
objectClass: organizationalRole
objectClass: top
cn: cms
And here comes the question:
What are these additional objectclasses for that can be seen in the
upper example of the ldap structure, e.g.:
0.9.2342.19200300.100.1.25: applications
2.5.4.3: cms
What are they good for? Are they essentially/neccessary? And why can the
ldap schema on the apacheds-1.5.1-snapshot run without them?
Any explanation is really appreciated.
TIA
Markus
---- Scanned by M+ Guardian Messaging Firewall ----
---- Scanned by M+ Guardian Messaging Firewall ----