unable to create users on OpenLDAP having german umlauts - openldap

When I try to add a user on OpenLDAP 2.4.32 using ldapmodify which has a german umlaut I get a ldap syntax error
ldapmodify.exe" -a -x -H ldap://localhost -D %LDAP_ROOT% -w %LDAP_SECRET%
dn:uid=aöich,ou=Users,dc=cricbox,dc=in
changetype: add
objectClass:person
objectClass:inetOrgPerson
objectClass:organizationalPerson
uid:aöich
cn:aöich
sn:aöich
ldap_add: Invalid DN syntax (34)
additional info: invalid DN
How to add a user with german mmlaut character on OpenLDAP server ?

Check if your databank schema supports Unicode. Check LDAP documentation here:
attributeType ( 2.5.4.41 NAME 'name'
DESC 'name(s) associated with the object'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
attributeType ( 2.5.4.3 NAME ( 'cn' 'commonName' )
DESC 'common name(s) assciated with the object'
SUP name )
Your attributes should contain:
directoryString 1.3.6.1.4.1.1466.115.121.1.15 Unicode (UTF-8) string

Related

Select version string from JSON array and increment it by one using jq

Bash script find a a tags in ECR repo:
aws ecr describe-images --repository-name laplacelab-backend-repo
\ --query 'sort_by(imageDetails,& imagePushedAt)[*]'
\--output json | jq -r '.[].imageTags'
Output:
[
"v1",
"sometag",
...
]
How I can extract the version number? v<number> can contain the only version tag. I need to get a number and increment version for the set to var. If output of sort_by(imageDetails,& imagePushedAt)[*] is empty JSON arr instead
[
{
"registryId": "057296704062",
"repositoryName": "laplacelab-backend-repo",
"imageDigest": "sha256:c14685cf0be7bf7ab1b42f529ca13fe2e9ce00030427d8122928bf2d46063bb7",
"imageTags": [
"v1"
],
"imageSizeInBytes": 351676915,
"imagePushedAt": 1593514683.0
}
]
Set 2
No one repo sort_by(imageDetails,& imagePushedAt)[*] return [] set 1.
As a result, I try to get var VERSION with next version for an update or 1 if the repo is empty.
You could use the select() function on the imageTags array and get only the tag starting with v and increment it.
jq '( .[].imageTags[] | select(startswith("v")) | ltrimstr("v") | tonumber | .+1 ) // 1'
For other cases like the tags array being empty or containing null strings (error case), the value defaults to 1
For storing into the variable e.g. say version (avoid using uppercase variable names from a user scripts), use command substitution. See How do I set a variable to the output of a command in Bash?
version=$( <your-pipeline> )
Note: This does not work well with version strings following Semantic versioning RFC, e.g. as v1.2.1 as jq does not have a library to parse them.

Error occurred while executing Dynomodb query

Here, is my configuration:
Table Name: MY_TABLE
Primary partition key method (String)
Primary sort key path (String)
and I would like to query agains two fields:
1. method (Primary partition key): GET
2. path (Primary sort key): /greet/v1/hello
I have used '#pathKey' because 'path' is a reserved keyword. (Similar for #methodKey)
aws dynamodb query --table-name MY_TABLE \
--key-condition-expression '#pathKey=:path1 AND #methodKey=:method1' \
--expression-attribute-names '{"#pathKey":"path"}' \
--expression-attribute-names '{"#methodKey":"method"}' \
--expression-attribute-values '{":method1":{"S":"GET"}}' \
--expression-attribute-values '{":path1":{"S":"/greet/v1/hello"}}'
But while doing so, I am getting the below error:
An error occurred (ValidationException) when calling the Query operation: Invalid KeyConditionExpression: An expression attribute name used in the document path is not defined; attribute name: #pathKey
Please note that, I don't want to use an external JSON file to pass parameters and needs to run on command line.
You should provide all expression attribute names under the same CLI argument (also true for the values).
What happened is that --expression-attribute-names '{"#methodKey":"method"}' override the one before. Hence, the error is regarding missing #pathKey.
It should work for you this way:
aws dynamodb query --table-name MY_TABLE \
--key-condition-expression '#pathKey=:path1 AND #methodKey=:method1' \
--expression-attribute-names '{"#pathKey":"path", "#methodKey":"method"}' \
--expression-attribute-values '{":path1":{"S":"/greet/v1/hello"}, ":method1":{"S":"GET"}}'

equality index of attribute "privateEmail" disallowed

I'm installed OpenLDAP 2.4 to CentOS 6 server.
Added custom attributes and schema 'myUser':
dn: cn=my,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: my
objectClass: top
olcAttributeTypes: ( 331.332.333.1 NAME 'firstName' DESC 'First name of a person' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
olcAttributeTypes: ( 331.332.333.2 NAME 'privateEmail' DESC 'Private email of a person' SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 X-ORIGIN 'user defined' )
olcAttributeTypes: ( 331.332.333.3 NAME 'userOid' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' )
olcAttributeTypes: ( 331.332.339.4 NAME 'isTrusted' DESC 'Determines if user is trusted' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' )
olcAttributeTypes: ( 331.332.333.6 NAME 'gender' DESC 'Person gender (M,F or U)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' )
olcAttributeTypes: ( 331.332.333.8 NAME 'privatePhone' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' )
olcAttributeTypes: ( 331.332.333.9 NAME 'otpContact' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' )
olcAttributeTypes: ( 331.332.333.10 NAME 'otpAuthnFlag' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' )
olcAttributeTypes: ( 331.332.333.11 NAME 'lastName' DESC 'Last name of a person' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' )
olcAttributeTypes: ( 2.16.840.1.113730.3.1.610 NAME 'nsAccountLock' DESC 'Operational attribute for Account Inactivation' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcObjectClasses: ( 331.332.333.12 NAME 'myUser' DESC 'user for my entity' SUP top STRUCTURAL MUST ( uid $ isTrusted $ nsAccountLock $ firstName ) MAY ( lastName $ userPassword $ privateEmail $ otpContact $ otpAuthnFlag $ privatePhone $ userOid ) X-ORIGIN 'user defined' )
Trying to add the index and get the error:
# ldapadd -x -W -D cn=config -f /opt/index.ldif
Enter LDAP Password:
modifying entry "olcDatabase={2}bdb, cn=config"
ldap_modify: Other (e.g., implementation specific) error (80)
additional info: equality index of attribute "privateEmail" disallowed
My index.ldif:
dn: olcDatabase={2}bdb, cn=config
changetype: modify
add: olcDbIndex
olcDbIndex: privateEmail eq
olcDbIndex: privatePhone eq
You're using the wrong syntax OID for privateEmail. The one you're using is for Postal Addresses, and it doesn't support indexing. See RFC 4517.
You should be using 1.3.6.1.4.1.1466.115.121.1.26 as per RFC 2798. Check the others for sanity as well.

How can I ask Riak 1.4 to index and then be able to search my document based on properties of embedded document?

Working with Riak 1.4.7
I have a document that has a property that is an array of embedded documents. Here is a sample of the document:
{"prospect":true, "name":"HzNUeioPYynsGdXL6iSFvQ",
"contact_email":"contact#HzNUeioPYynsGdXL6iSFvQ.gr",
"e_shops":[{"store_url":"www.store.url.com","display_name":"hello there"},
{"store_url":"www.store2.url.com","display_name":"hello2 there"}]
}
The corresponding bucket has index enabled and works fine. For example, the following search command locate the object without problem:
search-cmd search index_name contact_email:contact#HzNUeioPYynsGdXL6iSFvQ.gr
The question here is how can I search by the store_url for example.
store_url is a property of an embedded document which, in turn, is an element of an array property of the main document.
1) Do I have to specify a custom schema file in order for the index to index these properties?
2) Do I have to query using some kind of special syntax?
The default JSON extractor should handle that case by joining all of the values in the array in a space separated list. Nested names are handled by joining them with an underscore. So in this case, the field e_shops_store_url would contain www.store.url.com www.store2.url.com. You can query that field normally.
I ran a quick example to demonstrate:
root#node1:~# search-cmd install searchtest
:: Installing Riak Search <--> KV hook on bucket 'searchtest'.
root#node1:~# curl 172.31.0.1:8098/buckets/searchtest/keys/test1 \
-XPUT -H"content-type:application/json" \
-d '{"prospect":true, "name":"HzNUeioPYynsGdXL6iSFvQ",
> "contact_email":"contact#HzNUeioPYynsGdXL6iSFvQ.gr",
> "e_shops":[{"store_url":"www.store.url.com","display_name":"hello there"},
> {"store_url":"www.store2.url.com","display_name":"hello2 there"}]
> }'
root#node1:~# curl 172.31.0.1:8098/buckets/searchtest/keys/test2 \
-XPUT -H"content-type:application/json" \
-d '{"prospect":true, "name":"-HzNUeioPYynsGdXL6iSFvQ",
>"contact_email":"contact#-HzNUeioPYynsGdXL6iSFvQ.gr",
>"e_shops":[{"store_url":"www.store.url.com","display_name":"hello there"},
> {"store_url":"www.store3.url.com","display_name":"hello3 there"}]
>}'
root#node1:~# search-cmd search-doc searchtest e_shops_store_url:www.store.url.com
:: Searching for 'e_shops_store_url:www.store.url.com' / '' in searchtest...
------------------------------
index/id: searchtest/test1
<<"contact_email">> => <<"contact#HzNUeioPYynsGdXL6iSFvQ.gr">>
<<"e_shops_display_name">> => <<"hello there hello2 there">>
<<"e_shops_store_url">> => <<"www.store.url.com www.store2.url.com">>
<<"name">> => <<"HzNUeioPYynsGdXL6iSFvQ">>
<<"prospect">> => <<"true">>
------------------------------
index/id: searchtest/test2
<<"contact_email">> => <<"contact#-HzNUeioPYynsGdXL6iSFvQ.gr">>
<<"e_shops_display_name">> => <<"hello there hello3 there">>
<<"e_shops_store_url">> => <<"www.store.url.com www.store3.url.com">>
<<"name">> => <<"-HzNUeioPYynsGdXL6iSFvQ">>
<<"prospect">> => <<"true">>
------------------------------
:: Found 2 results.
:: Maximum score "0.353553".

adding custom attributes to openldap

This is my first time at LDAP . I have setup an openldap on ubuntu machine and an ldap browser (phpldapadmin) on the remote system .I 'm trying to add two custom attributes to the cn=config and i get a successful message but if i see the attributes or the schema in the ldap browser its no where visible , please let me know where i'm going wrong . Below are the steps i have taken
1)Creating custom.schema file
#file to add custom schemas to the ldap
attributetype ( 1.7.11.1.1
NAME 'studentid'
DESC 'unique id given to each student of the college'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributetype ( 1.7.11.1.2
NAME 'pexpiry'
DESC 'indicated the date of password expiry'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
objectClass ( 1.7.11.1.1.100
NAME 'Studentinfo'
DESC 'Studentinfo object classes '
SUP top
AUXILIARY
MUST ( studentid $ pexpiry $
)
)
2)Create an ldif file
#ldif file containing the custom schema
dn: cn=custom,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: custom
olcAttributeTypes: ( 1.7.11.1.1
NAME 'studentid'
DESC 'unique id given to each student of the college'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
olcAttributeTypes: ( 1.7.11.1.2
NAME 'pexpiry'
DESC 'indicated the date of password expiry'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
olcObjectClasses: ( 1.7.11.1.1.100
NAME 'Studentinfo'
DESC 'Studentinfo object class '
SUP top
AUXILIARY
MUST ( studentid $ pexpiry $
)
)
3)Add the ldif file to the cn=config using the below command
ldapadd -x -h 192.168.2.3 -D "cn=admin,cn=config" -W -f ./custom.ldif
It first asks for password , i enter the password and i get the message as
Adding entry "cn=custom,cn=schema,cn=config"
But when i goto browser i don't see the schema nor the attributes there .I tried to add an user it said invalid attributes .
1] Add custom schema in slapd.conf and restart LDAP service.If Everything is ok service will start properly otherwise it will give error.
2] After this if possible use Apache Studio for browsing,i was also not able to see the custom object in other browsers.

Resources