[Date Prev][Date Next] [Chronological] [Thread] [Top]
(ITS#5296) Search netgroup by triple don't report existing entry

To: openldap-its@OpenLDAP.org
Subject: (ITS#5296) Search netgroup by triple don't report existing entry
From: rochette_jean-louis@emc.com
Date: Fri, 21 Dec 2007 11:37:38 GMT
Full_Name: Jean-Louis ROCHETTE
Version: 2.3.39
OS: Linux Fedora
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (152.62.109.163)


Brief description of the problem
--------------------------------
Lookup of a netgroup by triple doesn't work in last stable release slapd 2.3.39,
though it worked well with slapd 2.3.27.
This looks like a regression in slapd.
This should be easy to reproduce.
The problem was first noticed in slapd 2.3.30.
The lookup by triple succeeds with a iPlanet server.


Details
-------
Let's define a host, and a netgroup with a single triple designating this host:

dn: cn=r2d2,ou=Hosts,dc=devldapdom1,dc=lcsc
objectClass: top
objectClass: ipHost
objectClass: device
ipHostNumber: 192.168.5.69
cn: r2d2

dn: cn=r2d2netg,ou=netgroup,dc=devldapdom1,dc=lcsc
objectClass: top
objectClass: nisNetgroup
cn: r2d2netg
description: netgroup r2d2netg to test AR 98216
nisNetgroupTriple: (r2d2,,)

The syntax for the nisNetgroupTriple attribute is IA5String (instead of Netgroup
Triple):
attributeTypes: ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Netgroup
triple' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )


1) *** Test with slapd 2.3.27 : OK ***
jlr@SUSE-LDAP1(53) uname -a
Linux SUSE-LDAP1 2.6.18.2-34-default #1 SMP Mon Nov 27 11:46:27 UTC 2006 i686
i686 i386 GNU/Linux
jlr@SUSE-LDAP1(42) ps -ef |grep slap
ldap      3774     1  0 Nov29 ?        00:04:47 /usr/lib/openldap/slapd -h
ldap:/// -u ldap -g ldap -o slp=on
jlr@SUSE-LDAP1(45) /usr/lib/openldap/slapd -V
@(#) $OpenLDAP: slapd 2.3.27 (Nov 25 2006 17:08:16) $
        abuild@eisler:/usr/src/packages/BUILD/openldap-2.3.27/servers/slapd
jlr@SUSE-LDAP1(46) ldapsearch -V
ldapsearch: @(#) $OpenLDAP: ldapsearch 2.3.27 (Nov 25 2006 17:09:14) $
        abuild@dale:/usr/src/packages/BUILD/openldap-2.3.27/clients/tools
        (LDAP library: OpenLDAP 20327)

// locate the netgroup by name -> find r2d2netg with triple (r2d2,,) : OK
jlr@SUSE-LDAP1(49) ldapsearch -x -b "ou=netgroup,dc=devldapdom1,dc=lcsc" -s one
"(&(objectClass=nisNetgroup)(cn=r2d2netg))" cn nisNetgroupTriple
# extended LDIF
#
# LDAPv3
# base <ou=netgroup,dc=devldapdom1,dc=lcsc> with scope oneLevel
# filter: (&(objectClass=nisNetgroup)(cn=r2d2netg))
# requesting: cn nisNetgroupTriple 
#

# r2d2netg, netgroup, devldapdom1.lcsc
dn: cn=r2d2netg,ou=netgroup,dc=devldapdom1,dc=lcsc
cn: r2d2netg
nisNetgroupTriple: (r2d2,,)

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

// locate the netgroup by triple -> found too, ok.
jlr@SUSE-LDAP1(52) ldapsearch -x -b "ou=netgroup,dc=devldapdom1,dc=lcsc" -s one
"(&(objectClass=nisNetgroup)(nisNetgroupTriple=\(r2d2,,\)))" cn
# extended LDIF
#
# LDAPv3
# base <ou=netgroup,dc=devldapdom1,dc=lcsc> with scope oneLevel
# filter: (&(objectClass=nisNetgroup)(nisNetgroupTriple=\(r2d2,,\)))
# requesting: cn 
#

# r2d2netg, netgroup, devldapdom1.lcsc
dn: cn=r2d2netg,ou=netgroup,dc=devldapdom1,dc=lcsc
cn: r2d2netg

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1


2) *** Test with slapd 2.3.39 : PROBLEM ***
jlr@newlnxjlr(19) uname -a
Linux newlnxjlr 2.6.18-1.2798.fc6 #1 SMP Mon Oct 16 14:37:32 EDT 2006 i686 i686
i386 GNU/Linux
jlr@newlnxjlr(17) ps -ef |grep slap
ldap      4684     1  0 Dec20 ?        00:00:00 /usr/sbin/slapd -h ldap:/// -u
ldap
jlr@newlnxjlr(18) /usr/sbin/slapd -V
@(#) $OpenLDAP: slapd 2.3.39 (Dec 20 2007 17:00:06) $
        jlr@newlnxjlr:/tmp/openldap-2.3.39/servers/slapd
jlr@newlnxjlr(20) ldapsearch -V
ldapsearch: @(#) $OpenLDAP: ldapsearch 2.3.39 (Dec 20 2007 16:58:50) $
        jlr@newlnxjlr:/tmp/openldap-2.3.39/clients/tools
        (LDAP library: OpenLDAP 20339)
// this server is a replicate of previous one

// locate the netgroup by name -> find r2d2netg with triple (r2d2,,) : OK
jlr@newlnxjlr(24) ldapsearch -x -b "ou=netgroup,dc=devldapdom1,dc=lcsc" -s one
"(&(objectClass=nisNetgroup)(cn=r2d2netg))" cn nisNetgroupTriple
# extended LDIF
#
# LDAPv3
# base <ou=netgroup,dc=devldapdom1,dc=lcsc> with scope oneLevel
# filter: (&(objectClass=nisNetgroup)(cn=r2d2netg))
# requesting: cn nisNetgroupTriple 
#

# r2d2netg, netgroup, devldapdom1.lcsc
dn: cn=r2d2netg,ou=netgroup,dc=devldapdom1,dc=lcsc
cn: r2d2netg
nisNetgroupTriple: (r2d2,,)

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

// locate the netgroup by triple -> NOT FOUND? PROBLEM.
jlr@newlnxjlr(25) ldapsearch -x -b "ou=netgroup,dc=devldapdom1,dc=lcsc" -s one
"(&(objectClass=nisNetgroup)(nisNetgroupTriple=\(r2d2,,\)))" cn
# extended LDIF
#
# LDAPv3
# base <ou=netgroup,dc=devldapdom1,dc=lcsc> with scope oneLevel
# filter: (&(objectClass=nisNetgroup)(nisNetgroupTriple=\(r2d2,,\)))
# requesting: cn 
#

# search result
search: 2
result: 0 Success

# numResponses: 1

// eof
Prev by Date: RE: syncrepl (refreshAndPersist) fails after system date is moved backwards
Next by Date: (ITS#5297) I have a problem when I switch authldap.schema
Index(es):
- Chronological
- Thread