[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
attributeoptions bug?
Hi,
I have the following problem when using attribute options.
In my configuration file I define two options:
attributeoptions x-alias
attributeoptions x-ascii
No further attributeoptions are defined.
Next I modify (with ldapmodify) an entry so it uses the x-ascii option:
dn: fnwiCtrId=4420+uid=rdr,ou=people,dc=science,dc=uva,dc=nl
changetype: modify
replace: cn
cn: René Driessen
cn;x-ascii: Rene Driessen
I can then search for it as follows:
% ldapsearch -xLLL '(cn=Rene Driessen)' cn
dn: fnwiCtrId=4420+uid=rdr,ou=people,dc=science,dc=uva,dc=nl
cn;x-alias: Rene Driessen
cn:: UmVuw6kgRHJpZXNzZW4=
The problem is that it returns cn with the option x-alias instead of
x-ascii.
Two remarks:
1. I have an ACL that should hide the cn;x-ascii attribute for
the anonymous masses:
access to dn.children=ou=people,dc=science,dc=uva,dc=nl
attrs=mail;x-alias,cn;x-ascii,sn;x-ascii,initials;x-ascii,givenName;x-ascii
by dn.base=cn=postfix,ou=admin,dc=science,dc=uva,dc=nl =csr stop
by dn.base=cn=ctr,ou=admin,dc=science,dc=uva,dc=nl =csrw stop
by * =cs stop
2. The x-alias option has been in the database for a while.
When I added the x-ascii option I encountered this problem.
OpenLDAP version is 2.2.15, BDB backend with BDB
libs 4.2.52 + 2patches on Solaris 9.
Below is the debugging output from slapd (-d -1).
What am I doing wrong? Should I submit this as a bug?
Regards,
Wout
daemon: activity on 1 descriptors
daemon: new connection on 12
conn=1 fd=12 ACCEPT from IP=146.50.3.34:35192 (IP=0.0.0.0:389)
daemon: added 12r
daemon: activity on:
daemon: select: listen=7 active_threads=1 tvp=zero
daemon: activity on 1 descriptors
daemon: activity on: 12r
daemon: read activity on 12
connection_get(12)
connection_get(12): got connid=1
connection_read(12): checking for input on id=1
ber_get_next
ldap_read: want=8, got=8
0000: 30 0c 02 01 01 60 07 02 0....`..
ldap_read: want=6, got=6
0000: 01 03 04 00 80 00 ......
ber_get_next: tag 0x30 len 12 contents:
ber_dump: buf=0x00a5e650 ptr=0x00a5e650 end=0x00a5e65c len=12
0000: 02 01 01 60 07 02 01 03 04 00 80 00 ...`........
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
ber_get_next on fd 12 failed errno=11 (Resource temporarily unavailable)
do_bind
ber_scanf fmt ({imt) ber:
ber_dump: buf=0x00a5e650 ptr=0x00a5e653 end=0x00a5e65c len=9
0000: 60 07 02 01 03 04 00 80 00 `........
ber_scanf fmt (m}) ber:
ber_dump: buf=0x00a5e650 ptr=0x00a5e65a end=0x00a5e65c len=2
0000: 00 00 ..
>>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
do_bind: version=3 dn="" method=128
conn=1 op=0 BIND dn="" method=128
send_ldap_result: conn=1 op=0 p=3
send_ldap_result: err=0 matched="" text=""
send_ldap_response: msgid=1 tag=97 err=0
ber_flush: 14 bytes to sd 12
0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........
ldap_write: want=14, written=14
0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........
conn=1 op=0 RESULT tag=97 err=0 text=
do_bind: v3 anonymous bind
daemon: select: listen=7 active_threads=1 tvp=zero
daemon: activity on 1 descriptors
daemon: activity on: 12r
daemon: read activity on 12
connection_get(12)
connection_get(12): got connid=1
connection_read(12): checking for input on id=1
ber_get_next
ldap_read: want=8, got=8
0000: 30 48 02 01 02 63 43 04 0H...cC.
ldap_read: want=66, got=66
0000: 17 64 63 3d 73 63 69 65 6e 63 65 2c 64 63 3d 75 .dc=science,dc=u
0010: 76 61 2c 64 63 3d 6e 6c 0a 01 02 0a 01 00 02 01 va,dc=nl........
0020: 00 02 01 00 01 01 00 a3 13 04 02 63 6e 04 0d 52 ...........cn..R
0030: 65 6e 65 20 44 72 69 65 73 73 65 6e 30 04 04 02 ene Driessen0...
0040: 63 6e cn
ber_get_next: tag 0x30 len 72 contents:
ber_dump: buf=0x00a60400 ptr=0x00a60400 end=0x00a60448 len=72
0000: 02 01 02 63 43 04 17 64 63 3d 73 63 69 65 6e 63 ...cC..dc=scienc
0010: 65 2c 64 63 3d 75 76 61 2c 64 63 3d 6e 6c 0a 01 e,dc=uva,dc=nl..
0020: 02 0a 01 00 02 01 00 02 01 00 01 01 00 a3 13 04 ................
0030: 02 63 6e 04 0d 52 65 6e 65 20 44 72 69 65 73 73 .cn..Rene Driess
0040: 65 6e 30 04 04 02 63 6e en0...cn
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
ber_get_next on fd 12 failed errno=11 (Resource temporarily unavailable)
do_search
ber_scanf fmt ({miiiib) ber:
ber_dump: buf=0x00a60400 ptr=0x00a60403 end=0x00a60448 len=69
0000: 63 43 04 17 64 63 3d 73 63 69 65 6e 63 65 2c 64 cC..dc=science,d
0010: 63 3d 75 76 61 2c 64 63 3d 6e 6c 0a 01 02 0a 01 c=uva,dc=nl.....
0020: 00 02 01 00 02 01 00 01 01 00 a3 13 04 02 63 6e ..............cn
0030: 04 0d 52 65 6e 65 20 44 72 69 65 73 73 65 6e 30 ..Rene Driessen0
0040: 04 04 02 63 6e ...cn
>>> dnPrettyNormal: <dc=science,dc=uva,dc=nl>
=> ldap_bv2dn(dc=science,dc=uva,dc=nl,0)
ldap_err2string
<= ldap_bv2dn(dc=science,dc=uva,dc=nl)=0 Success
=> ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(dc=science,dc=uva,dc=nl)=0 Success
=> ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(dc=science,dc=uva,dc=nl)=0 Success
<<< dnPrettyNormal: <dc=science,dc=uva,dc=nl>, <dc=science,dc=uva,dc=nl>
SRCH "dc=science,dc=uva,dc=nl" 2 0 0 0 0
begin get_filter
EQUALITY
daemon: select: listen=7 active_threads=1 tvp=zero
ber_scanf fmt ({mm}) ber:
ber_dump: buf=0x00a60400 ptr=0x00a6042d end=0x00a60448 len=27
0000: a3 13 04 02 63 6e 04 0d 52 65 6e 65 20 44 72 69 ....cn..Rene Dri
0010: 65 73 73 65 6e 30 04 04 02 63 6e essen0...cn
end get_filter 0
filter: (cn=rene driessen)
ber_scanf fmt ({M}}) ber:
ber_dump: buf=0x00a60400 ptr=0x00a60442 end=0x00a60448 len=6
0000: 00 04 04 02 63 6e ....cn
attrs: cn
conn=1 op=1 SRCH base="dc=science,dc=uva,dc=nl" scope=2 deref=0 filter="(cn=rene driessen)"
conn=1 op=1 SRCH attr=cn
==> limits_get: conn=1 op=1 dn="[anonymous]"
<== limits_get: type=DN match=ANONYMOUS
=> bdb_search
bdb_dn2entry("dc=science,dc=uva,dc=nl")
search_candidates: base="dc=science,dc=uva,dc=nl" (0x00000001) scope=2
=> bdb_dn2idl( "dc=science,dc=uva,dc=nl" )
=> bdb_filter_candidates
AND
=> bdb_list_candidates 0xa0
=> bdb_filter_candidates
OR
=> bdb_list_candidates 0xa1
=> bdb_filter_candidates
EQUALITY
=> bdb_equality_candidates (objectClass)
=> key_read
bdb_idl_fetch_key: [b49d1940]
<= bdb_index_read: failed (-30990)
<= bdb_equality_candidates: id=0, first=0, last=0
<= bdb_filter_candidates: id=0 first=0 last=0
=> bdb_filter_candidates
EQUALITY
=> bdb_equality_candidates (cn)
=> key_read
bdb_idl_fetch_key: [5b47773f]
<= bdb_index_read 1 candidates
<= bdb_equality_candidates: id=1, first=6577, last=6577
<= bdb_filter_candidates: id=1 first=6577 last=6577
<= bdb_list_candidates: id=1 first=6577 last=6577
<= bdb_filter_candidates: id=1 first=6577 last=6577
<= bdb_list_candidates: id=1 first=6577 last=6577
<= bdb_filter_candidates: id=1 first=6577 last=6577
bdb_search_candidates: id=1 first=6577 last=6577
=> test_filter
EQUALITY
=> access_allowed: search access to "fnwiCtrId=4420+uid=rdr,ou=people,dc=science,dc=uva,dc=nl" "cn" requested
=> dn: [1] ou=people,dc=science,dc=uva,dc=nl
=> acl_get: [1] matched
=> dn: [2] ou=people,dc=science,dc=uva,dc=nl
=> acl_get: [2] matched
=> dn: [3] ou=people,dc=science,dc=uva,dc=nl
=> acl_get: [3] matched
=> dn: [4] ou=people,dc=science,dc=uva,dc=nl
=> acl_get: [4] matched
=> dn: [5] ou=people,dc=science,dc=uva,dc=nl
=> acl_get: [5] matched
=> dn: [6] ou=people,dc=science,dc=uva,dc=nl
=> acl_get: [6] matched
=> acl_get: [6] attr cn
=> acl_mask: access to entry "fnwiCtrId=4420+uid=rdr,ou=people,dc=science,dc=uva,dc=nl", attr "cn" requested
=> acl_mask: to value by "", (=n)
<= check a_dn_pat: cn=ctr,ou=admin,dc=science,dc=uva,dc=nl
<= check a_dn_pat: *
<= acl_mask: [2] applying =rsc (stop)
<= acl_mask: [2] mask: =rsc
=> access_allowed: search access granted by =rsc
<= test_filter 6
=> send_search_entry: dn="fnwiCtrId=4420+uid=rdr,ou=people,dc=science,dc=uva,dc=nl"
=> access_allowed: read access to "fnwiCtrId=4420+uid=rdr,ou=people,dc=science,dc=uva,dc=nl" "entry" requested
=> dn: [1] ou=people,dc=science,dc=uva,dc=nl
=> acl_get: [1] matched
=> dn: [2] ou=people,dc=science,dc=uva,dc=nl
=> acl_get: [2] matched
=> dn: [3] ou=people,dc=science,dc=uva,dc=nl
=> acl_get: [3] matched
=> dn: [4] ou=people,dc=science,dc=uva,dc=nl
=> acl_get: [4] matched
=> dn: [5] ou=people,dc=science,dc=uva,dc=nl
=> acl_get: [5] matched
=> dn: [6] ou=people,dc=science,dc=uva,dc=nl
=> acl_get: [6] matched
=> acl_get: [6] attr entry
=> acl_mask: access to entry "fnwiCtrId=4420+uid=rdr,ou=people,dc=science,dc=uva,dc=nl", attr "entry" requested
=> acl_mask: to all values by "", (=n)
<= check a_dn_pat: cn=ctr,ou=admin,dc=science,dc=uva,dc=nl
<= check a_dn_pat: *
<= acl_mask: [2] applying =rsc (stop)
<= acl_mask: [2] mask: =rsc
=> access_allowed: read access granted by =rsc
=> access_allowed: read access to "fnwiCtrId=4420+uid=rdr,ou=people,dc=science,dc=uva,dc=nl" "cn;x-alias" requested
=> dn: [1] ou=people,dc=science,dc=uva,dc=nl
=> acl_get: [1] matched
=> dn: [2] ou=people,dc=science,dc=uva,dc=nl
=> acl_get: [2] matched
=> dn: [3] ou=people,dc=science,dc=uva,dc=nl
=> acl_get: [3] matched
=> dn: [4] ou=people,dc=science,dc=uva,dc=nl
=> acl_get: [4] matched
=> dn: [5] ou=people,dc=science,dc=uva,dc=nl
=> acl_get: [5] matched
=> dn: [6] ou=people,dc=science,dc=uva,dc=nl
=> acl_get: [6] matched
=> acl_get: [6] attr cn;x-alias
access_allowed: no res from state (cn;x-alias)
=> acl_mask: access to entry "fnwiCtrId=4420+uid=rdr,ou=people,dc=science,dc=uva,dc=nl", attr "cn;x-alias" requested
=> acl_mask: to value by "", (=n)
<= check a_dn_pat: cn=ctr,ou=admin,dc=science,dc=uva,dc=nl
<= check a_dn_pat: *
<= acl_mask: [2] applying =rsc (stop)
<= acl_mask: [2] mask: =rsc
=> access_allowed: read access granted by =rsc
=> access_allowed: read access to "fnwiCtrId=4420+uid=rdr,ou=people,dc=science,dc=uva,dc=nl" "cn" requested
=> dn: [1] ou=people,dc=science,dc=uva,dc=nl
=> acl_get: [1] matched
=> dn: [2] ou=people,dc=science,dc=uva,dc=nl
=> acl_get: [2] matched
=> dn: [3] ou=people,dc=science,dc=uva,dc=nl
=> acl_get: [3] matched
=> dn: [4] ou=people,dc=science,dc=uva,dc=nl
=> acl_get: [4] matched
=> dn: [5] ou=people,dc=science,dc=uva,dc=nl
=> acl_get: [5] matched
=> dn: [6] ou=people,dc=science,dc=uva,dc=nl
=> acl_get: [6] matched
=> acl_get: [6] attr cn
access_allowed: no res from state (cn)
=> acl_mask: access to entry "fnwiCtrId=4420+uid=rdr,ou=people,dc=science,dc=uva,dc=nl", attr "cn" requested
=> acl_mask: to value by "", (=n)
<= check a_dn_pat: cn=ctr,ou=admin,dc=science,dc=uva,dc=nl
<= check a_dn_pat: *
<= acl_mask: [2] applying =rsc (stop)
<= acl_mask: [2] mask: =rsc
=> access_allowed: read access granted by =rsc
=> access_allowed: read access to "fnwiCtrId=4420+uid=rdr,ou=people,dc=science,dc=uva,dc=nl" "cn;x-ascii" requested
=> dn: [1] ou=people,dc=science,dc=uva,dc=nl
=> acl_get: [1] matched
=> dn: [2] ou=people,dc=science,dc=uva,dc=nl
=> acl_get: [2] matched
=> dn: [3] ou=people,dc=science,dc=uva,dc=nl
=> acl_get: [3] matched
=> dn: [4] ou=people,dc=science,dc=uva,dc=nl
=> acl_get: [4] matched
=> acl_get: [4] attr cn;x-ascii
access_allowed: no res from state (cn;x-ascii)
=> acl_mask: access to entry "fnwiCtrId=4420+uid=rdr,ou=people,dc=science,dc=uva,dc=nl", attr "cn;x-ascii" requested
=> acl_mask: to value by "", (=n)
<= check a_dn_pat: cn=postfix,ou=admin,dc=science,dc=uva,dc=nl
<= check a_dn_pat: cn=ctr,ou=admin,dc=science,dc=uva,dc=nl
<= check a_dn_pat: *
<= acl_mask: [3] applying =sc (stop)
<= acl_mask: [3] mask: =sc
=> access_allowed: read access denied by =sc
send_search_entry: conn 1 access to attribute cn;x-ascii, value #0 not allowed
ber_flush: 122 bytes to sd 12
0000: 30 78 02 01 02 64 73 04 38 66 6e 77 69 43 74 72 0x...ds.8fnwiCtr
0010: 49 64 3d 34 34 32 30 2b 75 69 64 3d 72 64 72 2c Id=4420+uid=rdr,
0020: 6f 75 3d 70 65 6f 70 6c 65 2c 64 63 3d 73 63 69 ou=people,dc=sci
0030: 65 6e 63 65 2c 64 63 3d 75 76 61 2c 64 63 3d 6e ence,dc=uva,dc=n
0040: 6c 30 37 30 1d 04 0a 63 6e 3b 78 2d 61 6c 69 61 l070...cn;x-alia
0050: 73 31 0f 04 0d 52 65 6e 65 20 44 72 69 65 73 73 s1...Rene Driess
0060: 65 6e 30 16 04 02 63 6e 31 10 04 0e 52 65 6e c3 en0...cn1...Ren.
0070: a9 20 44 72 69 65 73 73 65 6e . Driessen
ldap_write: want=122, written=122
0000: 30 78 02 01 02 64 73 04 38 66 6e 77 69 43 74 72 0x...ds.8fnwiCtr
0010: 49 64 3d 34 34 32 30 2b 75 69 64 3d 72 64 72 2c Id=4420+uid=rdr,
0020: 6f 75 3d 70 65 6f 70 6c 65 2c 64 63 3d 73 63 69 ou=people,dc=sci
0030: 65 6e 63 65 2c 64 63 3d 75 76 61 2c 64 63 3d 6e ence,dc=uva,dc=n
0040: 6c 30 37 30 1d 04 0a 63 6e 3b 78 2d 61 6c 69 61 l070...cn;x-alia
0050: 73 31 0f 04 0d 52 65 6e 65 20 44 72 69 65 73 73 s1...Rene Driess
0060: 65 6e 30 16 04 02 63 6e 31 10 04 0e 52 65 6e c3 en0...cn1...Ren.
0070: a9 20 44 72 69 65 73 73 65 6e . Driessen
conn=1 op=1 ENTRY dn="fnwiCtrId=4420+uid=rdr,ou=people,dc=science,dc=uva,dc=nl"
<= send_search_entry
send_ldap_result: conn=1 op=1 p=3
send_ldap_result: err=0 matched="" text=""
send_ldap_response: msgid=2 tag=101 err=0
ber_flush: 14 bytes to sd 12
0000: 30 0c 02 01 02 65 07 0a 01 00 04 00 04 00 0....e........
ldap_write: want=14, written=14
0000: 30 0c 02 01 02 65 07 0a 01 00 04 00 04 00 0....e........
conn=1 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
daemon: activity on 1 descriptors
daemon: activity on: 12r
daemon: read activity on 12
connection_get(12)
connection_get(12): got connid=1
connection_read(12): checking for input on id=1
ber_get_next
ldap_read: want=8, got=7
0000: 30 05 02 01 03 42 00 0....B.
ber_get_next: tag 0x30 len 5 contents:
ber_dump: buf=0x000ef4e8 ptr=0x000ef4e8 end=0x000ef4ed len=5
0000: 02 01 03 42 00 ...B.
ber_get_next
ldap_read: want=8, got=0
ber_get_next on fd 12 failed errno=0 (Error 0)
connection_read(12): input error=-2 id=1, closing.
connection_closing: readying conn=1 sd=12 for close
connection_close: deferring conn=1 sd=12
do_unbind
conn=1 op=2 UNBIND
connection_resched: attempting closing conn=1 sd=12
connection_close: conn=1 sd=12
daemon: removing 12
conn=1 fd=12 closed
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=7 active_threads=0 tvp=NULL