[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: attributeoptions bug?
Aargh. Always wait an hour before sending...
The cn;x-alias entry was a remnant of an earlier test.
The software behaves as it should.
Sorry for bothering you (twice).
Wout
On Mon, Sep 20, 2004 at 10:45:12AM +0200, Wout van Albada wrote:
>
> Hi,
>
> I have the following problem when using attribute options.
> In my configuration file I define two options:
>
> attributeoptions x-alias
> attributeoptions x-ascii
>
> No further attributeoptions are defined.
> Next I modify (with ldapmodify) an entry so it uses the x-ascii option:
>
> dn: fnwiCtrId=4420+uid=rdr,ou=people,dc=science,dc=uva,dc=nl
> changetype: modify
> replace: cn
> cn: René Driessen
> cn;x-ascii: Rene Driessen
>
> I can then search for it as follows:
>
> % ldapsearch -xLLL '(cn=Rene Driessen)' cn
> dn: fnwiCtrId=4420+uid=rdr,ou=people,dc=science,dc=uva,dc=nl
> cn;x-alias: Rene Driessen
> cn:: UmVuw6kgRHJpZXNzZW4=
>
> The problem is that it returns cn with the option x-alias instead of
> x-ascii.
>
> Two remarks:
>
> 1. I have an ACL that should hide the cn;x-ascii attribute for
> the anonymous masses:
>
> access to dn.children=ou=people,dc=science,dc=uva,dc=nl
> attrs=mail;x-alias,cn;x-ascii,sn;x-ascii,initials;x-ascii,givenName;x-ascii
> by dn.base=cn=postfix,ou=admin,dc=science,dc=uva,dc=nl =csr stop
> by dn.base=cn=ctr,ou=admin,dc=science,dc=uva,dc=nl =csrw stop
> by * =cs stop
>
> 2. The x-alias option has been in the database for a while.
> When I added the x-ascii option I encountered this problem.
>
> OpenLDAP version is 2.2.15, BDB backend with BDB
> libs 4.2.52 + 2patches on Solaris 9.
>
> Below is the debugging output from slapd (-d -1).
>
> What am I doing wrong? Should I submit this as a bug?
>
> Regards,
> Wout
>
>
>
> daemon: activity on 1 descriptors
> daemon: new connection on 12
> conn=1 fd=12 ACCEPT from IP=146.50.3.34:35192 (IP=0.0.0.0:389)
> daemon: added 12r
> daemon: activity on:
> daemon: select: listen=7 active_threads=1 tvp=zero
> daemon: activity on 1 descriptors
> daemon: activity on: 12r
> daemon: read activity on 12
> connection_get(12)
> connection_get(12): got connid=1
> connection_read(12): checking for input on id=1
> ber_get_next
> ldap_read: want=8, got=8
> 0000: 30 0c 02 01 01 60 07 02 0....`..
> ldap_read: want=6, got=6
> 0000: 01 03 04 00 80 00 ......
> ber_get_next: tag 0x30 len 12 contents:
> ber_dump: buf=0x00a5e650 ptr=0x00a5e650 end=0x00a5e65c len=12
> 0000: 02 01 01 60 07 02 01 03 04 00 80 00 ...`........
> ber_get_next
> ldap_read: want=8 error=Resource temporarily unavailable
> ber_get_next on fd 12 failed errno=11 (Resource temporarily unavailable)
> do_bind
> ber_scanf fmt ({imt) ber:
> ber_dump: buf=0x00a5e650 ptr=0x00a5e653 end=0x00a5e65c len=9
> 0000: 60 07 02 01 03 04 00 80 00 `........
> ber_scanf fmt (m}) ber:
> ber_dump: buf=0x00a5e650 ptr=0x00a5e65a end=0x00a5e65c len=2
> 0000: 00 00 ..
> >>> dnPrettyNormal: <>
> <<< dnPrettyNormal: <>, <>
> do_bind: version=3 dn="" method=128
> conn=1 op=0 BIND dn="" method=128
> send_ldap_result: conn=1 op=0 p=3
> send_ldap_result: err=0 matched="" text=""
> send_ldap_response: msgid=1 tag=97 err=0
> ber_flush: 14 bytes to sd 12
> 0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........
> ldap_write: want=14, written=14
> 0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........
> conn=1 op=0 RESULT tag=97 err=0 text=
> do_bind: v3 anonymous bind
> daemon: select: listen=7 active_threads=1 tvp=zero
> daemon: activity on 1 descriptors
> daemon: activity on: 12r
> daemon: read activity on 12
> connection_get(12)
> connection_get(12): got connid=1
> connection_read(12): checking for input on id=1
> ber_get_next
> ldap_read: want=8, got=8
> 0000: 30 48 02 01 02 63 43 04 0H...cC.
> ldap_read: want=66, got=66
> 0000: 17 64 63 3d 73 63 69 65 6e 63 65 2c 64 63 3d 75 .dc=science,dc=u
> 0010: 76 61 2c 64 63 3d 6e 6c 0a 01 02 0a 01 00 02 01 va,dc=nl........
> 0020: 00 02 01 00 01 01 00 a3 13 04 02 63 6e 04 0d 52 ...........cn..R
> 0030: 65 6e 65 20 44 72 69 65 73 73 65 6e 30 04 04 02 ene Driessen0...
> 0040: 63 6e cn
> ber_get_next: tag 0x30 len 72 contents:
> ber_dump: buf=0x00a60400 ptr=0x00a60400 end=0x00a60448 len=72
> 0000: 02 01 02 63 43 04 17 64 63 3d 73 63 69 65 6e 63 ...cC..dc=scienc
> 0010: 65 2c 64 63 3d 75 76 61 2c 64 63 3d 6e 6c 0a 01 e,dc=uva,dc=nl..
> 0020: 02 0a 01 00 02 01 00 02 01 00 01 01 00 a3 13 04 ................
> 0030: 02 63 6e 04 0d 52 65 6e 65 20 44 72 69 65 73 73 .cn..Rene Driess
> 0040: 65 6e 30 04 04 02 63 6e en0...cn
> ber_get_next
> ldap_read: want=8 error=Resource temporarily unavailable
> ber_get_next on fd 12 failed errno=11 (Resource temporarily unavailable)
> do_search
> ber_scanf fmt ({miiiib) ber:
> ber_dump: buf=0x00a60400 ptr=0x00a60403 end=0x00a60448 len=69
> 0000: 63 43 04 17 64 63 3d 73 63 69 65 6e 63 65 2c 64 cC..dc=science,d
> 0010: 63 3d 75 76 61 2c 64 63 3d 6e 6c 0a 01 02 0a 01 c=uva,dc=nl.....
> 0020: 00 02 01 00 02 01 00 01 01 00 a3 13 04 02 63 6e ..............cn
> 0030: 04 0d 52 65 6e 65 20 44 72 69 65 73 73 65 6e 30 ..Rene Driessen0
> 0040: 04 04 02 63 6e ...cn
> >>> dnPrettyNormal: <dc=science,dc=uva,dc=nl>
> => ldap_bv2dn(dc=science,dc=uva,dc=nl,0)
> ldap_err2string
> <= ldap_bv2dn(dc=science,dc=uva,dc=nl)=0 Success
> => ldap_dn2bv(272)
> ldap_err2string
> <= ldap_dn2bv(dc=science,dc=uva,dc=nl)=0 Success
> => ldap_dn2bv(272)
> ldap_err2string
> <= ldap_dn2bv(dc=science,dc=uva,dc=nl)=0 Success
> <<< dnPrettyNormal: <dc=science,dc=uva,dc=nl>, <dc=science,dc=uva,dc=nl>
> SRCH "dc=science,dc=uva,dc=nl" 2 0 0 0 0
> begin get_filter
> EQUALITY
> daemon: select: listen=7 active_threads=1 tvp=zero
> ber_scanf fmt ({mm}) ber:
> ber_dump: buf=0x00a60400 ptr=0x00a6042d end=0x00a60448 len=27
> 0000: a3 13 04 02 63 6e 04 0d 52 65 6e 65 20 44 72 69 ....cn..Rene Dri
> 0010: 65 73 73 65 6e 30 04 04 02 63 6e essen0...cn
> end get_filter 0
> filter: (cn=rene driessen)
> ber_scanf fmt ({M}}) ber:
> ber_dump: buf=0x00a60400 ptr=0x00a60442 end=0x00a60448 len=6
> 0000: 00 04 04 02 63 6e ....cn
> attrs: cn
> conn=1 op=1 SRCH base="dc=science,dc=uva,dc=nl" scope=2 deref=0 filter="(cn=rene driessen)"
> conn=1 op=1 SRCH attr=cn
> ==> limits_get: conn=1 op=1 dn="[anonymous]"
> <== limits_get: type=DN match=ANONYMOUS
> => bdb_search
> bdb_dn2entry("dc=science,dc=uva,dc=nl")
> search_candidates: base="dc=science,dc=uva,dc=nl" (0x00000001) scope=2
> => bdb_dn2idl( "dc=science,dc=uva,dc=nl" )
> => bdb_filter_candidates
> AND
> => bdb_list_candidates 0xa0
> => bdb_filter_candidates
> OR
> => bdb_list_candidates 0xa1
> => bdb_filter_candidates
> EQUALITY
> => bdb_equality_candidates (objectClass)
> => key_read
> bdb_idl_fetch_key: [b49d1940]
> <= bdb_index_read: failed (-30990)
> <= bdb_equality_candidates: id=0, first=0, last=0
> <= bdb_filter_candidates: id=0 first=0 last=0
> => bdb_filter_candidates
> EQUALITY
> => bdb_equality_candidates (cn)
> => key_read
> bdb_idl_fetch_key: [5b47773f]
> <= bdb_index_read 1 candidates
> <= bdb_equality_candidates: id=1, first=6577, last=6577
> <= bdb_filter_candidates: id=1 first=6577 last=6577
> <= bdb_list_candidates: id=1 first=6577 last=6577
> <= bdb_filter_candidates: id=1 first=6577 last=6577
> <= bdb_list_candidates: id=1 first=6577 last=6577
> <= bdb_filter_candidates: id=1 first=6577 last=6577
> bdb_search_candidates: id=1 first=6577 last=6577
> => test_filter
> EQUALITY
> => access_allowed: search access to "fnwiCtrId=4420+uid=rdr,ou=people,dc=science,dc=uva,dc=nl" "cn" requested
> => dn: [1] ou=people,dc=science,dc=uva,dc=nl
> => acl_get: [1] matched
> => dn: [2] ou=people,dc=science,dc=uva,dc=nl
> => acl_get: [2] matched
> => dn: [3] ou=people,dc=science,dc=uva,dc=nl
> => acl_get: [3] matched
> => dn: [4] ou=people,dc=science,dc=uva,dc=nl
> => acl_get: [4] matched
> => dn: [5] ou=people,dc=science,dc=uva,dc=nl
> => acl_get: [5] matched
> => dn: [6] ou=people,dc=science,dc=uva,dc=nl
> => acl_get: [6] matched
> => acl_get: [6] attr cn
> => acl_mask: access to entry "fnwiCtrId=4420+uid=rdr,ou=people,dc=science,dc=uva,dc=nl", attr "cn" requested
> => acl_mask: to value by "", (=n)
> <= check a_dn_pat: cn=ctr,ou=admin,dc=science,dc=uva,dc=nl
> <= check a_dn_pat: *
> <= acl_mask: [2] applying =rsc (stop)
> <= acl_mask: [2] mask: =rsc
> => access_allowed: search access granted by =rsc
> <= test_filter 6
> => send_search_entry: dn="fnwiCtrId=4420+uid=rdr,ou=people,dc=science,dc=uva,dc=nl"
> => access_allowed: read access to "fnwiCtrId=4420+uid=rdr,ou=people,dc=science,dc=uva,dc=nl" "entry" requested
> => dn: [1] ou=people,dc=science,dc=uva,dc=nl
> => acl_get: [1] matched
> => dn: [2] ou=people,dc=science,dc=uva,dc=nl
> => acl_get: [2] matched
> => dn: [3] ou=people,dc=science,dc=uva,dc=nl
> => acl_get: [3] matched
> => dn: [4] ou=people,dc=science,dc=uva,dc=nl
> => acl_get: [4] matched
> => dn: [5] ou=people,dc=science,dc=uva,dc=nl
> => acl_get: [5] matched
> => dn: [6] ou=people,dc=science,dc=uva,dc=nl
> => acl_get: [6] matched
> => acl_get: [6] attr entry
> => acl_mask: access to entry "fnwiCtrId=4420+uid=rdr,ou=people,dc=science,dc=uva,dc=nl", attr "entry" requested
> => acl_mask: to all values by "", (=n)
> <= check a_dn_pat: cn=ctr,ou=admin,dc=science,dc=uva,dc=nl
> <= check a_dn_pat: *
> <= acl_mask: [2] applying =rsc (stop)
> <= acl_mask: [2] mask: =rsc
> => access_allowed: read access granted by =rsc
> => access_allowed: read access to "fnwiCtrId=4420+uid=rdr,ou=people,dc=science,dc=uva,dc=nl" "cn;x-alias" requested
> => dn: [1] ou=people,dc=science,dc=uva,dc=nl
> => acl_get: [1] matched
> => dn: [2] ou=people,dc=science,dc=uva,dc=nl
> => acl_get: [2] matched
> => dn: [3] ou=people,dc=science,dc=uva,dc=nl
> => acl_get: [3] matched
> => dn: [4] ou=people,dc=science,dc=uva,dc=nl
> => acl_get: [4] matched
> => dn: [5] ou=people,dc=science,dc=uva,dc=nl
> => acl_get: [5] matched
> => dn: [6] ou=people,dc=science,dc=uva,dc=nl
> => acl_get: [6] matched
> => acl_get: [6] attr cn;x-alias
> access_allowed: no res from state (cn;x-alias)
> => acl_mask: access to entry "fnwiCtrId=4420+uid=rdr,ou=people,dc=science,dc=uva,dc=nl", attr "cn;x-alias" requested
> => acl_mask: to value by "", (=n)
> <= check a_dn_pat: cn=ctr,ou=admin,dc=science,dc=uva,dc=nl
> <= check a_dn_pat: *
> <= acl_mask: [2] applying =rsc (stop)
> <= acl_mask: [2] mask: =rsc
> => access_allowed: read access granted by =rsc
> => access_allowed: read access to "fnwiCtrId=4420+uid=rdr,ou=people,dc=science,dc=uva,dc=nl" "cn" requested
> => dn: [1] ou=people,dc=science,dc=uva,dc=nl
> => acl_get: [1] matched
> => dn: [2] ou=people,dc=science,dc=uva,dc=nl
> => acl_get: [2] matched
> => dn: [3] ou=people,dc=science,dc=uva,dc=nl
> => acl_get: [3] matched
> => dn: [4] ou=people,dc=science,dc=uva,dc=nl
> => acl_get: [4] matched
> => dn: [5] ou=people,dc=science,dc=uva,dc=nl
> => acl_get: [5] matched
> => dn: [6] ou=people,dc=science,dc=uva,dc=nl
> => acl_get: [6] matched
> => acl_get: [6] attr cn
> access_allowed: no res from state (cn)
> => acl_mask: access to entry "fnwiCtrId=4420+uid=rdr,ou=people,dc=science,dc=uva,dc=nl", attr "cn" requested
> => acl_mask: to value by "", (=n)
> <= check a_dn_pat: cn=ctr,ou=admin,dc=science,dc=uva,dc=nl
> <= check a_dn_pat: *
> <= acl_mask: [2] applying =rsc (stop)
> <= acl_mask: [2] mask: =rsc
> => access_allowed: read access granted by =rsc
> => access_allowed: read access to "fnwiCtrId=4420+uid=rdr,ou=people,dc=science,dc=uva,dc=nl" "cn;x-ascii" requested
> => dn: [1] ou=people,dc=science,dc=uva,dc=nl
> => acl_get: [1] matched
> => dn: [2] ou=people,dc=science,dc=uva,dc=nl
> => acl_get: [2] matched
> => dn: [3] ou=people,dc=science,dc=uva,dc=nl
> => acl_get: [3] matched
> => dn: [4] ou=people,dc=science,dc=uva,dc=nl
> => acl_get: [4] matched
> => acl_get: [4] attr cn;x-ascii
> access_allowed: no res from state (cn;x-ascii)
> => acl_mask: access to entry "fnwiCtrId=4420+uid=rdr,ou=people,dc=science,dc=uva,dc=nl", attr "cn;x-ascii" requested
> => acl_mask: to value by "", (=n)
> <= check a_dn_pat: cn=postfix,ou=admin,dc=science,dc=uva,dc=nl
> <= check a_dn_pat: cn=ctr,ou=admin,dc=science,dc=uva,dc=nl
> <= check a_dn_pat: *
> <= acl_mask: [3] applying =sc (stop)
> <= acl_mask: [3] mask: =sc
> => access_allowed: read access denied by =sc
> send_search_entry: conn 1 access to attribute cn;x-ascii, value #0 not allowed
> ber_flush: 122 bytes to sd 12
> 0000: 30 78 02 01 02 64 73 04 38 66 6e 77 69 43 74 72 0x...ds.8fnwiCtr
> 0010: 49 64 3d 34 34 32 30 2b 75 69 64 3d 72 64 72 2c Id=4420+uid=rdr,
> 0020: 6f 75 3d 70 65 6f 70 6c 65 2c 64 63 3d 73 63 69 ou=people,dc=sci
> 0030: 65 6e 63 65 2c 64 63 3d 75 76 61 2c 64 63 3d 6e ence,dc=uva,dc=n
> 0040: 6c 30 37 30 1d 04 0a 63 6e 3b 78 2d 61 6c 69 61 l070...cn;x-alia
> 0050: 73 31 0f 04 0d 52 65 6e 65 20 44 72 69 65 73 73 s1...Rene Driess
> 0060: 65 6e 30 16 04 02 63 6e 31 10 04 0e 52 65 6e c3 en0...cn1...Ren.
> 0070: a9 20 44 72 69 65 73 73 65 6e . Driessen
> ldap_write: want=122, written=122
> 0000: 30 78 02 01 02 64 73 04 38 66 6e 77 69 43 74 72 0x...ds.8fnwiCtr
> 0010: 49 64 3d 34 34 32 30 2b 75 69 64 3d 72 64 72 2c Id=4420+uid=rdr,
> 0020: 6f 75 3d 70 65 6f 70 6c 65 2c 64 63 3d 73 63 69 ou=people,dc=sci
> 0030: 65 6e 63 65 2c 64 63 3d 75 76 61 2c 64 63 3d 6e ence,dc=uva,dc=n
> 0040: 6c 30 37 30 1d 04 0a 63 6e 3b 78 2d 61 6c 69 61 l070...cn;x-alia
> 0050: 73 31 0f 04 0d 52 65 6e 65 20 44 72 69 65 73 73 s1...Rene Driess
> 0060: 65 6e 30 16 04 02 63 6e 31 10 04 0e 52 65 6e c3 en0...cn1...Ren.
> 0070: a9 20 44 72 69 65 73 73 65 6e . Driessen
> conn=1 op=1 ENTRY dn="fnwiCtrId=4420+uid=rdr,ou=people,dc=science,dc=uva,dc=nl"
> <= send_search_entry
> send_ldap_result: conn=1 op=1 p=3
> send_ldap_result: err=0 matched="" text=""
> send_ldap_response: msgid=2 tag=101 err=0
> ber_flush: 14 bytes to sd 12
> 0000: 30 0c 02 01 02 65 07 0a 01 00 04 00 04 00 0....e........
> ldap_write: want=14, written=14
> 0000: 30 0c 02 01 02 65 07 0a 01 00 04 00 04 00 0....e........
> conn=1 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
> daemon: activity on 1 descriptors
> daemon: activity on: 12r
> daemon: read activity on 12
> connection_get(12)
> connection_get(12): got connid=1
> connection_read(12): checking for input on id=1
> ber_get_next
> ldap_read: want=8, got=7
> 0000: 30 05 02 01 03 42 00 0....B.
> ber_get_next: tag 0x30 len 5 contents:
> ber_dump: buf=0x000ef4e8 ptr=0x000ef4e8 end=0x000ef4ed len=5
> 0000: 02 01 03 42 00 ...B.
> ber_get_next
> ldap_read: want=8, got=0
>
> ber_get_next on fd 12 failed errno=0 (Error 0)
> connection_read(12): input error=-2 id=1, closing.
> connection_closing: readying conn=1 sd=12 for close
> connection_close: deferring conn=1 sd=12
> do_unbind
> conn=1 op=2 UNBIND
> connection_resched: attempting closing conn=1 sd=12
> connection_close: conn=1 sd=12
> daemon: removing 12
> conn=1 fd=12 closed
> daemon: select: listen=7 active_threads=0 tvp=NULL
> daemon: activity on 1 descriptors
> daemon: select: listen=7 active_threads=0 tvp=NULL