Bug 693522

Summary: nsMatchingRule does not work with multiple values
Product: Red Hat Enterprise Linux 6 Reporter: Rich Megginson <rmeggins>
Component: 389-ds-baseAssignee: Rich Megginson <rmeggins>
Status: CLOSED ERRATA QA Contact: Chandrasekar Kannan <ckannan>
Severity: high Docs Contact:
Priority: high    
Version: 6.1CC: amsharma, benl, dpal, jgalipea, kevinu
Target Milestone: rcKeywords: screened
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 389-ds-base-1.2.8.0-2.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 693455 Environment:
Last Closed: 2011-05-19 08:43:06 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Bug Depends On: 693455    
Bug Blocks: 639035, 656390    

Description Rich Megginson 2011-04-04 17:13:24 EDT
+++ This bug was initially created as a clone of Bug #693455 +++

nsMatchingRule is supposed to be a multi-valued attribute e.g.
nsMatchingRule: 2.16.840.1.113730.3.3.2.15.1
nsMatchingRule: 2.16.840.1.113730.3.3.2.15.1.6
nsMatchingRule: 2.16.840.1.113730.3.3.2.11.1
nsMatchingRule: 2.16.840.1.113730.3.3.2.11.1.6

This does not work.  The server concatenates them all together with no spaces or other delimiters.

--- Additional comment from rmeggins@redhat.com on 2011-04-04 17:12:48 EDT ---

Created attachment 489858 [details]
0003-Bug-693455-nsMatchingRule-does-not-work-with-multipl.patch
Comment 4 Amita Sharma 2011-04-27 07:09:04 EDT
[root@rheltest slapd-rheltest]# ldapmodify -a -D "cn=directory manager" -w Secret123 -p 1389 -h localhost << EOF
> dn: cn=description,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
> nsMatchingRule: 2.16.840.1.113730.3.3.2.15.1
> nsMatchingRule: 2.16.840.1.113730.3.3.2.15.1.6
> nsMatchingRule: 2.16.840.1.113730.3.3.2.11.1
> nsMatchingRule: 2.16.840.1.113730.3.3.2.11.1.6
> nsIndexType: eq
> nsIndexType: pres
> nsIndexType: sub
> nsSystemIndex: false
> objectClass: top
> objectClass: nsIndex
> cn: description
> EOF
adding new entry "cn=description,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"

[root@rheltest slapd-rheltest]# ldapsearch -x -D "cn=directory manager" -w Secret123 -p 1389 -h localhost -b "cn=description,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
# extended LDIF
#
# LDAPv3
# base <cn=description,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# description, index, userRoot, ldbm database, plugins, config
dn: cn=description,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
nsMatchingRule: 2.16.840.1.113730.3.3.2.15.1
nsMatchingRule: 2.16.840.1.113730.3.3.2.15.1.6
nsMatchingRule: 2.16.840.1.113730.3.3.2.11.1
nsMatchingRule: 2.16.840.1.113730.3.3.2.11.1.6
nsIndexType: eq
nsIndexType: pres
nsIndexType: sub
nsSystemIndex: false
objectClass: top
objectClass: nsIndex
cn: description

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1


********************************************************************************
??? Below 2 are also correct????

[root@rheltest slapd-rheltest]# ldapmodify -a -D "cn=directory manager" -w Secret123 -p 1389 -h localhost << EOF
dn: cn=description1,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
nsMatchingRule: 2.16.840.1.113730.3.3.2.15.1 2.16.840.1.113730.3.3.2.15.1.6 2.16.840.1.113730.3.3.2.11.1
nsIndexType: eq
nsIndexType: pres
nsIndexType: sub
nsSystemIndex: false
objectClass: top
objectClass: nsIndex
cn: description1
EOF

adding new entry "cn=description1,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"


[root@rheltest slapd-rheltest]# ldapmodify -a -D "cn=directory manager" -w Secret123 -p 1389 -h localhost << EOF
dn: cn=description2,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
nsMatchingRule: 2.16.840.1.113730.3.3.2.15.1 2.16.840.amitasharma****&&& 1.113730.3.3.2.15.1.6 2.16.840.1.113730.3.3.2.11.1
nsIndexType: eq
nsIndexType: pres
nsIndexType: sub
nsSystemIndex: false
objectClass: top
objectClass: nsIndex
cn: description12
EOF

adding new entry "cn=description2,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"


********************************************************************************
Please guide..
Comment 5 Rich Megginson 2011-04-27 10:12:41 EDT
When adding index entries via LDAP - if there are problems encountered, the errors will be logged to the errors log, but the operation will succeed, with the problematic values ignored.  If you want to see if there are problems, look in the errors log.

The original problem was that 
nsMatchingRule: 2.16.840.1.113730.3.3.2.15.1
nsMatchingRule: 2.16.840.1.113730.3.3.2.15.1.6
nsMatchingRule: 2.16.840.1.113730.3.3.2.11.1
nsMatchingRule: 2.16.840.1.113730.3.3.2.11.1.6
was not handled correctly.

One way to verify is to add the index entry, then search for it to see if it matches what was added.

Another way is to generate the index (using db2index[.pl]) and use dbscan to see if the matching rule indexes were created.
Comment 6 Amita Sharma 2011-04-28 04:52:04 EDT
Hi Rich,

Thanks for guiding, below are the steps I have executed :

1. [root@rheltest slapd-rheltest]# ldapmodify -a -D "cn=directory manager" -w Secret123 -p 1389 -h localhost << EOF
> dn: cn=businesscategory,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
> nsMatchingRule: 2.16.840.1.113730.3.3.2.11.1
> nsMatchingRule: 2.16.840.1.113730.3.3.2.3.1
> nsMatchingRule: 2.16.840.1.113730.3.3.2.17.1
> nsIndexType: eq
> nsIndexType: pres
> nsIndexType: sub
> nsSystemIndex: false
> objectClass: top
> objectClass: nsIndex
> cn: businesscategory
> EOF
adding new entry "cn=businesscategory,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"

2. [root@rheltest slapd-rheltest]# cd /usr/lib64/dirsrv/slapd-rheltest/
[root@rheltest slapd-rheltest]# ./db2index.pl -D "cn=Directory Manager" -w Secret123 -n userRoot -t businesscategory
adding new entry "cn=db2index_2011_4_28_13_45_50, cn=index, cn=tasks, cn=config"

3. [root@rheltest slapd-rheltest]# ldapsearch -x -D "cn=directory manager" -w Secret123 -p 1389 -h localhost -b "cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
# businesscategory, index, userRoot, ldbm database, plugins, config
dn: cn=businesscategory,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=co
 nfig
nsMatchingRule: 2.16.840.1.113730.3.3.2.11.1
nsMatchingRule: 2.16.840.1.113730.3.3.2.3.1
nsMatchingRule: 2.16.840.1.113730.3.3.2.17.1
nsIndexType: eq
nsIndexType: pres
nsIndexType: sub
nsSystemIndex: false
objectClass: top
objectClass: nsIndex
cn: businesscategory

4. But I was not able to find the file "businesscategory.db4". Can you tell why as in case of description attribute, It got created as /var/lib/dirsrv/slapd-rheltest/db/userRoot/description.db4 (In Bug 693519)?

- Thanks
Amita
Comment 7 Rich Megginson 2011-04-28 09:31:44 EDT
(In reply to comment #6)
> 4. But I was not able to find the file "businesscategory.db4". Can you tell why
> as in case of description attribute, It got created as
> /var/lib/dirsrv/slapd-rheltest/db/userRoot/description.db4 (In Bug 693519)?
> 
> - Thanks
> Amita

Did you look for BusinessCategory.db4 or businessCategory.db4?  Do you have businesscategory attributes and values in your database?  Do you have any errors in the error log?  If you use ldif2db to import the database from LDIF, does it correctly create the businesscategory.db4?
Comment 8 Amita Sharma 2011-04-29 02:37:12 EDT
Yeah got it, thanks Rich.

[root@rheltest slapd-rheltest]# ldapmodify -x -h localhost -p 1389 -D "cn=Directory Manager" -w Secret123 << EOF
> dn: uid=amimash,dc=example,dc=com
> changetype: modify
> add: businesscategory
> businesscategory: abcd
> EOF
modifying entry "uid=amimash,dc=example,dc=com"

[root@rheltest slapd-rheltest]# find / -name *.db4 | grep -i BusinessCategory.db4
/var/lib/dirsrv/slapd-rheltest/db/userRoot/businesscategory.db4

Marking the bug as VERIFIED.
Comment 9 errata-xmlrpc 2011-05-19 08:43:06 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2011-0533.html