Bug 918717

Summary: server does not accept 0 length LDAP Control sequence
Product: Red Hat Enterprise Linux 7 Reporter: Nathan Kinder <nkinder>
Component: 389-ds-baseAssignee: Rich Megginson <rmeggins>
Status: CLOSED CURRENTRELEASE QA Contact: Sankar Ramalingam <sramling>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 7.0CC: amsharma, jgalipea, nhosoi, tbordaz
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 389-ds-base-1.3.1.6-14.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-13 12:18:49 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Nathan Kinder 2013-03-06 18:17:08 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/389/ticket/571

If a request is made with LDAP controls attached, but the controls have length 0, the server will err=2, failed to decode LDAP controls.  This worked fine with mozldap but doesn't work with openldap.
Comment 1 Rich Megginson 2013-10-01 23:26:10 UTC 
moving all ON_QA bugs to MODIFIED in order to add them to the errata (can't add bugs in the ON_QA state to an errata).  When the errata is created, the bugs should be automatically moved back to ON_QA.
Comment 9 Amita Sharma 2014-01-09 06:21:09 UTC 
[root@dhcp201-149 perlLDAP]# rpm -qa | grep 389
389-adminutil-1.1.15-3.fc19.1.x86_64
389-admin-1.1.31-1.fc19.2.x86_64
389-admin-console-doc-1.1.8-5.fc19.noarch
389-ds-base-1.3.1.6-14.el7.x86_64
389-console-1.1.7-4.fc19.noarch
389-admin-console-1.1.8-5.fc19.noarch
389-ds-console-doc-1.2.7-2.fc19.noarch
389-dsgw-1.1.10-1.fc19.x86_64
389-ds-base-libs-1.3.1.6-14.el7.x86_64
389-ds-console-1.2.7-2.fc19.noarch
389-ds-1.2.2-4.fc19.noarch


[root@dhcp201-149 perlLDAP]# ./empty_ctrl_list.pl
LDAPsearch(Net::LDAP=HASH(0x24746f8), uid=*, ARRAY(0x24f5618), dc=example,dc=com)
$VAR1 = [
          'cn'
        ];
1result: Net::LDAP::Search=HASH(0x251c0d0)
$VAR1 = undef;


[root@dhcp201-149 ~]# tail -f /var/log/dirsrv/slapd-dhcp201-149/access
[09/Jan/2014:11:28:20 +051800] conn=1 fd=64 slot=64 connection from 10.65.201.149 to 10.65.201.149
[09/Jan/2014:11:28:20 +051800] conn=1 op=0 BIND dn="" method=128 version=3
[09/Jan/2014:11:28:20 +051800] conn=1 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
[09/Jan/2014:11:28:20 +051800] conn=1 op=1 BIND dn="cn=directory manager" method=128 version=3
[09/Jan/2014:11:28:20 +051800] conn=1 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[09/Jan/2014:11:28:20 +051800] conn=1 op=2 SRCH base="dc=example,dc=com" scope=2 filter="(uid=*)" attrs="cn"
[09/Jan/2014:11:28:20 +051800] conn=1 op=2 RESULT err=0 tag=101 nentries=0 etime=0 notes=U
[09/Jan/2014:11:28:20 +051800] conn=1 op=-1 fd=64 closed - B1
Comment 10 Amita Sharma 2014-01-09 06:44:10 UTC 
Automated under ldapbertest - bug963234()

http://dhcp201-149.englab.pnq.redhat.com/qa/archive/ds/90/acceptance/output/Linux/20140109-114925/ldapbertest/ldapbertest.run.out.4127


Executing test bug963234

Completed test bug963234
######################################################################
bug963234: expect=0 actual=0
PASS
Comment 11 Amita Sharma 2014-02-27 10:43:08 UTC 
[root@dhcp201-149 perlLDAP]# ./empty_ctrl_list.pl 
LDAPsearch(Net::LDAP=HASH(0x25b16f8), uid=*, ARRAY(0x2632618), dc=example,dc=com)
$VAR1 = [
          'cn'
        ];
1result: Net::LDAP::Search=HASH(0x26590d0)
$VAR1 = undef;

[root@dhcp201-149 perlLDAP]# tail -f /var/log/dirsrv/slapd-dhcp201-149/access
[27/Feb/2014:15:44:59 +051800] conn=1 op=0 BIND dn="cn=directory Manager" method=128 version=3
[27/Feb/2014:15:44:59 +051800] conn=1 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[27/Feb/2014:15:46:36 +051800] conn=2 fd=65 slot=65 connection from 10.65.201.149 to 10.65.201.149
[27/Feb/2014:15:46:37 +051800] conn=2 op=0 BIND dn="" method=128 version=3
[27/Feb/2014:15:46:37 +051800] conn=2 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
[27/Feb/2014:15:46:37 +051800] conn=2 op=1 BIND dn="cn=directory manager" method=128 version=3
[27/Feb/2014:15:46:37 +051800] conn=2 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[27/Feb/2014:15:46:37 +051800] conn=2 op=2 SRCH base="dc=example,dc=com" scope=2 filter="(uid=*)" attrs="cn"
[27/Feb/2014:15:46:37 +051800] conn=2 op=2 RESULT err=0 tag=101 nentries=0 etime=0 notes=U
[27/Feb/2014:15:46:37 +051800] conn=2 op=-1 fd=65 closed - B1

Executing test bug963234

Completed test bug963234
######################################################################
bug963234: expect=0 actual=0
PASS
######################################################################

[root@dhcp201-149 perlLDAP]# rpm -qa | grep 389
389-adminutil-1.1.15-3.fc19.1.x86_64
389-ds-base-libs-1.3.1.6-21.el7.x86_64
389-ds-base-1.3.1.6-21.el7.x86_64
389-console-1.1.7-4.fc19.noarch
Comment 12 Ludek Smid 2014-06-13 12:18:49 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.