Bug 1057803 - logconv errors when search has invalid bind dn
Summary: logconv errors when search has invalid bind dn
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: 389-ds-base
Version: 7.0
Hardware: Unspecified
OS: Unspecified
low
unspecified
Target Milestone: rc
: ---
Assignee: Rich Megginson
QA Contact: Viktor Ashirov
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-01-24 23:36 UTC by Noriko Hosoi
Modified: 2015-03-05 09:33 UTC (History)
1 user (show)

Fixed In Version: 389-ds-base-1.3.3.1-1.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-03-05 09:33:37 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:0416 normal SHIPPED_LIVE Important: 389-ds-base security, bug fix, and enhancement update 2015-03-05 14:26:33 UTC

Description Noriko Hosoi 2014-01-24 23:36:08 UTC
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/389/ticket/47675

If there is a search request with an invalid base dn, the access log will look like this:

[01/Jan/2014:23:23:23 -0800] conn=1 op=1 SRCH dn="uid=,ou=people,dc=example,dc=com" authzid="(null)", invalid dn
[01/Jan/2014:23:23:23 -0800] conn=1 op=1 RESULT err=34 tag=101 nentries=0 etime=0

This causes logconv.pl to report uninitialized variable use.  It doesn't know how to parse the authzid and invalid dn parts.

Comment 2 Amita Sharma 2014-12-29 10:50:42 UTC
[root@dhcp201-126 ~]# ldapsearch -LLL -D "cn=directory manager" -w Secret123 -p 389 -h localhost -b  dn="uid=,ou=people,dc=example12,dc=com"
No such object (32)


Access Logs
==============
[29/Dec/2014:16:19:42 +051800] conn=18 fd=64 slot=64 connection from ::1 to ::1
[29/Dec/2014:16:19:42 +051800] conn=18 op=0 BIND dn="cn=directory manager" method=128 version=3
[29/Dec/2014:16:19:42 +051800] conn=18 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[29/Dec/2014:16:19:42 +051800] conn=18 op=1 SRCH base="dn=uid=,ou=people,dc=example,dc=com" scope=2 filter="(objectClass=*)" attrs=ALL
[29/Dec/2014:16:19:42 +051800] conn=18 op=1 RESULT err=32 tag=101 nentries=0 etime=0
[29/Dec/2014:16:19:42 +051800] conn=18 op=2 UNBIND
[29/Dec/2014:16:19:42 +051800] conn=18 op=2 fd=64 closed - U1
[29/Dec/2014:16:20:04 +051800] conn=19 fd=64 slot=64 connection from ::1 to ::1
[29/Dec/2014:16:20:04 +051800] conn=19 op=0 BIND dn="cn=directory manager" method=128 version=3
[29/Dec/2014:16:20:04 +051800] conn=19 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[29/Dec/2014:16:20:04 +051800] conn=19 op=1 SRCH base="dn=uid=,ou=people,dc=example12,dc=com" scope=2 filter="(objectClass=*)" attrs=ALL
[29/Dec/2014:16:20:04 +051800] conn=19 op=1 RESULT err=32 tag=101 nentries=0 etime=0
[29/Dec/2014:16:20:04 +051800] conn=19 op=2 UNBIND
[29/Dec/2014:16:20:04 +051800] conn=19 op=2 fd=64 closed - U1

Logs don't have authzid and invalid dn parts, hence marking VERIFIED.

Comment 4 errata-xmlrpc 2015-03-05 09:33:37 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0416.html


Note You need to log in before you can comment on or make changes to this bug.