RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1070720 - rsearch filter error on any search filter
Summary: rsearch filter error on any search filter
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: 389-ds-base
Version: 6.5
Hardware: All
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: mreynolds
QA Contact: Sankar Ramalingam
URL:
Whiteboard:
Depends On:
Blocks: 1108881
TreeView+ depends on / blocked
 
Reported: 2014-02-27 12:37 UTC by Pavel Moravec
Modified: 2020-09-13 20:58 UTC (History)
9 users (show)

Fixed In Version: 389-ds-base-1.2.11.15-34.el6
Doc Type: Bug Fix
Doc Text:
Cause: Using the "-f" filter option Consequence: The tool returns a filter syntax error Fix: This is partially a documentation issue, but there was a code change needed to make sure the filter was properly evaluated. Result: The tool works correctly when using the "-f" filter option.
Clone Of:
: 1108881 (view as bug list)
Environment:
Last Closed: 2014-10-14 07:53:09 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
patch for rsearch filter bug (1.48 KB, patch)
2014-02-28 11:16 UTC, Martin Poole 		no flags Details | Diff
View All


Links
System ID Private Priority Status Summary Last Updated
Github 389ds 389-ds-base issues 1056 0 None None None 2020-09-13 20:58:32 UTC
Red Hat Product Errata RHBA-2014:1385 0 normal SHIPPED_LIVE 389-ds-base bug fix and enhancement update 2014-10-14 01:27:42 UTC

Description Pavel Moravec 2014-02-27 12:37:41 UTC 
Description of problem:
Any attempt to run rsearch with a filter fails with error=0xFFFFFFF9 (i.e. LDAP_FILTER_ERROR (-7)).


Version-Release number of selected component (if applicable):
389-ds-base-1.2.11.15-31.el6_5.x86_64


How reproducible:
100%


Steps to Reproduce:
rsearch -D "cn=Directory Manager" -w admin123 -s "dc=brq,dc=redhat,dc=com" -f "ou=people"
rsearch -D "cn=Directory Manager" -w admin123 -s "dc=brq,dc=redhat,dc=com" -f "ou=Groups"
rsearch -D "cn=Directory Manager" -w admin123 -s "dc=brq,dc=redhat,dc=com" -f "uid=joe"
(whatever filter used; scope is the db suffix here)


Actual results:
1) rsearch output:
rsearch: 1 threads launched.

T1: failed to search 2, error=0xFFFFFFF9
20140227 12:29:01 - Rate:    0.00/thr (  0.00/sec =    infms/op), total:     0 (1 thr)
T1 no heartbeat (waiting)
20140227 12:29:11 - Rate:    0.00/thr (  0.00/sec =    infms/op), total:     0 (1 thr)
T1 no heartbeat -- Dead thread being reaped.
20140227 12:29:21 - Rate:    -nan/thr (  0.00/sec =    infms/op), total:     0 (0 thr)
All threads died. (?)

2) access log of directory server logs only:
[27/Feb/2014:12:28:50 +0100] conn=32681 fd=64 slot=64 connection from ::1 to ::1
[27/Feb/2014:12:28:50 +0100] conn=32681 op=0 BIND dn="cn=Directory Manager" method=128 version=2
[27/Feb/2014:12:28:50 +0100] conn=32681 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[27/Feb/2014:12:29:20 +0100] conn=32681 op=-1 fd=64 closed - B1

i.e. no SRCH operation


Expected results:
(no such error)

SRCH operation in DirServer access log


Additional info:
seems no rsearch option (like -o, -S or so) has an effect to the behaviour
Comment 2 Nathan Kinder 2014-02-27 18:51:51 UTC 
The problem here is that a NULL gets added onto the end of the search filter in the rsearch code:

-------------------------------------------------------------
390	        sprintf(filterBuffer, "%s%s", filter, s);
(gdb) p s
$5 = 0x0
(gdb) p filter
$6 = 0x7fffffffe356 "(ou=people)"
(gdb) n
391	        pFilter = filterBuffer;
(gdb) p filterBuffer
$7 = "(ou=people)(null)", '\000' <repeats 80 times>"\367, ", <incomplete sequence \365>
-------------------------------------------------------------

The fix is simple:

--- a/ldap/servers/slapd/tools/rsearch/searchthread.c
+++ b/ldap/servers/slapd/tools/rsearch/searchthread.c
@@ -387,7 +387,7 @@ static int st_search(SearchThread *st)
             sprintf(num, "%d", get_large_random_number() % numeric);
             s = num;
         }
-        sprintf(filterBuffer, "%s%s", filter, s);
+        sprintf(filterBuffer, "%s%s", filter, s ? s : "");
         pFilter = filterBuffer;
     } else {
         pFilter = filter;
Comment 3 Nathan Kinder 2014-02-27 19:09:23 UTC 
Upstream ticket:
https://fedorahosted.org/389/ticket/47722
Comment 4 Pavel Moravec 2014-02-28 08:12:22 UTC 
I was told by Martin Poole that rsearch filter syntax is different (than what is in [1]). Instead of:

rsearch -D "cn=Directory Manager" -w admin123 -s "dc=brq,dc=redhat,dc=com" -f "ou=people"

there should be command:

echo people > people.txt
rsearch -D "cn=Directory Manager" -w admin123 -s "dc=brq,dc=redhat,dc=com" -f "ou=" -i people.txt

Option -f should be used together with -i <table_file> or -n <number>
(both documentation and "rsearch --help" say -n is reserved, but apparently it works)

Nathan's fix allows to provide the value directly in the filter, i.e.

-f "ou=123"

to work as

-f "ou=" -n 123
(or equivalently with -i file_with_123)


Not sure if that improvement is desired (from my perspective yes, it simplifies rsearch usage). In either case, documentation [1] needs to be updated:

1) examples there that dont work either with our without the fix.
2) without the fix, I would like to see there "if -f is used, use -i"
3) clarify if -n is supported or not (it is "reserved" per docs but apparently works..)


[1] https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Configuration_Command_and_File_Reference/rsearch.html#rsearch-usage
Comment 6 Martin Poole 2014-02-28 11:16:29 UTC 
Created attachment 868988 [details]
patch for rsearch filter bug
Comment 10 mreynolds 2014-03-11 19:45:38 UTC 
Ok, this is fixed upstream.  I've follow Martin's direction for the new fix.  The main difference is that I removed all the fixed size buffers, instead of expanding them.
Comment 21 mreynolds 2014-04-01 21:09:41 UTC 
Actually it is working fine, but the documentation is wrong.

The "-i" option has a very specific usage.

So the name file(lista-de-emails), is only supposed to contain the filter value:

user1
user2

And it only works with filters (-f) that end in "="

uid=
sn=
someAttr=

This also means that you can not use compound filters when using "-i".  Internally all it does is append the value from the file to the end of the filter.

Note that the print formatting does not work, so using %s doesn't do anything, in fact it also gets appended as well:

-f "uid=%s" gets converted to "uid=%suser1".

So the usage must be:

-f 'uid=' which will get converted to 'uid=user1'

Correct usage:

rsearch -D "cn=directory manager" -w password -s "dc=example,dc=com" -f 'uid=' -i /tmp/filter.txt
Comment 27 mreynolds 2014-06-19 15:14:40 UTC 
Verification steps:

[1] Create file (/tmp/filter.txt) with these contents:
user1
user2
user3

[2]  rsearch -D "cn=directory manager" -w password -s "dc=example,dc=com" -f 'uid=' -i /tmp/filter.txt

[3]  There should not bey errors like:  error=0xFFFFFFF9
Comment 28 Amita Sharma 2014-06-23 08:29:06 UTC 
Hey Mark,

I am getting the error while executing given steps with below bits::

[root@dhcp201-155 ~]# rpm -qa | grep 389
389-admin-1.1.34-1.el6.x86_64
389-adminutil-1.1.17-1.el6.x86_64
389-ds-console-1.2.7-1.el6.noarch
389-ds-base-debuginfo-1.2.11.15-35.el6.x86_64
389-ds-base-libs-1.2.11.15-35.el6.x86_64
389-ds-console-doc-1.2.7-1.el6.noarch
389-ds-base-1.2.11.15-35.el6.x86_64

rsearch -D -h dhcp201-155.englab.pnq.redhat.com -p 389 -D cn=directory manager -w Secret123 -s dc=example,dc=com -f 'uid=' -i /RHEL66/data/DS/6.0/filter/en/bug1070720.txt
T1: failed to bind, ldap_simple_bind_s(cn=directory, Secret123) returned 0x20 (errno 0)
T1: failed to bind, ldap_simple_bind_s(cn=directory, Secret123) returned 0x20 (errno 0)
T1: failed to bind, ldap_simple_bind_s(cn=directory, Secret123) returned 0x20 (errno 0)

Error Logs
============
[root@dhcp201-155 ~]# tail -f /var/log/dirsrv/slapd-dhcp201-155/errors
[23/Jun/2014:03:57:51 -0400] - slapd started.  Listening on All Interfaces port 389 for LDAP requests

[23/Jun/2014:03:59:04 -0400] - Not listening for new connections - too many fds open
[23/Jun/2014:03:59:12 -0400] - Listening for new connections again

[root@dhcp201-155 ~]# cat /RHEL66/data/DS/6.0/filter/en/bug1070720.txt
amsharma
mreynolds
nhosoi
nkinder

Bug is automated in TET as bug1070720 in /RHEL66/testcases/DS/6.0/filter/filter.sh

Can you please check what has gone wrong.
Comment 29 mreynolds 2014-06-23 13:27:36 UTC 
Amita,

You need to quote "cn=directory manager"

T1: failed to bind, ldap_simple_bind_s(cn=directory, Secret123) returned 0x20 (errno 0)

0x20 = 32 (no such object)  The access log would also of shown you the bind error message.  You should really be checking both log sets.  You can also see how the bind dn was truncated because it was not quoted:  (cn=directory) instead of (cn=directory manager)

The error log shows that too many file descriptors are open, probably because you ran the script over and over.   This can probably be ignored.

For future reference when using "cn=directory manager" from the command line it will always need to be quoted because of the space.

This should work for you:

rsearch -D -h dhcp201-155.englab.pnq.redhat.com -p 389 -D "cn=directory manager" -w Secret123 -s dc=example,dc=com -f 'uid=' -i /RHEL66/data/DS/6.0/filter

Thanks,
Mark
Comment 30 Amita Sharma 2014-06-24 06:19:52 UTC 
Hi Mark,

The error was coming due to DS instance was killed/crashed in quickinstall of tet. 
ofcourse, I know in the command line it should always be "cn=directory manager" 
Command in above comment, I have pasted from the automation log ..

Please Check ::
================= 
http://dhcp201-155.englab.pnq.redhat.com/qa/output/Linux/20140624-005816/filter/filter.startup.out.5363
AND
http://dhcp201-155.englab.pnq.redhat.com/qa/output/Linux/20140624-005816/filter/filter.run.out.5363

Manual Execution running fine:
==================================
[root@dhcp201-155 yum.repos.d]# rsearch -D -h dhcp201-155.englab.pnq.redhat.com -p 32626 -D "cn=directory manager" -w Secret123 -s dc=example,dc=com -f 'uid=' -i /RHEL66/tet/../data/DS/6.0/filter/en/bug1070720.txt
rsearch: 1 threads launched.

20140624 01:48:12 - Rate: 65721.00/thr (6572.10/sec = 0.1522ms/op), total: 65721 (1 thr)
20140624 01:48:22 - Rate: 73257.00/thr (7325.70/sec = 0.1365ms/op), total: 73257 (1 thr)
20140624 01:48:32 - Rate: 71005.00/thr (7100.50/sec = 0.1408ms/op), total: 71005 (1 thr)
20140624 01:48:42 - Rate: 75688.00/thr (7568.80/sec = 0.1321ms/op), total: 75688 (1 thr)
20140624 01:48:52 - Rate: 76120.00/thr (7612.00/sec = 0.1314ms/op), total: 76120 (1 thr)
20140624 01:49:02 - Rate: 72142.00/thr (7214.20/sec = 0.1386ms/op), total: 72142 (1 thr)
20140624 01:49:12 - Rate: 75292.00/thr (7529.20/sec = 0.1328ms/op), total: 75292 (1 thr)

TET automation still fails, I am investigating it.
Thanks for your inputs. We can mark this bug as VERIFIED.

Regards,
Ami
Comment 31 errata-xmlrpc 2014-10-14 07:53:09 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1385.html
Note You need to log in before you can comment on or make changes to this bug.