Bug 470611 - rsearch should allow filter and password to be customized for "search then bind" tests
rsearch should allow filter and password to be customized for "search then bi...
Product: 389
Classification: Community
Component: Command Line Utilities (Show other bugs)
All Linux
medium Severity low
: ---
: ---
Assigned To: Nathan Kinder
Chandrasekar Kannan
Depends On:
Blocks: 249650 FDS1.1.4 483099 FDS1.2.0
  Show dependency treegraph
Reported: 2008-11-07 18:16 EST by Thomas Lackey
Modified: 2015-01-04 18:34 EST (History)
3 users (show)

See Also:
Fixed In Version: 8.1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 483099 (view as bug list)
Last Closed: 2009-04-29 19:07:39 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Propose patch (8.84 KB, patch)
2008-11-07 18:26 EST, Thomas Lackey
no flags Details | Diff

  None (edit)
Description Thomas Lackey 2008-11-07 18:16:25 EST
Description of problem:

rsearch expects a rigid layout for tests which search and then bind.  It expects to search on the uid, and then bind using the DN and the uid as a password.  This, naturally, doesn't work if the entry does not have a uid, or if the password does not match it.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Run rsearch using the -B and -x flags.
Actual results:

rsearch searches based on the uid attribute and uses it as the password to bind.

Expected results:

Ideally, this would be customizable.

Additional info:
Comment 1 Thomas Lackey 2008-11-07 18:26:11 EST
Created attachment 322913 [details]
Propose patch

This patch adds a -W flag for the user password and a -U flag for the filter to use.  Their use is optional and the default values remain intact.  Example usage would be:

rsearch [options] -B bindfile -x -U "(myUserNameAttr=%s)" -W secret12

Omitting -U and –W would use “uid” and the uid value as is done currently.

The patch also contains some unrelated minor adjustments:

1. It fixes the bind-only (noop) -N option.  This had apparently atrophied over time and the threads would do exactly one loop and then exit.

2. It prints the current time out next to each "Rate" line.  This helps when trying to correlate any messages to access/error log statements.

3. It gives the threads a better chance of passing different seed values to srand().
Comment 2 Nathan Kinder 2009-01-29 11:32:35 EST
The proposed patch looks good.  Thank you for your contribution!  I will apply this to the current code and get it checked in if there are no merge conflicts.
Comment 3 Nathan Kinder 2009-01-29 12:33:02 EST
Checked into ldapserver (HEAD).  Thanks again for the contribution!

Checking in ldap/servers/slapd/tools/rsearch/rsearch.c;
/cvs/dirsec/ldapserver/ldap/servers/slapd/tools/rsearch/rsearch.c,v  <--  rsearch.c
new revision: 1.6; previous revision: 1.5
Checking in ldap/servers/slapd/tools/rsearch/rsearch.h;
/cvs/dirsec/ldapserver/ldap/servers/slapd/tools/rsearch/rsearch.h,v  <--  rsearch.h
new revision: 1.5; previous revision: 1.4
Checking in ldap/servers/slapd/tools/rsearch/searchthread.c;
/cvs/dirsec/ldapserver/ldap/servers/slapd/tools/rsearch/searchthread.c,v  <--  searchthread.c
new revision: 1.7; previous revision: 1.6
Comment 4 Jenny Galipeau 2009-04-14 09:00:02 EDT
Could you please add the rsearch commands to verify this bug? Thanks
Comment 5 Nathan Kinder 2009-04-14 11:16:02 EDT
As Thomas stated in comment #2, the new usage is:

  rsearch [options] -B bindfile -x -U "(myUserNameAttr=%s)" -W secret12

You need to create a bindfile and use some attribute other than "uid" for "myUserNameAttr" to find the DN to bind as.  Setup your entries with the password you use in the -W option.  You should see rsearch bind successfully as the entries found using the filter in the -U option.
Comment 6 Jenny Galipeau 2009-04-15 12:52:34 EDT
verified DS 8.1 - RHEL 4

user has no uid, bind file:

UID: test 1

rsearch command:
rsearch -h `hostname` -p 389 -D "cn=Directory Manager" -w Secret123 -s "dc=bos,dc=redhat,dc=com" -f "objectclass=person" -B bindfile -x -U '(cn=%s)' -W test

[15/Apr/2009:12:50:26 -0400] conn=18 op=0 BIND dn="cn=Directory Manager" method=128 version=3
[15/Apr/2009:12:50:26 -0400] conn=18 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[15/Apr/2009:12:50:26 -0400] conn=18 op=1 SRCH base="dc=bos,dc=redhat,dc=com" scope=2 filter="(cn=test 1)" attrs=ALL
[15/Apr/2009:12:50:26 -0400] conn=18 op=1 RESULT err=0 tag=101 nentries=1 etime=0
[15/Apr/2009:12:50:26 -0400] conn=19 fd=67 slot=67 connection from to
[15/Apr/2009:12:50:26 -0400] conn=19 op=0 BIND dn="cn=test 1,dc=bos,dc=redhat,dc=com" method=128 version=3
[15/Apr/2009:12:50:26 -0400] conn=19 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=test 1,dc=bos,dc=redhat,dc=com"
[15/Apr/2009:12:50:26 -0400] conn=19 op=1 SRCH base="dc=bos,dc=redhat,dc=com" scope=2 filter="(objectClass=person)" attrs=ALL
[15/Apr/2009:12:50:26 -0400] conn=19 op=1 RESULT err=0 tag=101 nentries=5 etime=0
[15/Apr/2009:12:50:26 -0400] conn=19 op=2 SRCH base="dc=bos,dc=redhat,dc=com" scope=2 filter="(objectClass=person)" attrs=ALL
[15/Apr/2009:12:50:26 -0400] conn=19 op=2 RESULT err=0 tag=101 nentries=5 etime=0
Comment 7 Chandrasekar Kannan 2009-04-29 19:07:39 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.