Description of problem: in directory server 1.2.0 when I search with (ou=*(China)Limited*), there is no resuts. but when I seach with (ou=*(China)*), 28 results gets out. in directory server 1.1.0 it works correct. Version-Release number of selected component (if applicable): 389 directory 1.2.0 fedora directory 1.1.0 How reproducible: create any record with attribute value contains "(" or ")" and following with other characters, such as ou=PRC (China)Limited company or ou=PRC (China) Limited company Steps to Reproduce: 1.add a user 2. change businessCategory value to PRC (China)Limited company 3. search by filter businessCategory=*)Limited* Actual results: none Expected results: the record created. Additional info: the issue doesn't exist on older version fedora directory 1.1.0
anyone can help on this issue?
What is your ldapsearch client? Note that http://www.ietf.org/rfc/rfc4515.txt specifies that the ( and ) characters are not allowed in search filters. For example, when I use python-ldap to try to reproduce your results, python-ldap does not even let me use those search filters, and fails with ldap.FILTER_ERROR: {'info': '', 'desc': 'Bad search filter'}
I search via JXeplore, LDAP Browser, and my customized LDAP client web app , they all has the same results. I'm curious that it works fine for a ealirer version
also be noted that we have apply the escape special search filter. as the link http://www.owasp.org/index.php/Preventing_LDAP_Injection_in_Java in our developed web application.
In 1.2.0 we switched to using PCRE for regular expressions instead of our old proprietary regex. The problem is that PCRE is interpreting the ( and ) as special characters. We need to escape them.
Created attachment 402627 [details] patch
Comment on attachment 402627 [details] patch Note: It's safe to escape '(' and ')' since we have allocated the enough space here: 254 size *= 2; /* doubled in case all filter chars need escaping */ Ack.
To ssh://git.fedorahosted.org/git/389/ds.git 5db9031..41c5be0 Directory_Server_8_2_Branch -> Directory_Server_8_2_Branch commit 41c5be046a21f06a1e743513631814186c7df79b Author: Rich Megginson <rmeggins> Date: Thu Mar 25 11:51:26 2010 -0600 To ssh://git.fedorahosted.org/git/389/ds.git 742032c..c1d2e74 master -> master commit c1d2e7461ac41f39f5f27f3d9dcd6084bb4435a5 Author: Rich Megginson <rmeggins> Date: Thu Mar 25 11:51:26 2010 -0600 Reviewed by: nhosoi (Thanks!) Branch: HEAD Fix Description: PCRE requires '(' and ')' to be escaped to match a literal parenthesis. Otherwise, it thinks the parenthesis is used for grouping. Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no
Thanks for your help. May I know how can I deploy the patch? or update the library. Thanks.
(In reply to comment #9) > Thanks for your help. > > May I know how can I deploy the patch? or update the library. > > Thanks. We are going to release 1.2.6 alpha 3 shortly. Otherwise, if you are building from source, you can just grab the patch and apply it - pretty easy with git.
Thanks for your reply. May I know when the release will be available?
(In reply to comment #11) > Thanks for your reply. > > May I know when the release will be available? soon
Hi Rich I try to compile the source as http://directory.fedoraproject.org/wiki/Building#NSPR when run ./configure --prefix=/root/dev/fd12 --with-ldapsdk=/root/dev/mozldap-6.0.5/mozilla/directory/c-sdk/ldap: I got a error : "configure: error: The LDAPSDK version in -I/root/dev/mozldap-6.0.5/mozilla/directory/c-sdk/ldap/include/ldap-standard.h is not supported" could you give me some more instructions about how to do the build? I have got directory source via 389.
(In reply to comment #13) > Hi Rich > > I try to compile the source as > http://directory.fedoraproject.org/wiki/Building#NSPR > > when run > ./configure --prefix=/root/dev/fd12 > --with-ldapsdk=/root/dev/mozldap-6.0.5/mozilla/directory/c-sdk/ldap: > > I got a error : > > "configure: error: The LDAPSDK version in > -I/root/dev/mozldap-6.0.5/mozilla/directory/c-sdk/ldap/include/ldap-standard.h > is not supported" > > could you give me some more instructions about how to do the build? > > I have got directory source via 389. What platform? Note that on RHEL and Fedora all of the dependencies are already provided - you just have to yum install nspr-devel nss-devel svrcore-devel mozldap-devel
Thanks for your quick response. I use CentOS5.4. I have installed the devel package now. and run ./configure --prefix=/root/dev/fd12. it prompts me "configure: error: db not found, specify with --with-db.". any idea?
(In reply to comment #15) > Thanks for your quick response. > > I use CentOS5.4. I have installed the devel package now. > > and run ./configure --prefix=/root/dev/fd12. > it prompts me "configure: error: db not found, specify with --with-db.". > > any idea? The following are the BuildRequires from the EL5 spec file: BuildRequires: nspr-devel BuildRequires: nss-devel BuildRequires: svrcore-devel BuildRequires: mozldap-devel BuildRequires: db4-devel BuildRequires: cyrus-sasl-devel BuildRequires: icu BuildRequires: libicu-devel BuildRequires: pcre-devel BuildRequires: net-snmp-devel BuildRequires: lm_sensors-devel BuildRequires: bzip2-devel BuildRequires: zlib-devel BuildRequires: openssl-devel BuildRequires: tcp_wrappers BuildRequires: checkpolicy BuildRequires: selinux-policy-devel BuildRequires: /usr/share/selinux/devel/Makefile BuildRequires: pam-devel You'll need these additional packages at runtime: Requires: mozldap-tools Requires: perl-Mozilla-LDAP Requires: nss-tools Requires: cyrus-sasl-gssapi Requires: cyrus-sasl-md5 Requires: db4-utils
Thanks Rich. I have build up the directory server sucessfully!
Hi Rich Now we are preparing to upgrade the directory server from 1.2.6 to the latest version. I'm wondering do we need to update the admin server and admin util also? also how can I wrap the builds into a RPM file, so that we just install rpm for other systems? Thanks.
after I install the latest directory server, I can't start the directory instance. Error is about "EQUALITY matching rule is not compatible with syntax..." if I remove the directory server instance, and recreate a instance , got error "schema in /etc/dirsrv/slapd-xxx/schema/01common.ldif is invalid. error code 21" it only works if I totally uninstall the previous version and reinstal .
(In reply to comment #18) > Hi Rich > > Now we are preparing to upgrade the directory server from 1.2.6 to the latest > version. I'm wondering do we need to update the admin server and admin util > also? Yes. > also how can I wrap the builds into a RPM file, so that we just install rpm for > other systems? You'll first need the rpm spec files, which are here: http://cvs.fedoraproject.org/viewvc/rpms/ There is a repo for each package - 389-ds-base, 389-admin, etc. Under each package repo is a platform subdir - EL-5, F-12, etc. Under each of those are the .spec files and other files you might need to build. The best way is to use mock, the chroot build system that Fedora uses, to build rpms. https://fedoraproject.org/wiki/Extras/MockTricks You'll have to first use rpmbuild -bs to create a SRPM (src.rpm) file to pass to mock. You can also use rpmbuild - rpmbuild -ba /path/to/file.spec https://fedoraproject.org/wiki/Packaging:RPMMacros - how to set up your ~/.rpmmacros to use rpmbuild > > Thanks.
(In reply to comment #19) > after I install the latest directory server, I can't start the directory > instance. Error is about "EQUALITY matching rule is not compatible with > syntax..." > > if I remove the directory server instance, and recreate a instance , got error > "schema in /etc/dirsrv/slapd-xxx/schema/01common.ldif is invalid. error code > 21" > > it only works if I totally uninstall the previous version and reinstal . RPM and setup handle this automatically. But you can do the same: rm -rf /etc/dirsrv/schema/* make install # will put the new files in /etc/dirsrv/schema setup-ds.pl -u # or setup-ds-admin.pl -u This will make sure your existing instances are using the correct schema.
Now I following the order: install adminutil install admin server install directoy server however, when I run setup-ds.pl -u or setup-ds-admin.pl -u I got following error: Error adding entry 'cn=SMD5,cn=Password Storage Schemes,cn=plugins,cn=config'. Error: Object class violation Could not reconfigure the admin server. Exiting . . . Log file is '/tmp/setupYhabeS.log' Error adding entry 'cn=SMD5,cn=Password Storage Schemes,cn=plugins,cn=config'. Error: Object class violation Error: could not update the directory server. Exiting . . . Log file is '/tmp/setupe1iKdg.log and one more question, if I update both admin server and directory server, do I need to run setup-ds.pl -u and setup-ds-admin.pl -u two, or only need run setup-ds-admin.pl -u?
You should install adminutil and directory server first - it doesn't matter which one is installed first - and admin server should be installed last. Error adding entry - can you provide excerpts from the directory server access and error logs? You should only need to run setup-ds-admin.pl -u - that will run setup-ds.pl -u on the directory servers.
there are also several other packages need to be install for previous version, such as admin-console, admin-console-doc, ds-console, ds-console-doc,so if I do upgrade for the issue, do I need to include these also?
(In reply to comment #24) > there are also several other packages need to be install for previous version, > such as admin-console, admin-console-doc, ds-console, ds-console-doc,so if I do > upgrade for the issue, do I need to include these also? If you want to use the console, you have to install those packages. If you are just doing an upgrade of 389-ds-base and 389-admin, and you already have those packages installed, you don't have to do anything.
when I try to build 389-admin into a rpm file, got following error: make[1]: Leaving directory `/usr/src/redhat/BUILD/389-admin-hwl' + cd selinux-built + cp /usr/share/dirsrv-selinux/dirsrv.if . cp: cannot stat `/usr/share/dirsrv-selinux/dirsrv.if': No such file or directory error: Bad exit status from /var/tmp/rpm-tmp.66667 (%build) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.66667 (%build)
+ make NAME=strict -f /usr/share/selinux/devel/Makefile Compiling strict dirsrv-admin module /usr/bin/checkmodule: loading policy configuration from tmp/dirsrv-admin.tmp dirsrv-admin.te:122:ERROR 'syntax error' at token 'dirsrv_pid_filetrans' on line 102154: dirsrv_pid_filetrans(httpd_dirsrvadmin_script_t) /usr/bin/checkmodule: error(s) encountered while parsing configuration make: *** [tmp/dirsrv-admin.mod] Error 1 error: Bad exit status from /var/tmp/rpm-tmp.33728 (%build) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.33728 (%build)
the above issue is fixed via install the Now I have build out the rpm file 389-ds-base-selinux-devel and 389-adminutil-devel now, after I install the compiled 389-admin rpm file, and start it, got following error: /usr/sbin/start-ds-admin: line 67: 13009 Segmentation fault $SELINUX_CMD $HTTPD $OMIT_DEFLATE -k start -f /etc/dirsrv/admin-serv/httpd.conf "$@" followin error message in /var/log/message when I install the 389-admin rpm file: Apr 10 05:55:47 localhost kernel: security: invalidating context system_u:object_r:dirsrv_config_t:s0 Apr 10 05:55:47 localhost kernel: security: invalidating context system_u:object_r:dirsrv_lib_t:s0 Apr 10 05:55:47 localhost kernel: security: invalidating context system_u:object_r:dirsrv_snmp_exec_t:s0 Apr 10 05:55:47 localhost kernel: security: invalidating context system_u:object_r:dirsrv_exec_t:s0 Apr 10 05:55:47 localhost kernel: security: invalidating context system_u:object_r:dirsrv_share_t:s0 Apr 10 05:55:47 localhost kernel: security: invalidating context system_u:object_r:dirsrv_var_lib_t:s0 Apr 10 05:55:47 localhost kernel: security: invalidating context system_u:object_r:dirsrv_var_lock_t:s0 Apr 10 05:55:47 localhost kernel: security: invalidating context system_u:object_r:dirsrv_var_log_t:s0 Apr 10 05:55:47 localhost kernel: security: invalidating context root:object_r:dirsrv_config_t:s0 Apr 10 05:55:47 localhost kernel: security: invalidating context root:object_r:dirsrv_lib_t:s0 Apr 10 05:55:47 localhost kernel: security: invalidating context root:object_r:dirsrv_share_t:s0 Apr 10 05:55:47 localhost kernel: security: invalidating context root:object_r:dirsrv_var_log_t:s0 Apr 10 05:55:47 localhost kernel: security: invalidating context root:object_r:dirsrv_var_lock_t:s0 Apr 10 05:55:47 localhost dbus: avc: received policyload notice (seqno=6) Apr 10 05:55:47 localhost kernel: security: invalidating context root:object_r:dirsrv_var_lib_t:s0 Apr 10 05:55:47 localhost kernel: security: invalidating context system_u:object_r:dirsrv_var_run_t:s0 Apr 10 05:55:47 localhost kernel: security: invalidating context root:system_r:dirsrv_t:s0 Apr 10 05:55:47 localhost kernel: security: invalidating context root:object_r:dirsrv_var_run_t:s0 Apr 10 05:55:47 localhost kernel: security: invalidating context root:object_r:dirsrv_tmpfs_t:s0 Apr 10 06:09:35 localhost dbus: avc: received policyload notice (seqno=7) I work on a x86_64 CentOS5.4
also see the log when I run setup-ds-admin.pl [Sat Apr 10 07:02:18 2010] [notice] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0-s0:c0.c1023 [Sat Apr 10 07:02:19 2010] [error] Unable to change directory to /root/dev/rpmbuild [Sat Apr 10 07:03:31 2010] [notice] SELinux policy enabled; httpd running as context root:system_r:httpd_t:s0 [Sat Apr 10 07:03:32 2010] [notice] Access Host filter is: *.localdomain [Sat Apr 10 07:03:32 2010] [notice] Access Address filter is: * [Sat Apr 10 07:03:33 2010] [notice] Apache/2.2 configured -- resuming normal operations [Sat Apr 10 07:03:33 2010] [notice] Access Host filter is: *.localdomain [Sat Apr 10 07:03:33 2010] [notice] Access Address filter is: * [Sat Apr 10 07:03:34 2010] [notice] child pid 14547 exit signal Segmentation fault (11) ...
(In reply to comment #23) > You should install adminutil and directory server first - it doesn't matter > which one is installed first - and admin server should be installed last. > > Error adding entry - can you provide excerpts from the directory server access > and error logs? > > You should only need to run setup-ds-admin.pl -u - that will run setup-ds.pl -u > on the directory servers. Following is the error log: [12/Apr/2010:01:10:49 -0400] - Entry "cn=SMD5,cn=Password Storage Schemes,cn=plugins,cn=config" missing attribute "nsslapd-pluginId" required by object class "nsslapdPlugin" [12/Apr/2010:01:10:49 -0400] - Entry "cn=SMD5,cn=Password Storage Schemes,cn=plugins,cn=config" missing attribute "nsslapd-pluginVersion" required by object class "nsslapdPlugin" [12/Apr/2010:01:10:49 -0400] - Entry "cn=SMD5,cn=Password Storage Schemes,cn=plugins,cn=config" missing attribute "nsslapd-pluginVendor" required by object class "nsslapdPlugin" [12/Apr/2010:01:10:49 -0400] - Entry "cn=SMD5,cn=Password Storage Schemes,cn=plugins,cn=config" missing attribute "nsslapd-pluginDescription" required by object class "nsslapdPlugin" the rpm file generation and install works fine on 386 machine now. just got above error when run setup-ds-admin.pl -u.
when I import via ldif2db.pl. got following error: which violates attribute syntax, ending line 1006 of file "/home/gcdldaprw/userRoot.ldif" which was a blank line of ldif file.
(In reply to comment #31) > when I import via ldif2db.pl. got following error: > > which violates attribute syntax, ending line 1006 of file > "/home/gcdldaprw/userRoot.ldif" > > which was a blank line of ldif file. Can you paste the last few lines of the ldif file? Are you sure you have no whitespace characters around the end of the file? Note that LDIF and LDAP are very sensitive to (hidden) whitespace characters.
# entry-id: 71 dn: ou=ABC,o=GCD nsUniqueId: 796e1646-1dd211b2-84edc18b-83080000 street: 07/09/2009 11:05:05 preferredDeliveryMethod: Mich description: st: http://www.hut.com postalCode: info destinationIndicator: ABC Group businessCategory: ABC Group objectClass: organizationalUnit objectClass: top facsimileTelephoneNumber:: MTDigLAxMOKAsDDigLA= ou: HWL physicalDeliveryOfficeName: postalAddress: 06/05/2009 15:53:00 postOfficeBox: fx searchGuide: HWL seeAlso: 0 creatorsName: modifiersName: createTimestamp: 20091222050820Z modifyTimestamp: 20091222050820Z # entry-id: 72
the same ldif file works for previous version. also when I initialize the userRoot from console, it got "Could not open LDIf file... errno 13 (Permission denied)" prompt. I have set the ldif file as everyone full access.
and what's the correct way to fix error: 1.cn=SMD5,cn=Password Storage Schemes,cn=plugins,cn=config" missing attribute "nsslapd-pluginId" 2.child pid 14547 exit signal Segmentation fault (11) now I remove the smd5 entry and start admin server via /usr/sbin/start-ds-admin.pl to solve them temporaily.
(In reply to comment #34) > the same ldif file works for previous version. Which previous version? Note that syntax validation is a relatively new feature. I notice that several of the attibutes in the entry you pasted above could potentially be causing the syntax violation - can you provide the entire error message? The excerpt you provided: "which violates attribute syntax, ending line 1006 of file" does not provide enough information, unless one of the lines in the above paste is line 1006. > also when I initialize the > userRoot from console, it got "Could not open LDIf file... errno 13 > (Permission denied)" prompt. > > I have set the ldif file as everyone full access. It could be an SELinux problem - check /var/log/audit/audit.log > and what's the correct way to fix error: > 1.cn=SMD5,cn=Password Storage > Schemes,cn=plugins,cn=config" missing attribute "nsslapd-pluginId" Add the following lines to the entry dn: cn=SMD5,cn=Password Storage Schemes,cn=plugins,cn=config # these will be replaced when the server loads the plugin nsslapd-pluginId: ID nsslapd-pluginVersion: PACKAGE_VERSION nsslapd-pluginVendor: VENDOR nsslapd-pluginDescription: DESC > 2.child pid 14547 exit signal Segmentation > fault (11) This is from the admin server? You could try starting the admin server with start-ds-admin -e debug to get more information
(In reply to comment #36) > (In reply to comment #34) > > the same ldif file works for previous version. > Which previous version? Note that syntax validation is a relatively new > feature. I notice that several of the attibutes in the entry you pasted above > could potentially be causing the syntax violation - can you provide the entire > error message? The excerpt you provided: "which violates attribute syntax, > ending line 1006 of file" does not provide enough information, unless one of > the lines in the above paste is line 1006. Yes, the line about "# entry-id: 72" is line 1006. > > also when I initialize the > > userRoot from console, it got "Could not open LDIf file... errno 13 > > (Permission denied)" prompt. > > > > I have set the ldif file as everyone full access. > It could be an SELinux problem - check /var/log/audit/audit.log got following information in audit.log when error occurs type=AVC msg=audit(1271169401.809:89): avc: denied { search } for pid=12214 comm="ns-slapd" name="home" dev=dm-0 ino=196609 scontext=root:system_r:dirsrv_t:s0 tcontext=system_u:object_r:home_root_t:s0 tclass=dir type=SYSCALL msg=audit(1271169401.809:89): arch=40000003 syscall=5 success=no exit=-13 a0=9fb0a00 a1=8000 a2=0 a3=8000 items=0 ppid=1 pid=12214 auid=0 uid=503 gid=503 euid=503 suid=503 fsuid=503 egid=503 sgid=503 fsgid=503 tty=(none) ses=1 comm="ns-slapd" exe="/usr/sbin/ns-slapd" subj=root:system_r:dirsrv_t:s0 key=(null) > > and what's the correct way to fix error: > > 1.cn=SMD5,cn=Password Storage > > Schemes,cn=plugins,cn=config" missing attribute "nsslapd-pluginId" > Add the following lines to the entry dn: cn=SMD5,cn=Password Storage > Schemes,cn=plugins,cn=config > # these will be replaced when the server loads the plugin > nsslapd-pluginId: ID > nsslapd-pluginVersion: PACKAGE_VERSION > nsslapd-pluginVendor: VENDOR > nsslapd-pluginDescription: DESC > > 2.child pid 14547 exit signal Segmentation > > fault (11) > This is from the admin server? You could try starting the admin server with > start-ds-admin -e debug > to get more information the error only occurs when I start/restart admin server via service dirsrv-admin start/restart. if I start via /usr/sbin/start-ds-admin, no such error. from other's research resutl, it's said it's the open ldap library conflicts with mozldap library, not sure how to make it works for the service script also. see debug information: [root@agcdvldbr01 ~]# /usr/sbin/start-ds-admin -e debug [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module authz_host_module [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module auth_basic_module [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module authn_file_module [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module log_config_module [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module env_module [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module mime_magic_module [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module expires_module [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module deflate_module [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module headers_module [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module unique_id_module [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module setenvif_module [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module mime_module [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module vhost_alias_module [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module negotiation_module [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module dir_module [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module actions_module [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module alias_module [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module rewrite_module [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module cache_module [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module disk_cache_module [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module cgi_module [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module restartd_module [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module nss_module [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module admserv_module [Tue Apr 13 10:31:01 2010] [debug] mod_admserv/mod_admserv.c(2506): [11719] create_server_config [0xbogus %p for (null) [Tue Apr 13 10:31:01 2010] [debug] mod_admserv/mod_admserv.c(2494): [11719] create_config [0xbogus %p for (null) [Tue Apr 13 10:31:01 2010] [debug] mod_admserv/mod_admserv.c(2567): [11719] Set [0xbogus %p [ADMCacheLifeTime] to 600 [Tue Apr 13 10:31:01 2010] [debug] mod_admserv/mod_admserv.c(2585): [11719] Set [0xbogus %p [ADMServerVersionString] to 389-Administrator/1.1.11.a3.git2b661e5 [Tue Apr 13 10:31:01 2010] [debug] mod_admserv/mod_admserv.c(2494): [11719] create_config [0xbogus %p for /*/[tT]asks/[Oo]peration/* [Tue Apr 13 10:31:01 2010] [debug] mod_admserv/mod_admserv.c(2519): [11719] adminsdk [0xbogus %p flag 1 [Tue Apr 13 10:31:01 2010] [debug] mod_admserv/mod_admserv.c(2494): [11719] create_config [0xbogus %p for /*/[tT]asks/[Cc]onfiguration/* [Tue Apr 13 10:31:01 2010] [debug] mod_admserv/mod_admserv.c(2519): [11719] adminsdk [0xbogus %p flag 1 [Tue Apr 13 10:31:01 2010] [debug] mod_admserv/mod_admserv.c(2494): [11719] create_config [0xbogus %p for /*/[tT]asks/[Oo]peration/(?i:stop|start|restart|startconfigds|create|remove)$ [Tue Apr 13 10:31:01 2010] [debug] mod_admserv/mod_admserv.c(2519): [11719] adminsdk [0xbogus %p flag 0 httpd.worker: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
for quesiton one, it's the line above "# entry-id: 72" is line 1006
(In reply to comment #37) > (In reply to comment #36) > > (In reply to comment #34) > > > the same ldif file works for previous version. > > Which previous version? Note that syntax validation is a relatively new > > feature. I notice that several of the attibutes in the entry you pasted above > > could potentially be causing the syntax violation - can you provide the entire > > error message? The excerpt you provided: "which violates attribute syntax, > > ending line 1006 of file" does not provide enough information, unless one of > > the lines in the above paste is line 1006. > > Yes, the line about "# entry-id: 72" is line 1006. Can you provide the full error message which should include the name of the attribute? > > > > also when I initialize the > > > userRoot from console, it got "Could not open LDIf file... errno 13 > > > (Permission denied)" prompt. > > > > > > I have set the ldif file as everyone full access. > > It could be an SELinux problem - check /var/log/audit/audit.log > > got following information in audit.log when error occurs > > type=AVC msg=audit(1271169401.809:89): avc: denied { search } for pid=12214 > comm="ns-slapd" name="home" dev=dm-0 ino=196609 > scontext=root:system_r:dirsrv_t:s0 tcontext=system_u:object_r:home_root_t:s0 > tclass=dir > type=SYSCALL msg=audit(1271169401.809:89): arch=40000003 syscall=5 success=no > exit=-13 a0=9fb0a00 a1=8000 a2=0 a3=8000 items=0 ppid=1 pid=12214 auid=0 > uid=503 gid=503 euid=503 suid=503 fsuid=503 egid=503 sgid=503 fsgid=503 > tty=(none) ses=1 comm="ns-slapd" exe="/usr/sbin/ns-slapd" > subj=root:system_r:dirsrv_t:s0 key=(null) Ok - then the 13 (permission) problem is likely selinux related. I don't think make install will properly work for selinux - you can check the 389-ds-base.spec file to see what selinux commands you should use. > > > > > and what's the correct way to fix error: > > > 1.cn=SMD5,cn=Password Storage > > > Schemes,cn=plugins,cn=config" missing attribute "nsslapd-pluginId" > > Add the following lines to the entry dn: cn=SMD5,cn=Password Storage > > Schemes,cn=plugins,cn=config > > # these will be replaced when the server loads the plugin > > nsslapd-pluginId: ID > > nsslapd-pluginVersion: PACKAGE_VERSION > > nsslapd-pluginVendor: VENDOR > > nsslapd-pluginDescription: DESC > > > > 2.child pid 14547 exit signal Segmentation > > > fault (11) > > This is from the admin server? You could try starting the admin server with > > start-ds-admin -e debug > > to get more information > > the error only occurs when I start/restart admin server via service > dirsrv-admin start/restart. if I start via /usr/sbin/start-ds-admin, no such > error. from other's research resutl, it's said it's the open ldap library > conflicts with mozldap library, not sure how to make it works for the service > script also. Ok. Then this is also likely selinux related. selinux handles start from initscript and start from start-ds-admin differently. > > see debug information: > [root@agcdvldbr01 ~]# /usr/sbin/start-ds-admin -e debug > [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module > authz_host_module > [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module > auth_basic_module > [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module > authn_file_module > [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module > log_config_module > [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module env_module > [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module > mime_magic_module > [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module expires_module > [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module deflate_module > [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module headers_module > [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module > unique_id_module > [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module setenvif_module > [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module mime_module > [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module > vhost_alias_module > [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module > negotiation_module > [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module dir_module > [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module actions_module > [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module alias_module > [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module rewrite_module > [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module cache_module > [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module > disk_cache_module > [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module cgi_module > [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module restartd_module > [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module nss_module > [Tue Apr 13 10:31:01 2010] [debug] mod_so.c(246): loaded module admserv_module > [Tue Apr 13 10:31:01 2010] [debug] mod_admserv/mod_admserv.c(2506): [11719] > create_server_config [0xbogus %p for (null) > [Tue Apr 13 10:31:01 2010] [debug] mod_admserv/mod_admserv.c(2494): [11719] > create_config [0xbogus %p for (null) > [Tue Apr 13 10:31:01 2010] [debug] mod_admserv/mod_admserv.c(2567): [11719] Set > [0xbogus %p [ADMCacheLifeTime] to 600 > [Tue Apr 13 10:31:01 2010] [debug] mod_admserv/mod_admserv.c(2585): [11719] Set > [0xbogus %p [ADMServerVersionString] to 389-Administrator/1.1.11.a3.git2b661e5 > [Tue Apr 13 10:31:01 2010] [debug] mod_admserv/mod_admserv.c(2494): [11719] > create_config [0xbogus %p for /*/[tT]asks/[Oo]peration/* > [Tue Apr 13 10:31:01 2010] [debug] mod_admserv/mod_admserv.c(2519): [11719] > adminsdk [0xbogus %p flag 1 > [Tue Apr 13 10:31:01 2010] [debug] mod_admserv/mod_admserv.c(2494): [11719] > create_config [0xbogus %p for /*/[tT]asks/[Cc]onfiguration/* > [Tue Apr 13 10:31:01 2010] [debug] mod_admserv/mod_admserv.c(2519): [11719] > adminsdk [0xbogus %p flag 1 > [Tue Apr 13 10:31:01 2010] [debug] mod_admserv/mod_admserv.c(2494): [11719] > create_config [0xbogus %p for > /*/[tT]asks/[Oo]peration/(?i:stop|start|restart|startconfigds|create|remove)$ > [Tue Apr 13 10:31:01 2010] [debug] mod_admserv/mod_admserv.c(2519): [11719] > adminsdk [0xbogus %p flag 0 > httpd.worker: Could not reliably determine the server's fully qualified domain > name, using 127.0.0.1 for ServerName
1. I have already get the rpm file frpm rpmbuild -ba 389-ds-base.spec. it reference the spec you mentioned above. all the test are under the rpm installation now. 2. error about "syntax violation" is about the blank line. no attribute mentioned. line 10067 is the a line. see error below: [ldaprw@agcdvldbr01 slapd-agcdvldbr01]$ ./ldif2db -n userRoot -i ~/userRoot.ldif importing data ... [13/Apr/2010:11:33:37 -0400] - autosize_import_cache: pagesize: 4096, pages: 193761, procpages: 6676 [13/Apr/2010:11:33:37 -0400] - cache autosizing: import cache: 204800k [13/Apr/2010:11:33:37 -0400] - li_import_cache_autosize: 50, import_pages: 51200, pagesize: 4096 [13/Apr/2010:11:33:37 -0400] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database [13/Apr/2010:11:33:37 -0400] - autosize_import_cache: pagesize: 4096, pages: 193761, procpages: 6696 [13/Apr/2010:11:33:37 -0400] - cache autosizing: import cache: 204800k [13/Apr/2010:11:33:37 -0400] - li_import_cache_autosize: 50, import_pages: 51200, pagesize: 4096 [13/Apr/2010:11:33:37 -0400] - import userRoot: Beginning import job... [13/Apr/2010:11:33:37 -0400] - import userRoot: Index buffering enabled with bucket size 62 [13/Apr/2010:11:33:37 -0400] - import userRoot: Processing file "/home/gcdldaprw/userRoot.ldif" [13/Apr/2010:11:33:37 -0400] - import userRoot: WARNING: skipping entry "ou=ABC,o=GCD" which violates attribute syntax, ending line 1006 of file "/home/gcdldaprw/userRoot.ldif" [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: skipping entry "ABCAddressID=A01,ou=address,ou=ABC,o=GCD" which violates attribute syntax, ending line 1088 of file "/home/gcdldaprw/userRoot.ldif" [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: skipping entry "uid=CIM20090907110704441306901,ou=users,ou=ABC,o=GCD" which violates attribute syntax, ending line 1140 of file "/home/gcdldaprw/userRoot.ldif" [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: skipping entry "mail=dir.ABC.ca.hk,ou=PasswordServices,ou=Services,o=GCD" which violates attribute syntax, ending line 1168 of file "/home/gcdldaprw/userRoot.ldif" [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: skipping entry "ou=ABC_09090718134617530,ou=ABC,o=GCD" which violates attribute syntax, ending line 1202 of file "/home/gcdldaprw/userRoot.ldif" [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: skipping entry "ABCAddressID=AddressUID_200909071813463318285,ou=address,ou=ABC_09090718134617530,ou=ABC,o=GCD" which violates attribute syntax, ending line 1266 of file "/home/gcdldaprw/userRoot.ldif" [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: skipping entry "ou=HIL_09090718150344669,ou=ABC_09090718134617530,ou=ABC,o=GCD" which violates attribute syntax, ending line 1287 of file "/home/gcdldaprw/userRoot.ldif" [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: skipping entry "ABCAddressID=AddressUID_200909071815036026825,ou=address,ou=HIL_09090718150344669,ou=ABC_09090718134617530,ou=ABC,o=GCD" which violates attribute syntax, ending line 1353 of file "/home/gcdldaprw/userRoot.ldif" [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: skipping entry "ABCAddressID=AddressUID_200909071817104818356,ou=address,ou=HIL_09090718150344669,ou=ABC_09090718134617530,ou=ABC,o=GCD" which violates attribute syntax, ending line 1373 of file "/home/gcdldaprw/userRoot.ldif" [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: skipping entry "ou=ASW_09090719084159916,ou=ABC,o=GCD" which violates attribute syntax, ending line 1443 of file "/home/gcdldaprw/userRoot.ldif" [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: skipping entry "ABCAddressID=AddressUID_200909071908417553337,ou=address,ou=ASW_09090719084159916,ou=ABC,o=GCD" which violates attribute syntax, ending line 1508 of file "/home/gcdldaprw/userRoot.ldif" [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: skipping entry "ou=EInO_09090719123586126,ou=ABC,o=GCD" which violates attribute syntax, ending line 1528 of file "/home/gcdldaprw/userRoot.ldif" [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: skipping entry "ABCAddressID=AddressUID_200909071912359653499,ou=address,ou=EInO_09090719123586126,ou=ABC,o=GCD" which violates attribute syntax, ending line 1594 of file "/home/gcdldaprw/userRoot.ldif" [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: skipping entry "ou=CKI_09090719142667168,ou=EInO_09090719123586126,ou=ABC,o=GCD" which violates attribute syntax, ending line 1616 of file "/home/gcdldaprw/userRoot.ldif" [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: skipping entry "ABCAddressID=AddressUID_200909071914268277392,ou=address,ou=CKI_09090719142667168,ou=EInO_09090719123586126,ou=ABC,o=GCD" which violates attribute syntax, ending line 1684 of file "/home/gcdldaprw/userRoot.ldif" [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: skipping entry "ou=HUSKY_09090719180662982,ou=EInO_09090719123586126,ou=ABC,o=GCD" which violates attribute syntax, ending line 1704 of file "/home/gcdldaprw/userRoot.ldif" [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: skipping entry "ABCAddressID=AddressUID_200909071918067855569,ou=address,ou=HUSKY_09090719180662982,ou=EInO_09090719123586126,ou=ABC,o=GCD" which violates attribute syntax, ending line 1773 of file "/home/gcdldaprw/userRoot.ldif" [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: Skipping entry "ou=department,ou=ABC,o=GCD" which has no parent, ending at line 1017 of file "/home/gcdldaprw/userRoot.ldif" [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: Skipping entry "ABCDeptID=200905061700041718995,ou=department,ou=ABC,o=GCD" which has no parent, ending at line 1035 of file "/home/gcdldaprw/userRoot.ldif" [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: Skipping entry "ou=users,ou=ABC,o=GCD" which has no parent, ending at line 1046 of file "/home/gcdldaprw/userRoot.ldif" [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: Skipping entry "ou=distlist,ou=ABC,o=GCD" which has no parent, ending at line 1057 of file "/home/gcdldaprw/userRoot.ldif" [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: Skipping entry "ou=address,ou=ABC,o=GCD" which has no parent, ending at line 1068 of file "/home/gcdldaprw/userRoot.ldif" [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: Skipping entry "ou=department,ou=ABC_09090718134617530,ou=ABC,o=GCD" which has no parent, ending at line 1213 of file "/home/gcdldaprw/userRoot.ldif" [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: Skipping entry "ou=users,ou=ABC_09090718134617530,ou=ABC,o=GCD" which has no parent, ending at line 1224 of file "/home/gcdldaprw/userRoot.ldif" [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: Skipping entry "ou=distlist,ou=ABC_09090718134617530,ou=ABC,o=GCD" which has no parent, ending at line 1235 of file "/home/gcdldaprw/userRoot.ldif" [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: skipping entry "ou=HECL_09090719222376637,ou=EInO_09090719123586126,ou=ABC,o=GCD" which violates attribute syntax, ending line 1791 of file "/home/gcdldaprw/userRoot.ldif" [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: Skipping entry "ou=address,ou=ABC_09090718134617530,ou=ABC,o=GCD" which has no parent, ending at line 1246 of file "/home/gcdldaprw/userRoot.ldif" [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: skipping entry "ABCAddressID=AddressUID_200909071922239222221,ou=address,ou=HECL_09090719222376637,ou=EInO_09090719123586126,ou=ABC,o=GCD" which violates attribute syntax, ending line 1859 of file "/home/gcdldaprw/userRoot.ldif" [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: Skipping entry "ou=department,ou=HIL_09090718150344669,ou=ABC_09090718134617530,ou=ABC,o=GCD" which has no parent, ending at line 1299 of file "/home/gcdldaprw/userRoot.ldif" [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: skipping entry "ou=BigboXX_09090719271418259,ou=HECL_09090719222376637,ou=EInO_09090719123586126,ou=ABC,o=GCD" which violates attribute syntax, ending line 1880 of file "/home/gcdldaprw/userRoot.ldif" [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: Skipping entry "ou=users,ou=HIL_09090718150344669,ou=ABC_09090718134617530,ou=ABC,o=GCD" which has no parent, ending at line 1310 of file "/home/gcdldaprw/userRoot.ldif" [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: skipping entry "ABCAddressID=AddressUID_200909071927142864719,ou=address,ou=BigboXX_09090719271418259,ou=HECL_09090719222376637,ou=EInO_09090719123586126,ou=ABC,o=GCD" which violates attribute syntax, ending line 1950 of file "/home/gcdldaprw/use [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: Skipping entry "ou=distlist,ou=HIL_09090718150344669,ou=ABC_09090718134617530,ou=ABC,o=GCD" which has no parent, ending at line 1321 of file "/home/gcdldaprw/userRoot.ldif" [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: skipping entry "ou=ESD_09090719283686191,ou=HECL_09090719222376637,ou=EInO_09090719123586126,ou=ABC,o=GCD" which violates attribute syntax, ending line 1969 of file "/home/gcdldaprw/userRoot.ldif" [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: Skipping entry "ou=address,ou=HIL_09090718150344669,ou=ABC_09090718134617530,ou=ABC,o=GCD" which has no parent, ending at line 1332 of file "/home/gcdldaprw/userRoot.ldif" [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: skipping entry "ABCAddressID=AddressUID_200909071928369652586,ou=address,ou=ESD_09090719283686191,ou=HECL_09090719222376637,ou=EInO_09090719123586126,ou=ABC,o=GCD" which violates attribute syntax, ending line 2038 of file "/home/gcdldaprw/userRoo [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: Skipping entry "ABCDeptID=200909071818596279637,ou=department,OU=HIL_09090718150344669,OU=ABC_09090718134617530,OU=ABC,O=GCD" which has no parent, ending at line 1391 of file "/home/gcdldaprw/userRoot.ldif" [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: skipping entry "ou=HPHKL_09090719311707148,ou=HECL_09090719222376637,ou=EInO_09090719123586126,ou=ABC,o=GCD" which violates attribute syntax, ending line 2059 of file "/home/gcdldaprw/userRoot.ldif" [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: Skipping entry "ABCDeptID=200909071819153317957,ou=department,OU=HIL_09090718150344669,OU=ABC_09090718134617530,OU=ABC,O=GCD" which has no parent, ending at line 1407 of file "/home/gcdldaprw/userRoot.ldif" [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: bad entry: ID 70 [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: bad entry: ID 70 [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: bad entry: ID 70 [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: bad entry: ID 70 [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: bad entry: ID 70 [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: bad entry: ID 70 [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: bad entry: ID 70 [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: bad entry: ID 70 [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: bad entry: ID 70 [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: bad entry: ID 70 [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: bad entry: ID 70 [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: bad entry: ID 70 [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: bad entry: ID 70 [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: bad entry: ID 70 [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: bad entry: ID 70 [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: bad entry: ID 70 [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: bad entry: ID 70 [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: bad entry: ID 70 [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: bad entry: ID 70 [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: bad entry: ID 70 [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: bad entry: ID 70 [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: skipping entry "ABCAddressID=AddressUID_200909071931172273058,ou=address,ou=KL_09090719311707148,ou=CL_09090719222376637,ou=nO_09090719123586126,ou=ABC,o=GCD" which violates attribute syntax, ending line 2129 of file "/home/gcdldaprw/userR [13/Apr/2010:11:33:38 -0400] - import userRoot: WARNING: bad entry: ID 70 [ldaprw@agcdvldbr01 slapd-agcdvldbr01]$
I'm not sure which attribute is causing problems, but I note there are several problems with entry dn: ou=ABC,o=GCD description: description uses DirectoryString syntax which is not allowed to be empty. facsimileTelephoneNumber:: MTDigLAxMOKAsDDigLA= Not sure if this is valid utf8 physicalDeliveryOfficeName: physicalDeliveryOfficeName uses DirectoryString syntax which is not allowed to be empty. postalAddress: 06/05/2009 15:53:00 This is not a valid postalAddress, but the syntax may allow it anyway. postOfficeBox: fx searchGuide: HWL This is not a valid searchGuide seeAlso: 0 This is not valid DN syntax creatorsName: modifiersName: createTimestamp: 20091222050820Z modifyTimestamp: 20091222050820Z
any docs to describe the attribute syntax checking? does it follow some standard? In version 1.2.2, It seems it don't have such syntax checking, right? The error message pointed to a blank line. that's the seperate line between two dn entry. also it takes "# entry-id: 71" as bad entry Id.
(In reply to comment #42) > any docs to describe the attribute syntax checking? does it follow some > standard? Yes, RFC 4517 - http://www.ietf.org/rfc/rfc4517.txt > In version 1.2.2, It seems it don't have such syntax checking, right? Right. Version 1.2.2 would allow lots of bad data to enter the database. > The error message pointed to a blank line. that's the seperate line between two > dn entry. The error message just means there is something wrong with the entry that ends on that line, not that there is a problem with that line. > > also it takes "# entry-id: 71" as bad entry Id. Not sure what it is complaining about the bad entry id, could be related to the fact that the entry did not pass syntax checking.
I believe all that is needed to verify this bug is ... [root@jgalipea-rhel4 ~]# ldapsearch -x -h hostname.example.com -p 389 -D "cn=Directory Manager" -w Secret -b "dc=example,dc=com" "(businessCategory=*\)Limited*)" # extended LDIF # # LDAPv3 # base <dc=example,dc=com> with scope sub # filter: (businessCategory=*\)Limited*) # requesting: ALL # # TUser, People, example.com dn: uid=TUser,ou=People,dc=example,dc=com uid: TUser businessCategory: ou=PRC (China)Limited Company givenName: Test objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson sn: User cn: Test User userPassword:: e1NTSEF9QjFuN3JIbld4amhWNWVGaHh4OE5BVmFjNllwNEpjQ3lUUlFvVUE9PQ= = # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 But want to verify because of all the other noise in this bug :-)
(In reply to comment #44) > I believe all that is needed to verify this bug is ... > > [root@jgalipea-rhel4 ~]# ldapsearch -x -h hostname.example.com -p 389 -D > "cn=Directory Manager" -w Secret -b "dc=example,dc=com" > "(businessCategory=*\)Limited*)" > # extended LDIF > # > # LDAPv3 > # base <dc=example,dc=com> with scope sub > # filter: (businessCategory=*\)Limited*) > # requesting: ALL > # > > # TUser, People, example.com > dn: uid=TUser,ou=People,dc=example,dc=com > uid: TUser > businessCategory: ou=PRC (China)Limited Company > givenName: Test > objectClass: top > objectClass: person > objectClass: organizationalPerson > objectClass: inetorgperson > sn: User > cn: Test User > userPassword:: e1NTSEF9QjFuN3JIbld4amhWNWVGaHh4OE5BVmFjNllwNEpjQ3lUUlFvVUE9PQ= > = > > # search result > search: 2 > result: 0 Success > > # numResponses: 2 > # numEntries: 1 Correct. > > But want to verify because of all the other noise in this bug :-)
verified: RHEL 4 redhat-ds-base-8.2.0-2010051204.el4dsrv Thanks Rich