directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stefan Zoerner (JIRA)" <>
Subject [jira] Created: (DIREVE-274) Adding a group with invalid member DN corrupts the server
Date Sat, 15 Oct 2005 18:44:45 GMT
Adding a group with invalid member DN corrupts the server

         Key: DIREVE-274
     Project: Directory Server
        Type: Bug
    Reporter: Stefan Zoerner
 Assigned to: Alex Karasulu 
     Fix For: 0.9.3

If you add an entry like this to the server

dn: cn=myGroup,dc=apache,dc=org
cn: myGroup
objectclass: top
objectclass: groupOfUniqueNames
uniqueMember: satisfaction=guaranteed

e.g. with this command

$ ldapadd -D uid=admin,ou=system -w ***** -h magritte -p 10389 -f addEntry.ldif

the clients gets an error:

ldap_add: Loop detected
ldap_add: additional info: failed to add entry cn=myGroup,dc=apache,dc=org:
javax.naming.NamingException: OID for name 'satisfaction' was not found within the OID registry
stack trace omitted

I am not sure whether this is correct behavior, other servers let me do that (i.e. add a DN
value with unknown attribute names). But this is another story.

Problem 1: Actually, the entry is created:

$ ldapsearch -h magritte -p 10389 -b dc=apache,dc=org -s one "(objectClass=*)"

Therefore, the error above does not tell the truth ("failed to add entry"). It is even possible
to delete this entry without any errors. And is is highly recommended to do this, because

Problem 2: (this is the major problem)
After stopping the server, you can't restart it because of this illegal entry. Here is the

Exception in thread "main" javax.naming.NamingException: OID for name 'satisfaction' was not
found within the OID registry
        at org.apache.ldap.server.schema.GlobalOidRegistry.getOid(
        at org.apache.ldap.server.schema.GlobalAttributeTypeRegistry.lookup(
        at org.apache.ldap.server.schema.ConcreteNameComponentNormalizer.lookup(
        at org.apache.ldap.server.schema.ConcreteNameComponentNormalizer.normalizeByName(
        at org.apache.ldap.server.authz.GroupCache.addMembers(
        at org.apache.ldap.server.authz.GroupCache.initialize(
        at org.apache.ldap.server.authz.GroupCache.<init>(
        at org.apache.ldap.server.authz.AuthorizationService.init(
        at org.apache.ldap.server.interceptor.InterceptorChain.register0(
        at org.apache.ldap.server.interceptor.InterceptorChain.register(
        at org.apache.ldap.server.interceptor.InterceptorChain.init(
        at org.apache.ldap.server.DefaultDirectoryService.initialize(
        at org.apache.ldap.server.DefaultDirectoryService.startup(
        at org.apache.ldap.server.jndi.AbstractContextFactory.getInitialContext(
        at javax.naming.spi.NamingManager.getInitialContext(
        at javax.naming.InitialContext.getDefaultInitCtx(
        at javax.naming.InitialContext.init(
        at javax.naming.InitialContext.<init>(
        at org.apache.ldap.server.ServerMain.main(

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
For more information on JIRA, see:

View raw message