directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stefan Zoerner (JIRA)" <directory-...@incubator.apache.org>
Subject [jira] Updated: (DIREVE-274) Adding a group with invalid member DN corrupts the server
Date Tue, 10 Jan 2006 17:17:20 GMT
     [ http://issues.apache.org/jira/browse/DIREVE-274?page=all ]

Stefan Zoerner updated DIREVE-274:
----------------------------------

    Attachment: addGroup.ldif

This is the LDIF that caused the error, which is now resolved. Anyway I attach the file for
completeness.

> Adding a group with invalid member DN corrupts the server
> ---------------------------------------------------------
>
>          Key: DIREVE-274
>          URL: http://issues.apache.org/jira/browse/DIREVE-274
>      Project: Directory Server
>         Type: Bug
>     Reporter: Stefan Zoerner
>     Assignee: Alex Karasulu
>     Priority: Blocker
>      Fix For: 0.9.3
>  Attachments: addGroup.ldif
>
> If you add an entry like this to the server
> dn: cn=myGroup,dc=apache,dc=org
> cn: myGroup
> objectclass: top
> objectclass: groupOfUniqueNames
> uniqueMember: satisfaction=guaranteed
> e.g. with this command
> $ ldapadd -D uid=admin,ou=system -w ***** -h magritte -p 10389 -f addEntry.ldif
> the clients gets an error:
> ldap_add: Loop detected
> ldap_add: additional info: failed to add entry cn=myGroup,dc=apache,dc=org:
> javax.naming.NamingException: OID for name 'satisfaction' was not found within the OID
registry
> stack trace omitted
> I am not sure whether this is correct behavior, other servers let me do that (i.e. add
a DN value with unknown attribute names). But this is another story.
> Problem 1: Actually, the entry is created:
> $ ldapsearch -h magritte -p 10389 -b dc=apache,dc=org -s one "(objectClass=*)"
> cn=myGroup,dc=apache,dc=org
> cn=myGroup
> objectclass=groupOfUniqueNames
> objectclass=top
> uniqueMember=satisfaction=guaranteed
> $
> Therefore, the error above does not tell the truth ("failed to add entry"). It is even
possible to delete this entry without any errors. And is is highly recommended to do this,
because
> Problem 2: (this is the major problem)
> After stopping the server, you can't restart it because of this illegal entry. Here is
the stacktrace.  
> Exception in thread "main" javax.naming.NamingException: OID for name 'satisfaction'
was not found within the OID registry
>         at org.apache.ldap.server.schema.GlobalOidRegistry.getOid(GlobalOidRegistry.java:188)
>         at org.apache.ldap.server.schema.GlobalAttributeTypeRegistry.lookup(GlobalAttributeTypeRegistry.java:124)
>         at org.apache.ldap.server.schema.ConcreteNameComponentNormalizer.lookup(ConcreteNameComponentNormalizer.java:85)
>         at org.apache.ldap.server.schema.ConcreteNameComponentNormalizer.normalizeByName(ConcreteNameComponentNormalizer.java:59)
>         at org.apache.ldap.common.name.antlrValueParser.value(antlrValueParser.java:128)
>         at org.apache.ldap.common.name.antlrNameParser.attributeTypeAndValue(antlrNameParser.java:189)
>         at org.apache.ldap.common.name.antlrNameParser.nameComponent(antlrNameParser.java:120)
>         at org.apache.ldap.common.name.antlrNameParser.name(antlrNameParser.java:69)
>         at org.apache.ldap.common.name.DnParser.parse(DnParser.java:178)
>         at org.apache.ldap.common.name.DnParser.parse(DnParser.java:219)
>         at org.apache.ldap.server.authz.GroupCache.addMembers(GroupCache.java:177)
>         at org.apache.ldap.server.authz.GroupCache.initialize(GroupCache.java:111)
>         at org.apache.ldap.server.authz.GroupCache.<init>(GroupCache.java:79)
>         at org.apache.ldap.server.authz.AuthorizationService.init(AuthorizationService.java:95)
>         at org.apache.ldap.server.interceptor.InterceptorChain.register0(InterceptorChain.java:400)
>         at org.apache.ldap.server.interceptor.InterceptorChain.register(InterceptorChain.java:359)
>         at org.apache.ldap.server.interceptor.InterceptorChain.init(InterceptorChain.java:231)
>         at org.apache.ldap.server.DefaultDirectoryService.initialize(DefaultDirectoryService.java:672)
>         at org.apache.ldap.server.DefaultDirectoryService.startup(DefaultDirectoryService.java:204)
>         at org.apache.ldap.server.jndi.AbstractContextFactory.getInitialContext(AbstractContextFactory.java:102)
>         at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
>         at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
>         at javax.naming.InitialContext.init(InitialContext.java:223)
>         at javax.naming.InitialContext.<init>(InitialContext.java:197)
>         at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
>         at org.apache.ldap.server.ServerMain.main(ServerMain.java:76)

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message