Mailing-List: contact dev-help@directory.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Apache Directory Developers List" <dev@directory.apache.org>
Message-ID: <90331712.1136913680924.JavaMail.jira@ajax.apache.org>
Date: Tue, 10 Jan 2006 18:21:20 +0100 (CET)
From: "Stefan Zoerner (JIRA)" <directory-dev@incubator.apache.org>
To: dev@directory.apache.org
Subject: [jira] Closed: (DIREVE-274) Adding a group with invalid member DN
 corrupts the server
In-Reply-To: <782950705.1129401885103.JavaMail.jira@ajax.apache.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit

     [ http://issues.apache.org/jira/browse/DIREVE-274?page=all ]
     
Stefan Zoerner closed DIREVE-274:
---------------------------------


The two misbehaviors do not occur anymore in a current 0.9.4 snapshot build. It is allowed to create an entry as described in the issue text, and the server does not have the startup problems anymore afterwards. Therefore I close the issue.

> Adding a group with invalid member DN corrupts the server
> ---------------------------------------------------------
>
>          Key: DIREVE-274
>          URL: http://issues.apache.org/jira/browse/DIREVE-274
>      Project: Directory Server
>         Type: Bug
>     Reporter: Stefan Zoerner
>     Assignee: Alex Karasulu
>     Priority: Blocker
>      Fix For: 0.9.3
>  Attachments: addGroup.ldif
>
> If you add an entry like this to the server
> dn: cn=myGroup,dc=apache,dc=org
> cn: myGroup
> objectclass: top
> objectclass: groupOfUniqueNames
> uniqueMember: satisfaction=guaranteed
> e.g. with this command
> $ ldapadd -D uid=admin,ou=system -w ***** -h magritte -p 10389 -f addEntry.ldif
> the clients gets an error:
> ldap_add: Loop detected
> ldap_add: additional info: failed to add entry cn=myGroup,dc=apache,dc=org:
> javax.naming.NamingException: OID for name 'satisfaction' was not found within the OID registry
> stack trace omitted
> I am not sure whether this is correct behavior, other servers let me do that (i.e. add a DN value with unknown attribute names). But this is another story.
> Problem 1: Actually, the entry is created:
> $ ldapsearch -h magritte -p 10389 -b dc=apache,dc=org -s one "(objectClass=*)"
> cn=myGroup,dc=apache,dc=org
> cn=myGroup
> objectclass=groupOfUniqueNames
> objectclass=top
> uniqueMember=satisfaction=guaranteed
> $
> Therefore, the error above does not tell the truth ("failed to add entry"). It is even possible to delete this entry without any errors. And is is highly recommended to do this, because
> Problem 2: (this is the major problem)
> After stopping the server, you can't restart it because of this illegal entry. Here is the stacktrace.  
> Exception in thread "main" javax.naming.NamingException: OID for name 'satisfaction' was not found within the OID registry
>         at org.apache.ldap.server.schema.GlobalOidRegistry.getOid(GlobalOidRegistry.java:188)
>         at org.apache.ldap.server.schema.GlobalAttributeTypeRegistry.lookup(GlobalAttributeTypeRegistry.java:124)
>         at org.apache.ldap.server.schema.ConcreteNameComponentNormalizer.lookup(ConcreteNameComponentNormalizer.java:85)
>         at org.apache.ldap.server.schema.ConcreteNameComponentNormalizer.normalizeByName(ConcreteNameComponentNormalizer.java:59)
>         at org.apache.ldap.common.name.antlrValueParser.value(antlrValueParser.java:128)
>         at org.apache.ldap.common.name.antlrNameParser.attributeTypeAndValue(antlrNameParser.java:189)
>         at org.apache.ldap.common.name.antlrNameParser.nameComponent(antlrNameParser.java:120)
>         at org.apache.ldap.common.name.antlrNameParser.name(antlrNameParser.java:69)
>         at org.apache.ldap.common.name.DnParser.parse(DnParser.java:178)
>         at org.apache.ldap.common.name.DnParser.parse(DnParser.java:219)
>         at org.apache.ldap.server.authz.GroupCache.addMembers(GroupCache.java:177)
>         at org.apache.ldap.server.authz.GroupCache.initialize(GroupCache.java:111)
>         at org.apache.ldap.server.authz.GroupCache.<init>(GroupCache.java:79)
>         at org.apache.ldap.server.authz.AuthorizationService.init(AuthorizationService.java:95)
>         at org.apache.ldap.server.interceptor.InterceptorChain.register0(InterceptorChain.java:400)
>         at org.apache.ldap.server.interceptor.InterceptorChain.register(InterceptorChain.java:359)
>         at org.apache.ldap.server.interceptor.InterceptorChain.init(InterceptorChain.java:231)
>         at org.apache.ldap.server.DefaultDirectoryService.initialize(DefaultDirectoryService.java:672)
>         at org.apache.ldap.server.DefaultDirectoryService.startup(DefaultDirectoryService.java:204)
>         at org.apache.ldap.server.jndi.AbstractContextFactory.getInitialContext(AbstractContextFactory.java:102)
>         at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
>         at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
>         at javax.naming.InitialContext.init(InitialContext.java:223)
>         at javax.naming.InitialContext.<init>(InitialContext.java:197)
>         at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
>         at org.apache.ldap.server.ServerMain.main(ServerMain.java:76)

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira