directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DIRSERVER-1440) Using leading and/or trailing blanks in RDN attribute leads to erroneous behaviour.
Date Mon, 06 Jun 2011 14:50:59 GMT

    [ https://issues.apache.org/jira/browse/DIRSERVER-1440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13044882#comment-13044882
] 

Emmanuel Lecharny commented on DIRSERVER-1440:
----------------------------------------------

There is a bigger pb :

in fact, we have a serious issue in the way we process DNs and RDns.

Let me explain.

Suppose you have a DN like : "cn=John\+Doe,ou=system"

What happens is that the RDN will be parsed by the ComplexDnParser which will create a RDN
containing two values :
- the upValue ( cn=John\+Doe )
- the normValue ( cn=John+Doe )

So far, so good. Except that when we process the AVA, we 'normalize' it in order to be able
to expose an escaped form (ie, where special chars like '+' are prefixed with an '\'). That
reverts the previous value (ie John+Doe) and replace it with the escaped value (ie John\+Doe).

Now, we can't anymore do a comparison between "John+Doe" and "John\+Doe", like, for instance,
when we check that the RDN is present as an AT in the entry (if the OC is 'person', the entry
*must* have a cn: john+doe Attribute and Value), leading to an error.

The big mistake was to have only one method to cover two features. The Ava.normalize() method
do the escaping in order to produce a DN which is valid.

This is not necessarily a complex issue to fix, but it needs some work. Note that it impacts
a lot of parts in the server and the API.

Add to that the fact that the normalization should also use the SchemaManager to correctly
transform the value, accordingly to the AT, we have some painful cleanup to do in this area...


> Using leading and/or trailing blanks in RDN attribute leads to erroneous behaviour.
> -----------------------------------------------------------------------------------
>
>                 Key: DIRSERVER-1440
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1440
>             Project: Directory ApacheDS
>          Issue Type: Bug
>    Affects Versions: 1.5.5
>         Environment: WinXPx64, JDK 1_5_0_22, Tomcat 5.0.19, ADS 1.5.5, ADStudio 1.5.0.v20091102
> A partition of type:
> objectClass=dcObject
> objectClass=organization
> objectClass=top
> dc=example
> o=org
>            Reporter: G√ľnter Albrecht
>             Fix For: 2.0.0-M1
>
>
> 1. scenario RDN with escaped leading blank:
>   
>   private Attribute createObjectClassPerson() {
>     Attribute objectClass = new BasicAttribute("objectClass");
>     objectClass.add("top");
>     objectClass.add("person");
>     objectClass.add("organizationalPerson");
>     objectClass.add("inetOrgPerson");
>     return objectClass;
>   }
>   public void insert() {
>     Attributes attributes = new BasicAttributes(false);
>     attributes.put(createObjectClassPerson());
> //    attributes.put("cn", "\\ User");  // This MUST be set if used with leading or trailing
blanks! In all the other cases not!
>     attributes.put("sn", "\\ Name\\ ");
>     try {
>       getLdapContext().createSubcontext("cn=\\ User", attributes);
>     }
>     catch (NamingException e) {
>       e.printStackTrace();
>     }
>   }
>     
> The result is: 
> Two cn entries, one with a leading blank and one with an escaped leading blank and a
warning
> WARN [org.apache.directory.server.core.normalization.NormalizationInterceptor] - The
RDN 'cn=\\ User' is not present in the entry
> objectClass=inetOrgPerson
> objectClass=organizationalPerson
> objectClass=person
> objectClass=top
> cn= User
> cn=\ User
> sn=\ Name\ 
> 2. scenario RDN with escaped trailing blank:
>   private Attribute createObjectClassPerson() {
>     Attribute objectClass = new BasicAttribute("objectClass");
>     objectClass.add("top");
>     objectClass.add("person");
>     objectClass.add("organizationalPerson");
>     objectClass.add("inetOrgPerson");
>     return objectClass;
>   }
>   public void insert() {
>     Attributes attributes = new BasicAttributes(false);
>     attributes.put(createObjectClassPerson());
> //    attributes.put("cn", "User\\ ");  // This MUST be set if used with leading or trailing
blanks! In all the other cases not!
>     attributes.put("sn", "\\ Name\\ ");
>     try {
>       getLdapContext().createSubcontext("cn=User\\ ", attributes);
>     }
>     catch (NamingException e) {
>       e.printStackTrace();
>     }
>   }
> The result is a NamingException
> javax.naming.NamingException: [LDAP: error code 80 - OTHER: failed for     Add Request
:
> ClientEntry
>     dn: cn=User\ ,dc=ietpx.bwb,dc=org
>     objectClass: top
>     objectClass: person
>     objectClass: organizationalPerson
>     objectClass: inetOrgPerson
>     sn: \ Name\ 
>     cn: User 
> : Unescaped special characters are not allowed]; remaining name 'cn=User\ '
> 	at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3085)
> 	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
> 	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
> 	at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(LdapCtx.java:788)
> 	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(ComponentDirContext.java:319)
> 	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:248)
> 	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:236)
> 	at javax.naming.directory.InitialDirContext.createSubcontext(InitialDirContext.java:178)
> 	at test.BlankTest.insert(BlankTest.java:84)
> 	at test.BlankTest.main(BlankTest.java:92)
> Conclusion:
> Forgetting to set the RDN attribute explicitely remains undetected until one stores RDN
values with leading and/or trailing blanks. 

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message