directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Georg Kallidis" <gkalli...@cedis.fu-berlin.de>
Subject ldap query with logical not
Date Wed, 18 Apr 2007 16:06:06 GMT

Hello,

I try to use apache ds for testing. It works fine, except for one error,
I am not able to explain.

I have a search query with a filter like
(&(objectClass=*)(!(cn=groupName))), retrieving all children excluding
those objects with the given attribute cn=groupName. This query fails in
apacheDS.

I have no user index for this attribute cn (2.5.4.3) using the plain
downloaded instance (partition example).

When i remove the "!"-Operator the search is successful!

I installed an index (n.b.: how could I check, that it´s  working,
besides the better performance?)

by

1) adding an element in server.xml (explained in documentation)

        <bean
class="org.apache.directory.server.core.partition.impl.btree.MutableIndexConfiguration">
          <property name="attributeId" value="cn" />
          <property name="cacheSize" value="100" />
        </bean>

2) start java -jar apacheds-tools.jar index -i
C:\Programs\apacheds-1.0.1 -p example -a cn
3) restart LDAP server

This does not change anything as far as I could see. If I omit the inner
parentheses, which one reference recommends, I get an

org.springframework.ldap.BadLdapGrammarException: Invalid search filter;
nested exception is javax.naming.directory.InvalidSearchFilterException:
Unbalanced parenthesis
javax.naming.directory.InvalidSearchFilterException: Unbalanced
parenthesis; remaining name 'ou=cedis, cn=groups, cn=portalmanager,
dc=example, dc=com'
      at com.sun.jndi.ldap.Filter.findRightParen(Filter.java:479)
      at com.sun.jndi.ldap.Filter.encodeFilterList(Filter.java:514)
      at com.sun.jndi.ldap.Filter.encodeComplexFilter(Filter.java:442)
      at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:99)
      at com.sun.jndi.ldap.Filter.encodeFilterList(Filter.java:522)


Is this just an index problem? Sorry, I really could not see the problem
being not a ldap expert.

Thanks very much in advance,

best regards,
Georg K.

P.S.:
Env:
      jre1.5.0_11\bin\client\jvm.dll,
      Apache Directory Server Service 1.0.1.


Exception is either error code 36, 33 or 54 (depending on debug mode?):

javax.naming.NamingException: [LDAP: error code 36 - failed on search
operation: Failed to resolve primary name for 2.5.4.3 in user index
lookup:
    SearchRequest
        baseDn : 'ou=cedis,cn=groups,cn=portalmanager,dc=example,dc=com'
        filter : '(& (2.5.4.0=*)[11] (! (2.5.4.3
=cediskeyuser)[2147483647] ) ) '
        scope : single level
        typesOnly : false
no limit
        Time Limit : no limit
        Deref Aliases : deref Always
        attributes :
:
org.apache.directory.server.core.partition.impl.btree.IndexNotFoundException
: Failed to resolve primary name for 2.5.4.3 in user index lookup [Root
exception is javax.naming.NamingException: OID '2.5.4.3' was not found
within the OID registry]
      at
org.apache.directory.server.core.partition.impl.btree.jdbm.JdbmPartition.getUserIndex(
JdbmPartition.java:522)
      at
org.apache.directory.server.core.partition.impl.btree.DefaultOptimizer.getNegationScan(
DefaultOptimizer.java:219)
      at
org.apache.directory.server.core.partition.impl.btree.DefaultOptimizer.annotate(
DefaultOptimizer.java:148)
      at
org.apache.directory.server.core.partition.impl.btree.DefaultOptimizer.getConjunctionScan(
DefaultOptimizer.java:187)
      at
org.apache.directory.server.core.partition.impl.btree.DefaultOptimizer.annotate(
DefaultOptimizer.java:145)
      at
org.apache.directory.server.core.partition.impl.btree.DefaultOptimizer.getConjunctionScan(
DefaultOptimizer.java:187)
      at
org.apache.directory.server.core.partition.impl.btree.DefaultOptimizer.annotate(
DefaultOptimizer.java:145)
      at
org.apache.directory.server.core.partition.impl.btree.DefaultSearchEngine.search(
DefaultSearchEngine.java:135)
      at
org.apache.directory.server.core.partition.impl.btree.BTreePartition.search(
BTreePartition.java:367)
      at
org.apache.directory.server.core.partition.DefaultPartitionNexus.search(
DefaultPartitionNexus.java:863)
      at
org.apache.directory.server.core.interceptor.InterceptorChain$1.search(
InterceptorChain.java:139)
      at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
      at
org.apache.directory.server.core.interceptor.BaseInterceptor.search(
BaseInterceptor.java:202)
      at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
      at
org.apache.directory.server.core.collective.CollectiveAttributeService.search(
CollectiveAttributeService.java:318)
      at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
      at
org.apache.directory.server.core.operational.OperationalAttributeService.search(
OperationalAttributeService.java:293)
      at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
      at
org.apache.directory.server.core.subtree.SubentryService.search(
SubentryService.java:232)
      at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
      at org.apache.directory.server.core.schema.SchemaService.search(
SchemaService.java:447)
      at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
      at
org.apache.directory.server.core.exception.ExceptionService.search(
ExceptionService.java:394)
      at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
      at
org.apache.directory.server.core.authz.DefaultAuthorizationService.search(
DefaultAuthorizationService.java:495)
      at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
      at
org.apache.directory.server.core.authz.AuthorizationService.search(
AuthorizationService.java:978)
      at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
      at
org.apache.directory.server.core.referral.ReferralService.search(
ReferralService.java:985)
      at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
      at
org.apache.directory.server.core.authn.AuthenticationService.search(
AuthenticationService.java:417)
      at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
      at
org.apache.directory.server.core.normalization.NormalizationService.search(
NormalizationService.java:326)
      at
org.apache.directory.server.core.interceptor.InterceptorChain.search(
InterceptorChain.java:828)
      at
org.apache.directory.server.core.partition.PartitionNexusProxy.search(
PartitionNexusProxy.java:478)
      at
org.apache.directory.server.core.partition.PartitionNexusProxy.search(
PartitionNexusProxy.java:423)
      at org.apache.directory.server.core.jndi.ServerDirContext.search(
ServerDirContext.java:609)
      at
org.apache.directory.server.ldap.support.SearchHandler.messageReceived(
SearchHandler.java:313)
      at
org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(
DemuxingIoHandler.java:144)
      at
org.apache.directory.server.ldap.LdapProtocolProvider$LdapProtocolHandler.messageReceived(
LdapProtocolProvider.java:403)
      at
org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(
AbstractIoFilterChain.java:703)
      at
org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(
AbstractIoFilterChain.java:362)
      at
org.apache.mina.common.support.AbstractIoFilterChain.access$1200(
AbstractIoFilterChain.java:54)
      at
org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(
AbstractIoFilterChain.java:800)
      at
org.apache.mina.filter.codec.support.SimpleProtocolDecoderOutput.flush(
SimpleProtocolDecoderOutput.java:60)
      at
org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(
ProtocolCodecFilter.java:190)
      at
org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(
AbstractIoFilterChain.java:362)
      at
org.apache.mina.common.support.AbstractIoFilterChain.access$1200(
AbstractIoFilterChain.java:54)
      at
org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(
AbstractIoFilterChain.java:800)
      at org.apache.mina.filter.executor.ExecutorFilter.processEvent(
ExecutorFilter.java:243)
      at
org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(
ExecutorFilter.java:305)
      at
edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask(
ThreadPoolExecutor.java:665)
      at
edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(
ThreadPoolExecutor.java:690)
      at java.lang.Thread.run(Unknown Source)
Caused by: javax.naming.NamingException: OID '2.5.4.3' was not found
within the OID registry
      at
org.apache.directory.server.core.schema.GlobalOidRegistry.getPrimaryName(
GlobalOidRegistry.java:246)
      at
org.apache.directory.server.core.partition.impl.btree.jdbm.JdbmPartition.getUserIndex(
JdbmPartition.java:516)
      ... 53 more
]; remaining name 'ou=cedis, cn=groups, cn=portalmanager, dc=example,
dc=com'javax.naming.NamingException: [LDAP: error code 36 - failed on
search operation: Failed to resolve primary name for 2.5.4.3 in user
index lookup:
    SearchRequest
        baseDn : 'ou=cedis,cn=groups,cn=portalmanager,dc=example,dc=com'
        filter : '(& (2.5.4.0=*)[11] (! (2.5.4.3
=cediskeyuser)[2147483647] ) ) '
        scope : single level
        typesOnly : false
no limit
        Time Limit : no limit
        Deref Aliases : deref Always
        attributes :
:
org.apache.directory.server.core.partition.impl.btree.IndexNotFoundException
: Failed to resolve primary name for 2.5.4.3 in user index lookup [Root
exception is javax.naming.NamingException: OID '2.5.4.3' was not found
within the OID registry]
      at
org.apache.directory.server.core.partition.impl.btree.jdbm.JdbmPartition.getUserIndex(
JdbmPartition.java:522)
      at
org.apache.directory.server.core.partition.impl.btree.DefaultOptimizer.getNegationScan(
DefaultOptimizer.java:219)
      at
org.apache.directory.server.core.partition.impl.btree.DefaultOptimizer.annotate(
DefaultOptimizer.java:148)
      at
org.apache.directory.server.core.partition.impl.btree.DefaultOptimizer.getConjunctionScan(
DefaultOptimizer.java:187)
      at
org.apache.directory.server.core.partition.impl.btree.DefaultOptimizer.annotate(
DefaultOptimizer.java:145)
      at
org.apache.directory.server.core.partition.impl.btree.DefaultOptimizer.getConjunctionScan(
DefaultOptimizer.java:187)
      at
org.apache.directory.server.core.partition.impl.btree.DefaultOptimizer.annotate(
DefaultOptimizer.java:145)
      at
org.apache.directory.server.core.partition.impl.btree.DefaultSearchEngine.search(
DefaultSearchEngine.java:135)
      at
org.apache.directory.server.core.partition.impl.btree.BTreePartition.search(
BTreePartition.java:367)
      at
org.apache.directory.server.core.partition.DefaultPartitionNexus.search(
DefaultPartitionNexus.java:863)
      at
org.apache.directory.server.core.interceptor.InterceptorChain$1.search(
InterceptorChain.java:139)
      at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
      at
org.apache.directory.server.core.interceptor.BaseInterceptor.search(
BaseInterceptor.java:202)
      at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
      at
org.apache.directory.server.core.collective.CollectiveAttributeService.search(
CollectiveAttributeService.java:318)
      at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
      at
org.apache.directory.server.core.operational.OperationalAttributeService.search(
OperationalAttributeService.java:293)
      at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
      at
org.apache.directory.server.core.subtree.SubentryService.search(
SubentryService.java:232)
      at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
      at org.apache.directory.server.core.schema.SchemaService.search(
SchemaService.java:447)
      at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
      at
org.apache.directory.server.core.exception.ExceptionService.search(
ExceptionService.java:394)
      at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
      at
org.apache.directory.server.core.authz.DefaultAuthorizationService.search(
DefaultAuthorizationService.java:495)
      at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
      at
org.apache.directory.server.core.authz.AuthorizationService.search(
AuthorizationService.java:978)
      at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
      at
org.apache.directory.server.core.referral.ReferralService.search(
ReferralService.java:985)
      at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
      at
org.apache.directory.server.core.authn.AuthenticationService.search(
AuthenticationService.java:417)
      at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
      at
org.apache.directory.server.core.normalization.NormalizationService.search(
NormalizationService.java:326)
      at
org.apache.directory.server.core.interceptor.InterceptorChain.search(
InterceptorChain.java:828)
      at
org.apache.directory.server.core.partition.PartitionNexusProxy.search(
PartitionNexusProxy.java:478)
      at
org.apache.directory.server.core.partition.PartitionNexusProxy.search(
PartitionNexusProxy.java:423)
      at org.apache.directory.server.core.jndi.ServerDirContext.search(
ServerDirContext.java:609)
      at
org.apache.directory.server.ldap.support.SearchHandler.messageReceived(
SearchHandler.java:313)
      at
org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(
DemuxingIoHandler.java:144)
      at
org.apache.directory.server.ldap.LdapProtocolProvider$LdapProtocolHandler.messageReceived(
LdapProtocolProvider.java:403)
      at
org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(
AbstractIoFilterChain.java:703)
      at
org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(
AbstractIoFilterChain.java:362)
      at
org.apache.mina.common.support.AbstractIoFilterChain.access$1200(
AbstractIoFilterChain.java:54)
      at
org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(
AbstractIoFilterChain.java:800)
      at
org.apache.mina.filter.codec.support.SimpleProtocolDecoderOutput.flush(
SimpleProtocolDecoderOutput.java:60)
      at
org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(
ProtocolCodecFilter.java:190)
      at
org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(
AbstractIoFilterChain.java:362)
      at
org.apache.mina.common.support.AbstractIoFilterChain.access$1200(
AbstractIoFilterChain.java:54)
      at
org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(
AbstractIoFilterChain.java:800)
      at org.apache.mina.filter.executor.ExecutorFilter.processEvent(
ExecutorFilter.java:243)
      at
org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(
ExecutorFilter.java:305)
      at
edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask(
ThreadPoolExecutor.java:665)
      at
edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(
ThreadPoolExecutor.java:690)
      at java.lang.Thread.run(Unknown Source)
Caused by: javax.naming.NamingException: OID '2.5.4.3' was not found
within the OID registry
      at
org.apache.directory.server.core.schema.GlobalOidRegistry.getPrimaryName(
GlobalOidRegistry.java:246)
      at
org.apache.directory.server.core.partition.impl.btree.jdbm.JdbmPartition.getUserIndex(
JdbmPartition.java:516)
      ... 53 more

or

javax.naming.NamingException: [LDAP: error code 33 - failed on search
operation: Failed to resolve primary name for 2.5.4.3 in user index
lookup]; remaining name 'ou=cedis, cn=groups, cn=portalmanager,
dc=example, dc=com'
javax.naming.NamingException: [LDAP: error code 33 - failed on search
operation: Failed to resolve primary name for 2.5.4.3 in user index
lookup]; remaining name 'ou=cedis, cn=groups, cn=portalmanager,
dc=example, dc=com'
      at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2965)
      at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)
      at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2737)
      at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1808)
      at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1731)

or

javax.naming.NamingException: [LDAP: error code 54 - failed on search
operation: Failed to resolve primary name for 2.5.4.3 in user index
lookup]; remaining name 'ou=cedis,cn=groups,
cn=portalmanager,dc=example, dc=com'
      at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3002)
      at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)
      at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2737)
      at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1808)
      at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1731)...



Test class:


import junit.framework.TestCase;
import java.util.Hashtable;

import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;

public class PlainSearchTest extends TestCase {

    Hashtable env = new Hashtable();

      protected void setUp() throws Exception {
            // TODO Auto-generated method stub
            super.setUp();
             // JNDI connection data, move them to jndi.properties
        env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
        env.put(Context.PROVIDER_URL, "ldap://localhost:10389/");
        env.put(Context.SECURITY_AUTHENTICATION, "simple");
        env.put(Context.SECURITY_PRINCIPAL, "uid=admin,ou=system");
        env.put(Context.SECURITY_CREDENTIALS, "secret");
      }

      public void testSearch() {
            try {
                  DirContext ctx = new InitialDirContext(env);

                  String base = "ou=cedis, cn=groups, cn=portalmanager,
dc=example, dc=com";
                  String filter =
"(&(objectClass=*)(!(cn=cedisKeyuser)))";

                  SearchControls ctls = new SearchControls();
                  ctls.setSearchScope(SearchControls.ONELEVEL_SCOPE);
//                ctls.setReturningAttributes(new String[] { "uid",
"mail" });

                  NamingEnumeration resultEnum = ctx.search(base,
filter, ctls);
                  while (resultEnum.hasMore()) {
                      SearchResult result = (SearchResult)
resultEnum.next();

                      // print DN of entry
                      System.out.println(result.getNameInNamespace());

                      // print attributes returned by search
                      Attributes attrs = result.getAttributes();
                      NamingEnumeration e = attrs.getAll();
                      while (e.hasMore()) {
                          Attribute attr = (Attribute) e.next();
                          System.out.println(attr);
                      }
                      System.out.println();
                  }

                  ctx.close();
              } catch (NamingException e) {
                  System.out.println(e.getMessage());
              }

      }

}


Dump of LDAP tree:
#---------------------
# Entry: 1
#---------------------

dn: dc=example,dc=com
dc: example
objectclass: top
objectclass: domain
objectclass: extensibleObject


#---------------------
# Entry: 2
#---------------------

dn: cn=users, dc=example, dc=com
description: Default desciption
objectclass: top
objectclass: organizationalrole
cn: users


#---------------------
# Entry: 3
#---------------------

dn: cn=portalmanager, dc=example, dc=com
description: Default desciption
objectclass: top
objectclass: organizationalrole
cn: portalmanager


#---------------------
# Entry: 4
#---------------------

dn: cn=groups, cn=portalmanager, dc=example, dc=com
description: Default desciption
objectclass: top
objectclass: organizationalrole
cn: groups


#---------------------
# Entry: 5
#---------------------

dn: cn=keyuser, dc=example, dc=com
description: Default desciption
objectclass: top
objectclass: organizationalrole
cn: keyuser


#---------------------
# Entry: 6
#---------------------

dn: cn=users, cn=keyuser, dc=example, dc=com
description: Default desciption
objectclass: top
objectclass: organizationalrole
cn: users


#---------------------
# Entry: 7
#---------------------

dn: ou=cedis, cn=groups, cn=portalmanager, dc=example, dc=com
description: Default desciption
ou: cedis
objectclass: top
objectclass: organizationalrole
cn: cedis


#---------------------
# Entry: 8
#---------------------

dn: ou=cedis, cn=users, cn=keyuser, dc=example, dc=com
ou: cedis
objectclass: top
objectclass: groupofuniquenames
cn: cedis
description: Default desciption
uniquemember: cn=dummy@cedis.fu-berlin.de, cn=users, dc=example, dc=com


#---------------------
# Entry: 11
#---------------------

dn: cn=cedisKeyuser, ou=cedis, cn=groups, cn=portalmanager, dc=example,
dc=com
cn: cedisKeyuser
objectclass: top
objectclass: groupofuniquenames
description: Default desciption
uniquemember: cn=dummy@cedis.fu-berlin.de, cn=users, dc=example, dc=com
uniquemember: cn=gkallidis@cedis.fu-berlin.de, cn=users, dc=example,
dc=com


#---------------------
# Entry: 12
#---------------------

dn: cn=cedisMitarbeiter, ou=cedis, cn=groups, cn=portalmanager,
dc=example, dc=com
cn: cedisMitarbeiter
objectclass: top
objectclass: groupofuniquenames
description: Default desciption
uniquemember: cn=dummy@cedis.fu-berlin.de, cn=users, dc=example, dc=com
uniquemember: cn=testPerson@web.de, cn=users, dc=example, dc=com



------------------------------------------------------
Georg Kallidis
FUeL  Softwareentwicklung
Center für Digitale Systeme (CeDiS)
Freie Universität Berlin
Ihnestr. 24
14195 Berlin
Tel.: (+49 - (0) 30) - 838 - 53406
Fax: (+49 - (0) 30) - 838 - 52846
gkallidis@cedis.fu-berlin.de
Mime
View raw message