directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny" <elecha...@gmail.com>
Subject Re: [ApacheDS 1.5.1] unable to search for uniqueMember
Date Mon, 08 Oct 2007 12:36:45 GMT
Hi Markus,

the UniqueMember attributeType is a distinguishedName, which is not a
string. Doing a substring search on a non-string object is not
possible (in fact, it should be treated as undefined - see RFC 4511,
par. 4.5.1.7)

You cannot get any result with such a filter :
(uniqueMember=uid=g.kelly*)

Nor can you with :
(ObjectClass=orga*)

Currently, you will simply get a NPE, which will translate to an
Unexpected Exception on the client side.

I'm currently investigating what we should return, and I think the
client should receive an empty result instead of an exception.

I hope it's clear enough

Emmanuel

On 10/8/07, Markus Pohle <apacheds.users@webunity.de> wrote:
> Hi Emmanuel,
>
> I am a little bit confused! Why is search request not allowed? You said
> that "... there is no SUBSTRING MatchingRule defined for this attribute
> type... " but:
>
> on an installed apacheds-1.5.0 using my own DouglasHoldingPartition same
> to the one that can be downloaded from the URL shown below it is
> possible for me to do such a search
>
> ... and ...
>
> on an installed apacheds-1.5.1-snapshot that Alex Karasulu built for me
> in mid of July when I had probs with the apacheds-tools I am able to do
> a uniqueMember search on my partition.
>
> Maybe a simple explanation for me? That I am able to understand?
>
> TIA
> Markus
>
>
> Emmanuel Lecharny schrieb:
> > Hi Markus,
> >
> > sorry, it should have been obvious to me, but I was deep into the code
> > when you posted this mail.
> >
> > Such search requests (ie, using substring matching with uniqueMember)
> > is simply not allowed : there is no SUBSTRING MatchingRule defined for
> > this attribute type, so any attempt to search it using a substring
> > search will (and must) mail.
> >
> > However, you didn't get a failure, just an empty result.
> >
> > My question would be :
> > - should we generate an error like :
> > Error while performing search
> >   [LDAP: error code 36 - failed on search operation: Normalizer for
> > OID 2.5.4.50 does not exist!]
> >  ?
> >
> > Or should we just return an empty result ?
> >
> > On 10/5/07, Markus Pohle <apacheds.users@webunity.de> wrote:
> >> Hi List Members,
> >>
> >> I installed ApacheDS in Version 1.5.1 on Linux (Centos 4.3) with Sun
> >> JDK 1.5.0_10 with the rpm pachage available as download from
> >> directory.apache.org.
> >>
> >> After installation I configured my own partion in server.xml and
> >> created a basic ldap structur with some content. (server.xml and ldif
> >> file can be found here:
> >> http://www.webunity.de/apacheds1.5.1/uniqueMemberIssue)
> >>
> >> When I connect to the server with Apache Directory Studio and do a
> >> search by hitting control-h and setting search base as
> >> "dc=douglasholding", filter as "(uid=*kelly*)" and scope as "Subtree"
> >> I get as result 2 entrys, one real user and the corresponding alias
> >> object.
> >>
> >> When I now try to do a search with the above conditions except that I
> >> set the search filter to "(uniqueMember=*kelly*)" the Directory Studio
> >> gives as result:
> >> Error while performing search
> >>    [LDAP: error code 33 - failed on search operation: Unexpected exception.]
> >>    [LDAP: error code 33 - failed on search operation: Unexpected exception.]
> >>
> >>
> >> Now I tried that from a bash with ldapsearch. Searching for uid
> >> delivers the following:
> >> [root@backupserv ~]#  ldapsearch -h apacheds2.douglas-informatik.de -p
> >> 10389 -x -D "uid=admin,ou=system" -w secret -b "dc=DOUGLASHOLDING" -s
> >> sub "(uid=*kelly*)"
> >> Result: 2
> >>
> >> But searching for uniqueMember delivers:
> >> [root@backupserv ~]#  ldapsearch -h apacheds2.douglas-informatik.de -p
> >> 10389 -x -D "uid=admin,ou=system" -w secret -b "dc=DOUGLASHOLDING" -s
> >> sub "(uniqueMember=*kelly*)"
> >> # extended LDIF
> >> #
> >> # LDAPv3
> >> # base <dc=DOUGLASHOLDING> with scope sub
> >> # filter: (uniqueMember=*kelly*)
> >> # requesting: ALL
> >> #
> >>
> >> # search result
> >> search: 2
> >> result: 33 Alias problem
> >> text: failed on search operation: Unexpected exception.
> >>
> >> # numResponses: 1
> >>
> >>
> >> Does anybody know what that happens? Any tip is appreciated!
> >>
> >> TIA
> >> Markus Pohle
> >>
> >>
> >
> >
>


-- 
Regards,
Cordialement,
Emmanuel L├ęcharny
www.iktek.com

Mime
View raw message