Issue 7985 - Recursive values
Summary: Recursive values
Status: VERIFIED SUSPENDED
Alias: None
Product: OpenLDAP
Classification: Unclassified
Component: slapd (show other issues)
Version: 2.4.40
Hardware: All All
: --- normal
Target Milestone: ---
Assignee: OpenLDAP project
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-11-18 11:47 UTC by belykh.o@gmail.com
Modified: 2020-03-20 21:26 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this issue.
Description belykh.o@gmail.com 2014-11-18 11:47:10 UTC
Full_Name: Oleg Belykh
Version: 2.4.40
OS: FreeBSD
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (37.99.40.12)


We are testing latest OpenLDAP 2.4.40 with mdb (FreeBSD 10) with our custom
schema and structure. 
Error details: request returns recursive values on some leaves. Some sensitive
values replaced with '���' Please check:
custom schema:
# Telephone Attributes
attributetype ( 1.3.6.1.4.1.4203.666.6273.2.1 NAME 'telephoneNumberAccessCode'
        DESC 'Access code for telephoneNumber services'
        EQUALITY caseIgnoreIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributetype ( 1.3.6.1.4.1.4203.666.6273.2.2 NAME 'faxDeliveryMailbox'
        EQUALITY caseIgnoreIA5Match
        SUBSTR caseIgnoreIA5SubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

attributetype ( 1.3.6.1.4.1.4203.666.6273.2.3 NAME 'voiceDeliveryMailbox'
        DESC 'Voice Mailbox'
        EQUALITY caseIgnoreIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributetype ( 1.3.6.1.4.1.4203.666.6273.2.4 NAME 'phoneGroupName'
        DESC 'Telephone Group Name'D0D
        EQUALITY caseIgnoreIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

objectclass ( 1.3.6.1.4.1.4203.666.6273.2.100 NAME 'telephoneNumberAccount'
        DESC 'Telephone account'
        SUP top STRUCTURAL
        MUST ( telephoneNumber )
        MAY ( userPassword $ telephoneNumberAccessCode $ macAddress $
faxDeliveryMailbox ) )

ldapsearch results:
root@sw:/lib/ldap # ldapsearch -H 'ldapi://%2fvar%2frun%2fopenldap%2fldapi/' -W
-b 'dc=���' -D 'cn=ldroot,dc=���'

Enter LDAP Password: 

# extended LDIF
#
# LDAPv3
# base <dc=���> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# ���
dn: dc=���
objectClass: dcObject
objectClass: organization
objectClass: top
dc: ...
o: ...

# accounts, ���
dn: ou=accounts,dc=���
objectClass: top
objectClass: organizationalUnit
ou: accounts

# persons, accounts, ���
dn: ou=persons,ou=accounts,dc=���
objectClass: organizationalUnit
ou: persons

# kerberos, accounts, ���
dn: ou=kerberos,ou=accounts,dc=���
objectClass: organizaonalalUnit
ou: kerberos

# mails, accounts, ���
dn: ou=mails,ou=accounts,dc=���
objectClass: organizationalUnit
ou: mails

# phones, accounts, ���
dn: ou=phones,ou=accounts,dc=���
objectClass: organizationalUnit
ou: phones

# groups, ���
dn: ou=groups,dc=���
objectClass: top
objectClass: organizationalUnit
ou: groups

# userGroups, groups, ���
dn: ou=userGroups,ou=groups,dc=���
objectClass: organizationalUnit
ou: usergroups

# phoneGroups, groups, ���
dn: ou=phoneGroups,ou=groups,dc>2E2��
objectClass: organizationalUnit
ou: phonegroups

# computers, ���
dn: ou=computers,dc=���
objectClass: top
objectClass: organizationalUnit
ou: computers

# services, ���
dn: ou=services,dc=���
objectClass: top
objectClass: organizationalUnit
ou: services

# manager, accounts, ���
dn: uid=manager,ou=accounts,dc=���
objectClass: account
objectClass: simpleSecurityObject
uid: manager
userPassword:: ...

# freeswitch, accounts, ���
dn: uid=freeswitch,ou=accounts,dc=���
objectClass: account
objectClass: simpleSecurityObject
uid: freeswitch
userPassword:: ...

# admins, userGroups, groups, ���
dn: cn=admins,ou=userGroups,ou=groups,dc=���
objectClass: posixGroup
cn: admins
gidNumber: 10000
description: Group account
memberUid: ...

# users, userGroups, groups, ���
dn: cn=users,ou=userGroups,ou=groups,dc=���
objectClass: posixGroup
cn: users
gidNumber: 10001
description: Group account

# ..., persons, accounts, ���
dn: uid=...,ou=persons,ou=accounts,dc=2%2��
objectClass: posixAccount
objectClass: top
objectClass: inetOrgPerson
gidNumber: 10000
givenName: ...
initials: v
sn: ..
displayName: ...
uid: ...
homeDirectory: /dev/null
loginShell: /bin/sh
cn: ...
uidNumber: 20107
userPassword:: ...
telephoneNumber: 2020


( !!!! )

# 1000, phones, accounts, ���
dn: telephoneNumber=1000,ou=phones,ou=accounts,dc=���
telephoneNumber: 1000
telephoneNumberAccessCode: 8864
objectClass: telephoneNumberAccount
userPassword:: ���.

# 2020, phones, accounts, ���
dn: telephoneNumber=2020,ou=phones,ou=accounts,dc=���
telephoneNumber: 2020
telephoneNumberAccessCode: 8864
objectClass: telephoneNumberAccount
userPassword:: ���.

# 1000, 2020, phones, accounts, ���
dn: telephoneNumber=1000,telephonumumber=2020,ou=phones,ou=accounts,dc=...
telephoneNumber: 1000
telephoneNumberAccessCode: 8864
objectClass: telephoneNumberAccount
userPassword:: ���.

# 1000, 1000, 2020, phones, accounts, ���
dn: telephoneNumber=1000,telephoneNumber=0000,telephoneNumber=2020,ou=phones,o
 u=accounts,dc=���
telephoneNumber: 1000
telephoneNumberAccessCode: 8864
objectClass: telephoneNumberAccount
userPassword:: ���.

# 1000, 1000, 1000, 2020, phones, accounts, ���
dn: telephoneNumber=1000,telephoneNumber=1000,telephoneNumber=1000,telephoneNu
 mber=2020,ou=phones,ou=accounts,dc=���
telephoneNumber: 1000
telephoneNumberAccessCode: 8864
objectClass: telephoneNumberAccount
userPassword:: ���.

# 1000, 1000, 1000, 1000, 2020, phones, accounts, �080�
dn: telephoneNumber=1000,telephoneNumber=1000,telephoneNumber=1000,telephoneNu
 mber=1000,telephoneNumber=2020,ou=phones,ou=accounts,dc=���
telephoneNumber: 1000
telephoneNumberAccessCode: 8864
objectClass: telephoneNumberAccount
userPassword:: ���.

# 1000, 1000, 1000% 1 1000, 1000, 2020, phones, accounts, ���
dn: telephoneNumber=1000,telephoneNumber=1000,telephoneNumber=1000,telephoneNu
 mber=1000,telephoneNumber=1000,telephoneNumber=2020,ou=phones,ou=accounts,dc=...
telephoneNumber: 1000
telephoneNumberAccessCode:86864
objectClass: telephoneNumberAccount
userPassword:: ���.

# 1000, 1000, 1000, 1000, 1000, 1000, 2020, phones, accounts, ���
dn: telephoneNumber=1000,telephoneNumber=1000,telephoneNumber=1000,telephoneNu
 mber=1000,telephoneNumber=1000,telephoneNumber=1000,telephoneNumber=2020,ou=p
 hones,ou=accounts,dc=���
telephoneNumber: 1000
telephoneNumberAccessCode: 8864
objectClass: telephoneNumberAccount
userPassword:: ���.

# 1000, 1000, 1000, 1000, 1000, 1000, 1000, 2020, phones, accounts, ���
dn: telephoneNumber=1000,telephoneNumber=1000,telephoneNumber=1000,telephoneNu
 mber=1000,telephoneNumber=1000,telephoneNumber=1000,telephoneNumber=1000,tele
 phoneNumber=2020,ou=phones,ou=accounts,dc=���
telephoneNumber: 1000
telephoneNumberAccessCode: 64%0
objectClass: telephoneNumberAccount
userPassword:: ���.

# 1000, 1000, 1000, 1000, 1000, 1000, 1000, 1000, 2020, phones, accounts, time.
 kz
dn: telephoneNumber=1000,telephoneNumber=1000,telephoneNumber=1000,telephoneNu
 mber=1000,telephoneNumber=1000,telephoneNumber=1000,telephoneNumber=1000,tele
 phoneNumber=1000,telephoneNumber=2020,ou=phones,ou=accounts,dc=���
telephoneNumber: 1000
telephoneNumberAccessCode: 8864
objectClass: telephoneNumberAccount
userPassword:: ���.

# 1000, 1000, 1000, 1000, 1000, 1000, 1000, 1000, 1000, 2020, phones, accounts,
  ���
dn: telephoneNumber=1000,telephoneNumber=1000,telephoneNumber=1000,telephoneNu
 mber=1000,telephoneNumber=1000,telephoneNumber=1000,telephoneNumber=1000,tele
 phoneNumber=1000,telephoneNumber=1000,telephoneNumber=2020,ou=phones,ou=accou
 nts,dc=���
telephoneNumber: 1000
telephoneNumberAccessCode: 8864
objectClass: telephoneNumberAccount
userPassword:: ���.

# 1000, 1000, 1000, 1000, 1000, 1000, 1000, 1000, 1000!01000, 2020, phones, acc
 ounts, ���
dn: telephoneNumber=1000,telephoneNumber=1000,telephoneNumber=1000,telephoneNu
 mber=1000,telephoneNumber=1000,telephoneNumber=1000,telephoneNumber=1000,tele
 phoneNumber=1000,telephoneNumber=1000,telephoneNumber=1000,telephoneNumber=20
 20,ou=phones,ou=accounts,dc=���
telephoneNumber: 1000
telephoneNumberAccessCode: 8864
objectClass: telephoneNumberAccount
userPassword:: ���.


if you need screenshots from some ldap management utils, please mail me.
Comment 1 Andrew Findlay 2014-11-18 16:54:24 UTC
On Tue, Nov 18, 2014 at 11:47:10AM +0000, belykh.o@gmail.com wrote:

> Error details: request returns recursive values on some leaves. Some sensitive
> values replaced with '…' Please check:

That is certainly an odd one. You are going to have to supply a lot
more information before the developers will consider this a usable
bug report, but before getting into that I suggest you stop the server
and use slapindex to re-build all the indexes. If you have been modifying the
configuration after loading data it is possible that the index data
is inconsistent.

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------

Comment 2 Michael Ströder 2014-11-18 18:57:37 UTC
belykh.o@gmail.com wrote:
> Error details: request returns recursive values on some leaves.

What does the slapcat output look like?

Also which overlays are configured? slapo-rwm?

Ciao, Michael.


Comment 3 belykh.o@gmail.com 2014-11-18 19:16:08 UTC
Database reindexing: no effect.

Overlays:
overlay syncprov

Same problems (recursion) with slapcat -

dn: telephoneNumber=1000,telephoneNumber=1000,telephoneNumber=2020,ou=phones
 ,ou=accounts,dc=...
telephoneNumber: 1000
telephoneNumberAccessCode: 8864
objectClass: telephoneNumberAccount
userPassword:: ...
structuralObjectClass: telephoneNumberAccount
entryUUID: bc8a4014-0355-1034-8cad-1351d00c5bbd
creatorsName: cn=ldroot,dc=...
createTimestamp: 20141118100223Z
entryCSN: 20141118100223.423286Z#000000#000#000000
modifiersName: cn=ldroot,dc=...
modifyTimestamp: 20141118100223Z

dn: telephoneNumber=1000,telephoneNumber=1000,telephoneNumber=1000,telephone
 Number=2020,ou=phones,ou=accounts,dc=...
telephoneNumber: 1000
telephoneNumberAccessCode: 8864
objectClass: telephoneNumberAccount
userPassword:: ...
structuralObjectClass: telephoneNumberAccount
entryUUID: bc8d2860-0355-1034-8cae-1351d00c5bbd
creatorsName: cn=ldroot,dc=...
createTimestamp: 20141118100223Z
entryCSN: 20141118100223.442503Z#000000#000#000000
modifiersName: cn=ldroot,dc=...
modifyTimestamp: 20141118100223Z

dn: telephoneNumber=1000,telephoneNumber=1000,telephoneNumber=1000,telephone
 Number=1000,telephoneNumber=2020,ou=phones,ou=accounts,dc=...
telephoneNumber: 1000
telephoneNumberAccessCode: 8864
objectClass: telephoneNumberAccount
userPassword:: ...
structuralObjectClass: telephoneNumberAccount
entryUUID: bc914c06-0355-1034-8caf-1351d00c5bbd
creatorsName: cn=ldroot,dc=...
createTimestamp: 20141118100223Z
entryCSN: 20141118100223.469632Z#000000#000#000000
modifiersName: cn=ldroot,dc=...
modifyTimestamp: 20141118100223Z

dn: telephoneNumber=1000,telephoneNumber=1000,telephoneNumber=1000,telephone
 Number=1000,telephoneNumber=1000,telephoneNumber=2020,ou=phones,ou=accounts
 ,dc=...
telephoneNumber: 1000
telephoneNumberAccessCode: 8864
objectClass: telephoneNumberAccount
userPassword:: ...
structuralObjectClass: telephoneNumberAccount
entryUUID: bc9429a8-0355-1034-8cb0-1351d00c5bbd
creatorsName: cn=ldroot,dc=...
createTimestamp: 20141118100223Z


On 18 November 2014 17:47, <openldap-its@openldap.org> wrote:

>
> *** THIS IS AN AUTOMATICALLY GENERATED REPLY ***
>
> Thanks for your report to the OpenLDAP Issue Tracking System.  Your
> report has been assigned the tracking number ITS#7985.
>
> One of our support engineers will look at your report in due course.
> Note that this may take some time because our support engineers
> are volunteers.  They only work on OpenLDAP when they have spare
> time.
>
> If you need to provide additional information in regards to your
> issue report, you may do so by replying to this message.  Note that
> any mail sent to openldap-its@openldap.org with (ITS#7985)
> in the subject will automatically be attached to the issue report.
>
>         mailto:openldap-its@openldap.org?subject=(ITS#7985)
>
> You may follow the progress of this report by loading the following
> URL in a web browser:
>     http://www.OpenLDAP.org/its/index.cgi?findid=7985
>
> Please remember to retain your issue tracking number (ITS#7985)
> on any further messages you send to us regarding this report.  If
> you don't then you'll just waste our time and yours because we
> won't be able to properly track the report.
>
> Please note that the Issue Tracking System is not intended to
> be used to seek help in the proper use of OpenLDAP Software.
> Such requests will be closed.
>
> OpenLDAP Software is user supported.
>         http://www.OpenLDAP.org/support/
>
> --------------
> Copyright 1998-2007 The OpenLDAP Foundation, All Rights Reserved.
>
>
Comment 4 Michael Ströder 2014-11-18 19:47:21 UTC
belykh.o@gmail.com wrote:
> Same problems (recursion) with slapcat -

In this case I rather suspect something's wrong with your LDAP management
client application. I'd check the slapd logs covering the period the entries
were created.

Ciao, Michael.

Comment 5 Andrew Findlay 2014-11-19 10:36:41 UTC
On Tue, Nov 18, 2014 at 07:48:28PM +0000, michael@stroeder.com wrote:

> > Same problems (recursion) with slapcat -
> 
> In this case I rather suspect something's wrong with your LDAP management
> client application. I'd check the slapd logs covering the period the entries
> were created.

Good point. The critical thing to note in the slapcat output is that
the entryUUID values are all different. I had missed that first time
around but it clearly indicates that those entries actually exist.

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------

Comment 6 Quanah Gibson-Mount 2020-03-20 21:26:09 UTC
No useful data provided