[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: (ITS#4849) LDAP URL not recognized with bind9
Il s'agit d'un message ` parties multiples au format MIME.
------=_NextPart_000_0163_01C75810.9E49DBB0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
FYI
=20
-----Message d'origine-----
De : Pierangelo Masarati [mailto:ando@sys-net.it]=20
Envoy=E9 : vendredi 23 f=E9vrier 2007 22:02
=C0 : cyril@coupel.net
Cc : openldap-its@openldap.org
Objet : Re: (ITS#4849) LDAP URL not recognized with bind9
=20
cyril@coupel.net wrote:
> Tanks for your answer.
> I tested by removing the %xxxx% from the URL and the tests are passed; =
but
> there is an error saying that there is no %xxx% token.
> I already open a case to the BIND team, but they reply this is not a =
bind
> problem.
> However, I will transmit this information to the BIND/DLZ team.
=20
I have few more comments; see below.
=20
=20
> Cyril COUPEL wrote:
>> I agree with this information.
>> The fact is the ldapURL is not used as it, the key %zone% (or =
%client%)
is
>> replaced with the ns domain (the client name).
>>=20
>> It was working well since I upgrade to 2.3.30-r2.
=20
There is no OpenLDAP 2.3.30-r2; the current version is 2.3.34.
This is a Gentoo relase based on 2.3.30 (the latest relase available is
2.3.33)
=20
Also, you mentioned an error message "failed to parse ldap URL"; there's
no such message in bind 9.3.4 code, nor in 9.4.0rc2. Also, there's no
explicit ldap_url_parse() call, so the problem could only arise when
performing an operation with that broken DN. However, I don't see how
the error message could be raised by bind, since the URL is parsed by
bind itself, without using the OpenLDAP API function, and the DN is only
used as base for other operations, so OpenLDAP API cannot have any
notion of that DN being part of an URL. Finally, bind itself, while
parsing the URL, checks for badly encoded portions of the URL, and the
corresponding error message is "LDAP sdb zone '%s': URL: bad hex =
values".
=20
The message is located in =20
isc_result_t dlz_ldap_checkURL(char *URL, int attrCnt, const char *msg)
located in file bin/named/dlz_ldap_driver.c provided by
ctrix_dlz_9.3.3.patch
=20
Could you point us to the __real__ version of OpenLDAP __and__ bind you
pretend to be broken?
=20
=20
p.
=20
=20
=20
Ing. Pierangelo Masarati
OpenLDAP Core Team
=20
SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office: +39.02.23998309
Mobile: +39.333.4963172
Email: pierangelo.masarati@sys-net.it
------------------------------------------
=20
------=_NextPart_000_0163_01C75810.9E49DBB0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml"; =
xmlns=3D"http://www.w3.org/TR/REC-html40";>
<head>
<meta http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Texte brut Car";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.5pt;
font-family:Consolas;}
span.TextebrutCar
{mso-style-name:"Texte brut Car";
mso-style-priority:99;
mso-style-link:"Texte brut";
font-family:Consolas;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3DFR link=3Dblue vlink=3Dpurple>
<div class=3DSection1>
<p class=3DMsoPlainText>FYI<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>-----Message d'origine-----<br>
De : Pierangelo Masarati [mailto:ando@sys-net.it] <br>
Envoy=E9 : vendredi 23 f=E9vrier 2007 22:02<br>
=C0 : cyril@coupel.net<br>
Cc : openldap-its@openldap.org<br>
Objet : Re: (ITS#4849) LDAP URL not recognized with =
bind9<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>cyril@coupel.net wrote:<o:p></o:p></p>
<p class=3DMsoPlainText>> Tanks for your answer.<o:p></o:p></p>
<p class=3DMsoPlainText>> I tested by removing the %xxxx% from the =
URL and the
tests are passed; but<o:p></o:p></p>
<p class=3DMsoPlainText>> there is an error saying that there is no =
%xxx%
token.<o:p></o:p></p>
<p class=3DMsoPlainText>> I already open a case to the BIND team, but =
they
reply this is not a bind<o:p></o:p></p>
<p class=3DMsoPlainText>> problem.<o:p></o:p></p>
<p class=3DMsoPlainText>> However, I will transmit this information =
to the
BIND/DLZ team.<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>I have few more comments; see =
below.<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>> Cyril COUPEL wrote:<o:p></o:p></p>
<p class=3DMsoPlainText>>> I agree with this =
information.<o:p></o:p></p>
<p class=3DMsoPlainText>>> The fact is the ldapURL is not used as =
it, the
key %zone% (or %client%) is<o:p></o:p></p>
<p class=3DMsoPlainText>>> replaced with the ns domain (the client =
name).<o:p></o:p></p>
<p class=3DMsoPlainText>>><o:p> </o:p></p>
<p class=3DMsoPlainText>>> It was working well since I upgrade to
2.3.30-r2.<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText><span style=3D'color:#0070C0'>There is no =
OpenLDAP
2.3.30-r2; the current version is 2.3.34.<o:p></o:p></span></p>
<p class=3DMsoPlainText><span lang=3DEN-US style=3D'color:#0070C0'>This =
is a Gentoo relase
based on 2.3.30 (the latest relase available is =
2.3.33)<o:p></o:p></span></p>
<p class=3DMsoPlainText><span lang=3DEN-US><o:p> </o:p></span></p>
<p class=3DMsoPlainText>Also, you mentioned an error message =
"failed to
parse ldap URL"; there's<o:p></o:p></p>
<p class=3DMsoPlainText>no such message in bind 9.3.4 code, nor in =
9.4.0rc2.=A0
Also, there's no<o:p></o:p></p>
<p class=3DMsoPlainText>explicit ldap_url_parse() call, so the problem =
could only
arise when<o:p></o:p></p>
<p class=3DMsoPlainText>performing an operation with that broken DN.=A0 =
However, I
don't see how<o:p></o:p></p>
<p class=3DMsoPlainText>the error message could be raised by bind, since =
the URL
is parsed by<o:p></o:p></p>
<p class=3DMsoPlainText>bind itself, without using the OpenLDAP API =
function, and
the DN is only<o:p></o:p></p>
<p class=3DMsoPlainText>used as base for other operations, so OpenLDAP =
API cannot
have any<o:p></o:p></p>
<p class=3DMsoPlainText>notion of that DN being part of an URL.=A0 =
Finally, bind
itself, while<o:p></o:p></p>
<p class=3DMsoPlainText>parsing the URL, checks for badly encoded =
portions of the
URL, and the<o:p></o:p></p>
<p class=3DMsoPlainText>corresponding error message is "LDAP sdb =
zone '%s':
URL: bad hex values".<o:p></o:p></p>
<p class=3DMsoPlainText><span =
style=3D'color:black'><o:p> </o:p></span></p>
<p class=3DMsoPlainText><span lang=3DEN-US style=3D'color:#0070C0'>The =
message is
located in =A0=A0=A0 <o:p></o:p></span></p>
<p class=3DMsoPlainText><span lang=3DEN-US =
style=3D'color:#0070C0'>isc_result_t dlz_ldap_checkURL(char
*URL, int attrCnt, const char *msg)<o:p></o:p></span></p>
<p class=3DMsoPlainText><span lang=3DEN-US =
style=3D'color:#0070C0'>located in file bin/named/dlz_ldap_driver.c
provided by ctrix_dlz_9.3.3.patch<o:p></o:p></span></p>
<p class=3DMsoPlainText><span lang=3DEN-US><o:p> </o:p></span></p>
<p class=3DMsoPlainText>Could you point us to the __real__ version of =
OpenLDAP
__and__ bind you<o:p></o:p></p>
<p class=3DMsoPlainText>pretend to be broken?<o:p></o:p></p>
<p class=3DMsoPlainText><span =
style=3D'color:black'><o:p> </o:p></span></p>
<p class=3DMsoPlainText><span =
style=3D'color:black'><o:p> </o:p></span></p>
<p class=3DMsoPlainText>p.<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>Ing. Pierangelo Masarati<o:p></o:p></p>
<p class=3DMsoPlainText>OpenLDAP Core Team<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>SysNet s.n.c.<o:p></o:p></p>
<p class=3DMsoPlainText>Via Dossi, 8 - 27100 Pavia - =
ITALIA<o:p></o:p></p>
<p class=3DMsoPlainText>http://www.sys-net.it<o:p></o:p></p>
<p =
class=3DMsoPlainText>------------------------------------------<o:p></o:p=
></p>
<p class=3DMsoPlainText>Office:=A0=A0 +39.02.23998309<o:p></o:p></p>
<p class=3DMsoPlainText>Mobile:=A0=A0 +39.333.4963172<o:p></o:p></p>
<p class=3DMsoPlainText>Email:=A0=A0=A0 =
pierangelo.masarati@sys-net.it<o:p></o:p></p>
<p =
class=3DMsoPlainText>------------------------------------------<o:p></o:p=
></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
</div>
</body>
</html>
------=_NextPart_000_0163_01C75810.9E49DBB0--