[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#7580) autogroup module blowing slapd when using a labeledURI without attribute specification ?

Full_Name: Landry Breuil
Version: 2.4.31
OS: Debian sid
URL: 
Submission from: (NULL) (194.214.164.50)


using slapd 2.4.31 on debian sid (with cn=config), i have an abort
triggered by the following configuration :

I'm using autogroup module/overlay to automatically generate posixGroup
objects from various filters on my ou=people branch :

dn: cn=SV_REVIEWER,ou=groups,dc=example,dc=org
objectClass: labeledURIObject
objectClass: posixGroup
gidNumber: 10
labeledURI:
ldap:///ou=people,dc=example,dc=org?uid?one?(&(objectClass=inetOrgPerson)(o=myorg))

So far, that works fine. Problem is, with that configuration i'm getting
memberUid values containing only uid attributes. Now that i want to use
memberOf overlay to get the reverse membership, i realize that i need my
posixGroup to have DN-valued memberUid attrs.

I tried using a labeledURI specifying that i want a DN returned :

labeledURI: ldap:///ou=people,dc=example,dc=org?dn?one?(&(objectClass=inetOrgPerson)(o=myorg))

This errors out in autogroup_add_group after parsing the filter with :

517e6bc0 autogroup_add_group: unable to find AttributeDescription "dn".

That, i can understand - a dn is not an attribute per se.

Tried using a labeledURI without attr specification (as, from what i
understand unless mistaken, should return the object, or its dn ?)

labeledURI: ldap:///ou=people,dc=example,dc=org??one?(&(objectClass=inetOrgPerson)(o=myorg))

But this results in the following assertion (w/ debug trace) :

517e70d5 ==> autogroup_add_group <cn=SV_REVIEWER,ou=groups,dc=example,dc=org>
ldap_url_parse_ext(ldap:///ou=people,dc=example,dc=org??one?(&(objectClass=inetOrgPerson)(o=myorg)))
517e70d5 >>> dnPrettyNormal: <ou=people,dc=example,dc=org>
517e70d5 <<< dnPrettyNormal: <ou=people,dc=example,dc=org>,
<ou=people,dc=example,dc=org>
put_filter: "(&(objectClass=inetOrgPerson)(o=myorg))"
put_filter: AND
put_filter_list "(objectClass=inetOrgPerson)(o=myorg)"
put_filter: "(objectClass=inetOrgPerson)"
put_filter: simple
put_simple_filter: "objectClass=inetOrgPerson"
put_filter: "(o=myorg)"
put_filter: simple
put_simple_filter: "o=myorg"
ber_scanf fmt ({mm}) ber:
ber_scanf fmt ({mm}) ber:
517e70d5 ==> autogroup_add_members_from_filter
<cn=SV_REVIEWER,ou=groups,dc=example,dc=org>
517e70d5 => hdb_search
517e70d5 bdb_dn2entry("ou=people,dc=example,dc=org")
517e70d5 search_candidates: base="ou=people,dc=example,dc=org" (0x00000005)
scope=1
517e70d5 => hdb_dn2idl("ou=people,dc=example,dc=org")
517e70d5 => bdb_equality_candidates (objectClass)
517e70d5 => key_read
517e70d5 <= bdb_index_read: failed (-30987)
517e70d5 <= bdb_equality_candidates: id=0, first=0, last=0
517e70d5 => bdb_equality_candidates (objectClass)
517e70d5 => key_read
517e70d5 <= bdb_index_read 738 candidates
517e70d5 <= bdb_equality_candidates: id=738, first=6, last=763
517e70d5 => bdb_equality_candidates (o)
517e70d5 <= bdb_equality_candidates: (o) not indexed
517e70d5 bdb_search_candidates: id=437 first=6 last=763
517e70d5 ==> autogroup_member_search_modify_cb
<uid=user1,ou=people,dc=example,dc=org>
517e70d5 ==> autogroup_member_search_modify_cb
<uid=user2,ou=people,dc=example,dc=org>
517e70d5 hdb_search: 288 does not match filter
....
517e70d5 hdb_search: 762 does not match filter
517e70d5 hdb_search: 763 does not match filter
517e70d5 send_ldap_result: conn=1000 op=8 p=3
517e70d5 bdb_dn2entry("cn=sv_reviewer,ou=groups,dc=example,dc=org")
517e70d5 bdb_entry_get: rc=0
517e70d5 bdb_dn2entry("cn=sv_reviewer,ou=groups,dc=example,dc=org")
517e70d5 bdb_modify_internal: 0x000002e0:
cn=SV_REVIEWER,ou=groups,dc=example,dc=org
slapd: ../../../../servers/slapd/mods.c:64: modify_add_values: Assertion
`mod->sm_numvals == i' failed.

How can i achieve the desired setup ? Fix autogroup to allow asking for
a dn, or try to see why slapd blows in modify_add_values when not asking
for a specific attribute ?