Full_Name: Uwe Werler Version: 2.4.40 OS: Linux / SLES 11 SP3 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (155.56.68.214) If I have rewrite rules like this: 23 olcOverlay={1}rwm,olcDatabase={3}hdb,cn=config objectClass: olcOverlayConfig objectClass: olcRwmConfig olcOverlay: {1}rwm olcRwmRewrite: {0}rwm-rewriteEngine on olcRwmRewrite: {1}rwm-rewriteContext searchFilter olcRwmRewrite: {2}rwm-rewriteRule "(.*\\()uid=sapr3(\\).*)" "$1uid=dlmsapr3$2" olcRwmRewrite: {3}rwm-rewriteRule "(.*\\()uid=sdb(\\).*)" "$1uid=sdb$2" olcRwmRewrite: {4}rwm-rewriteRule "(.*\\()uid=sapadm(\\).*)%2"%2$1uid=dlmsapadm$2" olcRwmRewrite: {5}rwm-rewriteRule "(.*\\()uid=sapmnt(\\).*)" "$1uid=sapmnt$2" olcRwmRewrite: {6}rwm-rewriteRule "(.*\\()uid=[a-z0-9]{3}adm(\\).*)" "$1uid=dlmsidadm$2" olcRwmRewrite: {7}rwm-rewriteRule "(.*\\()uid=sqd[a-z0-9]%3%3}(\\).*)" "$1uid=dlmsqdsid$2" olcRwmRewrite: {8}rwm-rewriteRule "(.*\\()uid=ora[a-z0-9]{3}(\\).*)" "$1uid=dlmorasid$2" olcRwmRewrite: {9}rwm-rewriteRule "(.*\\()uid=sap[a-z0-9]{3}(\\).*)" "$1uid=dlmsapr3$2" olcRwmRewrite: {10}rwm-rewriteRule "(.*\\()uid=sap[a-z0-9]{3}db(\\).*)" "$1uid=dlmsapr3db$2" olcRwmRewrite: {11}rwm-rewriteRule "(.*\\()uid=db2[a-z0-9]{3}(\\).*)" "$1uid=dlmdb2sid$2" olcRwmRewrite: {12}rwm-rewriteRule "(.*\\()uid=db2[a-z0-9]{3}ap(\\).*)" "$1uid=dlmdb2sid$2" then the ninth rule / statent f failes to escape. In this example ora*** get's not correctly rewritten to dlmora***: See loglevel trace: 543b711d ==> rewrite_rule_apply rule='(.*\()uid=sapr3(\).*)' string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' [1 pass(es)] 543b711d ==> rewrite_rule_apply rule='(.*\()uid=sdb(\).*)' string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' [1 pass(es)] 543b711d ==> rewrite_rule_apply rule='(.*\()uid=sapadm(\).*)' string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' [1 pass(es)] 543b711d ==> rewrite_rule_apply rule='(.*\()uid=sapmnt(\).*)' string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' [1 pass(es)] 543b711d ==E E rewrite_rule_apply rule='(.*\()uid=[a-z0-9]{3}adm(\).*)' string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' [1 pass(es)] 543b711d ==> rewrite_rule_apply rule='(.*\()uid=sqd[a-z0-9]{3}(\).*)' string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' [1 pass(es)] 543b711d ==> rewrite_rule_apply rule='(.*\\()uid=ora[a-z0-9]{3}(\\).*)' string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' [1 pass(es)] 543b711d ==> rewrite_rule_apply rule='(.*\()uid=sap[a-z0-9]{3}(\).*)' string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' [1 pass(es)] 543b711d ==> rewrite_rule_apply rule='(.*\()uid=sap[a-z0-9]{3}db(\).*)' string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' [1 pass(es)] 543b711d ==> rewrite_rule_apply rule='(.*\()uid=db2[a-z0-9]{3}(\).*)' string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' [1 pass(es)] 543b711d ==> rewrite_rule_apply rule='(.*\()uid=db2[a-z0-9]{3}ap(\).*"727 string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' [1 pass(es)] If I insert a dummy statement like this: olcRwmRewrite: {0}rwm-rewriteEngine on olcRwmRewrite: {1}rwm-rewriteContext searchFilter olcRwmRewrite: {2}rwm-rewriteRule "(.*\\()uid=sapr3(\\).*)" "$1uid=dlmsapr3$2" olcRwmRewrite: {3}rwm-rewriteRule "(.*\\()uid=sdb(\\).*)" "$1uid=sdb$2" olcRwmRewrite: {4}rwm-rewriteRule "(.*\\()uid=sapadm(\\).*)" "$1uid=dlmsapadm$2" olcRwmRewrite: {5}rwm-rewriteRule "(.*\\()uid=sapmnt(\\).*)" "$1uid=sapmnt$2" olcRwmRewrite: {6}rwm-rewriteRule "(.*\\()uid=[a-z0-9]{3}adm(\\).*)" "$1uid=dlmsidadm$2" olcRwmRewrite: {7}rwm-rewriteRule "(.*\\()uid=sqd[a-z0-9]{3}(\\).*)" "$1uid=dlmsqdsid$2" olcRwmRewrite: {8}rwm-rewriteRule "(.*\\()uid=ora[a-z0-9]{3}(\\).*)" "$1uid=dlmorasid$2" olcRwmRewrite: {9}rwm-rewriteContext placeHolder alias searchFilter olcRwmRewrite: {10}rwm-rewriteRule "(.*\\()uid=sap[a-z0-9]{3}(\\).*)" "$1uid=dlmsapr3$2" olcRwmRewrite: {11}rwm-rewriteRule "(.*\\()uid=sap[a-z0-9]{3}db(\\).*)" "$1uid=dlmsapr3db$2" olcRwmRewrite: {12}rwm-rewriteRule "(.*\\()uid=db2[a-z0-9]{3}(\\).*)" "$1uid=dlmdb2sid$2" olcRwmRewrite: {13}rwm-rewriteRule "(.*\\()uid=db2[a-z0-9]{3}ap(\\).*)" "$1uid=dlmdb2sid$2" then the escapes are working properly. Sometimes this occurs with the last rule too. I first tried with 2.4.26 (standard version in SLES11 SP3) and now with 2.4.40. Regards Uwe
Uwe Werler wrote: > If I have rewrite rules like this: > > 23 olcOverlay={1}rwm,olcDatabase={3}hdb,cn=config > objectClass: olcOverlayConfig > objectClass: olcRwmConfig > olcOverlay: {1}rwm > olcRwmRewrite: {0}rwm-rewriteEngine on > olcRwmRewrite: {1}rwm-rewriteContext searchFilter > olcRwmRewrite: {2}rwm-rewriteRule "(.*\\()uid=sapr3(\\).*)" "$1d%d=dlmsapr3$2" > olcRwmRewrite: {3}rwm-rewriteRule "(.*\\()uid=sdb(\\).*)" "$1uid=sdb$2" > olcRwmRewrite: {4}rwm-rewriteRule > "(.*\\()uid=sapadm(\\).*)" "$1uid=dlmsapadm$2" > olcRwmRewrite: {5}rwm-rewriteRule "(.*\\()uid=sapmnt(\\).*)" "$1uid=sapmnt$2" > olcRwmRewrite: {6}m-m-rewriteRule "(.*\\()uid=[a-z0-9]{3}adm(\\).*)" > "$1uid=dlmsidadm$2" > olcRwmRewrite: {7}rwm-rewriteRule "(.*\\()uid=sqd[a-z0-9]{3}(\\).*)" > "$1uid=dlmsqdsid$2" > olcRwmRewrite: {8}rwm-rewriteRule "(.*\\()uid=ora[a-z0-9]{3}(\\).*)" > "$1uid=dlmorasid$2" > olcRwmRewrite: {9}rwm-rewriteRule "(.*\\()uid=sap[a-z0-9]{3}(\\).*)" > "$1uid=dlmsapr3$2" > olcRwmRewrite: {10}rwm-rewriteRule "(.*\\()uid=sap[a-z0-9]{3}db(\\).*)" > "$1uid=dlmsapr3db$2" > olcRwmRewrite: {11}rwm-rewriteRule "(.*\\()uid=db2[a-z0-9]{3}(\\).*)" > "$1uid=dlmdb2sid$2" > olcRwmRewrite: {12}rwm-rewriteRule "(.*\\()uid=db2[a-z0-9]{3}ap(\\).*)" > "$1uid=dlmdb2sid$2" > > then the ninth rule / statent f failes to escape. In this example ora*** get's > not correctly rewritten d dlmora***: See loglevel trace: > > 543b711d ==> rewrite_rule_apply rule='(.*\()uid=sapr3(\).*)' > string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' > [1 pass(es)] > 543b711d ==> rewrite_rule_apply rule='(.*\()uid=sdb(\).*)' > string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' > [1 pass(es)] > 543b711d ==> rewrite_rule_apply rule='(.*\()uid=sapadm(\).*)' > string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' > [1 pass(es)] > 543b711d ==> rewrite_rule_apply rule='(.*\()uid=sapmnt(\).*)' > string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' > [1 pass(es)] > 543b711d ==> rewrite_rule_apply rule='(.*\()uid=[a-z0-9]{3}adm(\).*)' > string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' > [1 pass(es)] > 543b711d ==> rewrite_rule_apply rule='(.*\()uid=sqd[a-z0-9]{3}(\).*)' > string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' > [1 pass(es)] > 543b711d ==> rewrite_rule_apply rule='(.*\\()uid=ora[a-z0-9]{3}(\\).*)' > string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' > [1 pass(es)] > 543b711d ==> rewrite_rule_apply rule='(.*\()uid=sap[a-z0-9]{3}(\).2929' > string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' > [1 pass(es)] > 543b711d ==> rewrite_rule_apply rule='(.*\()uid=sap[a-z0-9]{3}db(\).*)' > string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' > [1 pass(es)] > 543b711d ==> rewrite_rule_apply rule='(.*\()uid=db2[a-z0-9]{3}(\).*)' > string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' > [1 pass(es)] > 543b711d ==> rewrite_rule_apply rule='(.*\()uid=db2[a-z0-9]{3}a28%5\).*' > string='(&(objectClass=dynamicObject)(entryExpireTimestamp<=20141013062840Z))' > [1 pass(es)] > > If I insert a dummy statement like this: > > olcRwmRewrite: {0}rwm-rewriteEngine on > olcRwmRewrite: {1}rwm-rewriteContext searchFilter > olcRwmRewrite: {2}rwm-rewriteRule "(.*\\()uid=sapr3(\\).*)" "$1uid=dlmsapr3$2" > olcRwmRewrite: {3}rwm-rewriteRule "(.*\\()uid=sdb(\\).*)" "$1uid=sdb$2" > olcRwmRewrite: {4}rwm-rewriteRule "(.*\\()uid=sapadm(\\).*)" > "$1uid=dlmsapadm$2" > olcRwmRewrite: {5}rwm-rewriteRule "(.*\\()uid=sapmnt(\\).*)" "$1uid=sapmnt$2" > olcRwmRewrite: {6}rwm-rewriteRule "(.*\\()uid=[a-z0-9]{3}adm(\\).*)" > "$1uid=dlmsidadm$2" > olcRwmRewrite: {7}rwm-rewriteRule "(.*\\()uid=sqd[a-z0-9]{3}(\\).*)" E E "$1uid=dlmsqdsid$2" > olcRwmRewrite: {8}rwm-rewriteRule "(.*\\()uid=ora[a-z0-9]{3}(\\).*)" > "$1uid=dlmorasid$2" > olcRwmRewrite: {9}rwm-rewriteContext placeHolder alias searchFilter > olcRwmRewrite: {10}rwm-rewriteRule "(.*\\()uid=sap[a-z0-9]{3}(\C%C).*)" > "$1uid=dlmsapr3$2" > olcRwmRewrite: {11}rwm-rewriteRule "(.*\\()uid=sap[a-z0-9]{3}db(\\).*)" > "$1uid=dlmsapr3db$2" > olcRwmRewrite: {12}rwm-rewriteRule "(.*\\()uid=db2[a-z0-9]{3}(\\).*)" > "$1uid=dlmdb2sid$2" > olcRwmRewrite: {13}rwm-rewriteRule "(.*\\()uid=db2[a-z0-9]{3}ap(\\).*)" > "$1uid=dlmdb2sid$2" > > then the escapes are working properly. > > Sometimes this occurs with the last rule too. It seems to me that this happens with the rule most recently inserted. If slapd was recently restarted, this would be the last rule in the list. The parsing rules are slightly different for slapd.conf vs ldif. Notable is that ldif parsing does not perform escape processing. So this slapd.conf line: rwm-rewriteRule "(.*\\()uid=sapr3(\\).*)" "$1uid=dlmsapr3$2" should actually correspond to this cn=config attribute: olcRwmRewrite: rwm-rewriteRule "(.*\()uid=sapr3(\).*)" "$1uid=dlmsapr3$2" This is exactly the output of conversion with, for example, slaptest -f slapd.conf -F slapd.d. When a new rwm rule is added, existing rules are reloaded. The bug is that the existing rules were being passed through the slapd.conf line processor, which dropped backslashes on the way, while the rule actually being inserted was passed to the rewrite routines untouched. Fixed in git master by removing the extra escaping on insert. You will have to adjust your rules to use a single backslash instead of two. (bonus: rwm is needlessly reloading existing rules when appending with valx >= last, while it could be
changed notes changed state Open to Test moved from Incoming to Software Bugs
changed notes changed state Test to Release
Ryan Tandy wrote: > Fixed in git master by removing the extra escaping on insert. You will have to > adjust your rules to use a single backslash instead of two. I wonder whether that caused a regression parsing multi-line DESC '..' in schema descriptions. Up to now I could load this but it does not work with current RE24 branch: objectClass ( 1.3.6.1.4.1.412.100.2.1.3.2 NAME 'dlm1ManagedSystemElement' DESC 'ManagedSystemElement is the base class for the System Element hierarchy. Membership Criteria: Any distinguishable component of a System is a candidate for inclusion in this class. Examples: software components, such as files; and devices, such as disk drives and controllers, and physical components such as chips and cards.' SUP dlm1ManagedElement ABSTRACT MAY ( dlmInstallDate $ dlmName $ dlmStatus ) ) This is not schema generated by me. Ciao, Michael.
Hi Michael, On Sat, Sep 12, 2015 at 02:38:44PM +0200, Michael Ströder wrote: >I wonder whether that caused a regression parsing multi-line DESC '..' in >schema descriptions. > >Up to now I could load this but it does not work with current RE24 branch: > >objectClass ( 1.3.6.1.4.1.412.100.2.1.3.2 NAME 'dlm1ManagedSystemElement' > DESC 'ManagedSystemElement is the base class for the > System Element hierarchy. Membership Criteria: Any > distinguishable component of a System is a candidate > for inclusion in this class. Examples: software > components, such as files; and devices, such as disk > drives and controllers, and physical components such > as chips and cards.' > SUP dlm1ManagedElement ABSTRACT > MAY ( dlmInstallDate $ dlmName $ dlmStatus ) ) > >This is not schema generated by me. A schema with the above DESC (including line breaks), and SUP top ABSTRACT MAY description, is working fine for me on RE24 (as of c5b4cd6) configured with "--disable-bdb --disable-hdb --enable-rwm". I tested embedding it directly in slapd.conf, including via 'include test.schema', and ldapadd'ing an LDIF version into cn=config at runtime. (admittedly the last is probably not relevant, since it becomes one long logical LDIF line.) Can you provide some more details about the failure you see? Glancing at the RE24 log, I'd look at ITS#8233 as the change most likely to be related, but can't say anything for sure without a reproducible test case. thanks, Ryan
fixed in master fixed in RE25 fixed in RE24
changed notes changed state Release to Closed