Logged in as guest
Viewing Archive.Software Bugs/3765 Full headers
Major security issue: yes no
Notes: fixed in HEAD Notification:
Date: Fri, 10 Jun 2005 12:13:25 GMT From: michael@stroeder.com To: openldap-its@OpenLDAP.org Subject: Leaf or non-leaf? That's the question...
Full_Name: Michael Str.der Version: OPENLDAP_REL_ENG_2_3 OS: SuSE Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (83.121.39.239) There are entries in my database hdb which can't be deleted since they are not leafs but I can't see any entries below. I even tried to reload the whole database but this didn't help either. See yourself: $ ldapdelete "ou=test311,ou=test31,ou=test3,ou=recursive delete,ou=Testing,dc=stroeder,dc=de" SASL/EXTERNAL authentication started SASL username: uidNumber=500+gidNumber=100,cn=peercred,cn=external,cn=auth SASL SSF: 0 Delete Result: Operation not allowed on non-leaf (66) Additional info: subordinate objects must be deleted first $ ldapsearch -L -b"ou=test311,ou=test31,ou=test3,ou=recursive delete,ou=Testing,dc=stroeder,dc=de" -s one SASL/EXTERNAL authentication started SASL username: uidNumber=500+gidNumber=100,cn=peercred,cn=external,cn=auth SASL SSF: 0 version: 1 # # LDAPv3 # base <ou=test311,ou=test31,ou=test3,ou=recursive delete,ou=Testing,dc=stroeder,dc=de> with scope oneLevel # filter: (objectclass=*) # requesting: ALL # # search result # numResponses: 1
Date: Fri, 10 Jun 2005 15:09:52 +0200 From: =?ISO-8859-1?Q?Michael_Str=F6der?= <michael@stroeder.com> To: openldap-its@openldap.org Subject: (ITS#3765)
Additional info: It does not seem to happen with back-bdb. Maybe when deleting entries back-hdb does not update the subordinate flags?
Date: Fri, 10 Jun 2005 16:07:55 -0700 From: Howard Chu <hyc@symas.com> To: michael@stroeder.com CC: openldap-its@OpenLDAP.org Subject: Re: (ITS#3765)
michael@stroeder.com wrote: > Additional info: It does not seem to happen with back-bdb. > > Maybe when deleting entries back-hdb does not update the subordinate flags? > Yes, I guess that's possible. I haven't seen the problem here though; can you send a test case to reproduce the situation? -- -- Howard Chu Chief Architect, Symas Corp. Director, Highland Sun http://www.symas.com http://highlandsun.com/hyc Symas: Premier OpenSource Development and Support
Date: Sat, 11 Jun 2005 15:45:49 +0200 From: =?ISO-8859-1?Q?Michael_Str=F6der?= <michael@stroeder.com> To: Howard Chu <hyc@symas.com> CC: openldap-its@openldap.org Subject: Re: (ITS#3765)
This is a multi-part message in MIME format. --------------030504040700060408070506 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Howard Chu wrote: > michael@stroeder.com wrote: > >> Additional info: It does not seem to happen with back-bdb. >> >> Maybe when deleting entries back-hdb does not update the subordinate >> flags? >> > > Yes, I guess that's possible. I haven't seen the problem here though; > can you send a test case to reproduce the situation? See attachments and the following commands: $ ldapadd -x -D "cn=root,dc=testing,dc=stroeder,dc=com" -w pest -f ~/tmp/test-recursive-delete.ldif $ ldapdelete -x -r -D "cn=root,dc=testing,dc=stroeder,dc=com" -w pest -f test-recursive-delete.dnlist Delete Result: Operation not allowed on non-leaf (66) Additional info: subordinate objects must be deleted first Note that the log shows it e.g. fails at ou=test1,ou=recursive delete,dc=testing,dc=stroeder,dc=com But no search results below this node: $ ldapsearch -x -D "cn=root,dc=testing,dc=stroeder,dc=com" -w pest -b "ou=test1,ou=recursive delete,dc=testing,dc=stroeder,dc=com" -s one "(objectClass=*)" # extended LDIF # # LDAPv3 # base <ou=test1,ou=recursive delete,dc=testing,dc=stroeder,dc=com> with scope oneLevel # filter: (objectClass=*) # requesting: ALL # # search result search: 2 result: 0 Success # numResponses: 1 $ ldapdelete -x -r -D "cn=root,dc=testing,dc=stroeder,dc=com" -w pest "ou=test1,ou=recursive delete,dc=testing,dc=stroeder,dc=com" Delete Result: Operation not allowed on non-leaf (66) Additional info: subordinate objects must be deleted first Ciao, Michael. -- Michael Str.der E-Mail: michael@stroeder.com http://www.stroeder.com -------------------------- Excerpt slapd.conf -------------------------- ####################################################################### # dc=testing,dc=stroeder,dc=com ####################################################################### database hdb schemacheck on #checkpoint 200 5 # Entries to cache in memory cachesize 1000 # Search results to cache in memory idlcachesize 100 suffix "dc=testing,dc=stroeder,dc=com" directory /var/openldap/2.3/testing.stroeder.com rootdn "cn=root,dc=testing,dc=stroeder,dc=com" rootpw pest lastmod on sizelimit -1 --------------030504040700060408070506 Content-Type: text/plain; name="test-recursive-delete.dnlist" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="test-recursive-delete.dnlist" ou=test0,ou=recursive delete,dc=testing,dc=stroeder,dc=com ou=test1,ou=recursive delete,dc=testing,dc=stroeder,dc=com ou=test11,ou=test1,ou=recursive delete,dc=testing,dc=stroeder,dc=com ou=test311,ou=test31,ou=test3,ou=recursive delete,dc=testing,dc=stroeder,dc=com ou=test33,ou=test3,ou=recursive delete,dc=testing,dc=stroeder,dc=com ou=test32,ou=test3,ou=recursive delete,dc=testing,dc=stroeder,dc=com ou=test31,ou=test3,ou=recursive delete,dc=testing,dc=stroeder,dc=com ou=test3,ou=recursive delete,dc=testing,dc=stroeder,dc=com ou=test22,ou=test2,ou=recursive delete,dc=testing,dc=stroeder,dc=com ou=test21,ou=test2,ou=recursive delete,dc=testing,dc=stroeder,dc=com ou=test2,ou=recursive delete,dc=testing,dc=stroeder,dc=com --------------030504040700060408070506 Content-Type: text/plain; name="test-recursive-delete.ldif" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="test-recursive-delete.ldif" dn: dc=testing,dc=stroeder,dc=com objectClass: domain dc: testing dn: ou=recursive delete,dc=testing,dc=stroeder,dc=com objectClass: organizationalUnit ou: recursive delete dn: ou=test0,ou=recursive delete,dc=testing,dc=stroeder,dc=com objectClass: organizationalUnit ou: test0 dn: ou=test2,ou=recursive delete,dc=testing,dc=stroeder,dc=com objectClass: organizationalUnit ou: test2 dn: ou=test1,ou=recursive delete,dc=testing,dc=stroeder,dc=com objectClass: organizationalUnit ou: test1 dn: ou=test21,ou=test2,ou=recursive delete,dc=testing,dc=stroeder,dc=com objectClass: organizationalUnit ou: test21 dn: ou=test22,ou=test2,ou=recursive delete,dc=testing,dc=stroeder,dc=com objectClass: organizationalUnit ou: test22 dn: ou=test3,ou=recursive delete,dc=testing,dc=stroeder,dc=com objectClass: organizationalUnit ou: test3 dn: ou=test31,ou=test3,ou=recursive delete,dc=testing,dc=stroeder,dc=com objectClass: organizationalUnit ou: test31 dn: ou=test32,ou=test3,ou=recursive delete,dc=testing,dc=stroeder,dc=com objectClass: organizationalUnit ou: test32 dn: ou=test33,ou=test3,ou=recursive delete,dc=testing,dc=stroeder,dc=com objectClass: organizationalUnit ou: test33 dn: ou=test311,ou=test31,ou=test3,ou=recursive delete,dc=testing,dc=stroeder,dc=com objectClass: organizationalUnit ou: test311 dn: ou=test11,ou=test1,ou=recursive delete,dc=testing,dc=stroeder,dc=com objectClass: organizationalUnit ou: test11 --------------030504040700060408070506--
Date: Sat, 11 Jun 2005 10:27:55 -0700 From: Howard Chu <hyc@symas.com> To: =?ISO-8859-1?Q?Michael_Str=F6der?= <michael@stroeder.com> CC: openldap-its@OpenLDAP.org Subject: Re: (ITS#3765)
Thanks, this is now fixed in HEAD (back-bdb/idl.c). By the way, your test stops at the 3rd DN in the list, since it was already removed by recursively deleting the 2nd DN. Michael Str.der wrote: > See attachments and the following commands: > ------------------------------------------------------------------------ > > ou=test0,ou=recursive delete,dc=testing,dc=stroeder,dc=com > ou=test1,ou=recursive delete,dc=testing,dc=stroeder,dc=com > ou=test11,ou=test1,ou=recursive delete,dc=testing,dc=stroeder,dc=com > -- -- Howard Chu Chief Architect, Symas Corp. Director, Highland Sun http://www.symas.com http://highlandsun.com/hyc Symas: Premier OpenSource Development and Support
______________ © Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org
