Logged in as guest
Viewing Software Bugs/5963 Full headers
Major security issue: yes no
Notes: related to ITS#5517 fixed in HEAD fixed in RE24 Notification:
Date: Fri, 20 Feb 2009 10:50:34 +0000 From: michael@stroeder.com To: openldap-its@OpenLDAP.org Subject: Explictly deleting all object classes and re-add some fails in modify request
Full_Name: Michael Str.der Version: RE24 (synced right now) OS: openSUSE 11.1 URL: Submission from: (NULL) (84.163.85.36) If I explicitly remove all object classes of an entry by value and re-add some of them the modify requests fail with "Type or value exists: modify/add: objectClass: value #1 already exists" Unfortunately I cannot provide a simple example for showing this. Specific configuration and data upon request since it's private data which MUST NOT be disclosed.
Date: Fri, 20 Feb 2009 16:06:18 +0100 From: Pierangelo Masarati <ando@sys-net.it> To: michael@stroeder.com CC: openldap-its@openldap.org Subject: Re: (ITS#5963) Explictly deleting all object classes and re-add some fails in modify request
michael@stroeder.com wrote: > If I explicitly remove all object classes of an entry by value and re-add some > of them the modify requests fail with > "Type or value exists: modify/add: objectClass: value #1 already exists" > > Unfortunately I cannot provide a simple example for showing this. Specific > configuration and data upon request since it's private data which MUST NOT be > disclosed. I could not reproduce it. Probably, the best way to proceed is: 1) write down the objectClass values before and after the attempted modifications 2) classify them as ABSTRACT, STRUCTURAL, AUXILIARY 3) indicate any inheritance relationship 4) send the outcome of (2) and (3) after mangling the objectClass names as required. This should allow you (and others) to try to reproduce the issue without the need to disclose your info. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------
Date: Fri, 20 Feb 2009 16:10:41 +0100 From: =?ISO-8859-1?Q?Michael_Str=F6der?= <michael@stroeder.com> To: Pierangelo Masarati <ando@sys-net.it> CC: openldap-its@openldap.org Subject: Re: (ITS#5963) Explictly deleting all object classes and re-add some fails in modify request
Pierangelo Masarati wrote: > michael@stroeder.com wrote: > >> If I explicitly remove all object classes of an entry by value and >> re-add some >> of them the modify requests fail with >> "Type or value exists: modify/add: objectClass: value #1 already exists" >> >> Unfortunately I cannot provide a simple example for showing this. >> Specific configuration and data upon request since it's private >> data which MUST NOT be disclosed. > > I could not reproduce it. I also can't reproduce it with standard object classes on my local system. > Probably, the best way to proceed is: I could provide a canned config to a developer which should be kept confidential. Do you take that? Ciao, Michael.
Date: Sat, 21 Feb 2009 18:34:13 +0100 From: =?ISO-8859-1?Q?Michael_Str=F6der?= <michael@stroeder.com> To: openldap-its@openldap.org Subject: Re: (ITS#5963) Explictly deleting all object classes and re-add some fails in modify request
michael@stroeder.com wrote: > If I explicitly remove all object classes of an entry by value and re-add some > of them the modify requests fail with > "Type or value exists: modify/add: objectClass: value #1 already exists" > > Unfortunately I cannot provide a simple example for showing this. Specific > configuration and data upon request since it's private data which MUST NOT be > disclosed. I think I found an example with standard object classes. The problem seems to be the order of the inherited STRUCTURAL object classes. (Tests done with HEAD.) Import this entry and try to remove 'labeledURIObject' from it: dn: ou=oc-mod-test,ou=Testing,dc=stroeder,dc=de objectClass: OpenLDAPou objectClass: organizationalUnit objectClass: labeledURIObject ou: oc-mod-test If you reverse the order of the STRUCTURAL object classes or remove 'organizationalUnit' and let slapd re-add it works. objectClass: organizationalUnit objectClass: OpenLDAPou
Date: Sun, 22 Feb 2009 23:32:06 +0100 From: Pierangelo Masarati <ando@sys-net.it> To: michael@stroeder.com CC: openldap-its@openldap.org Subject: Re: (ITS#5963) Explictly deleting all object classes and re-add some fails in modify request
michael@stroeder.com wrote: > I think I found an example with standard object classes. The problem > seems to be the order of the inherited STRUCTURAL object classes. (Tests > done with HEAD.) > > Import this entry and try to remove 'labeledURIObject' from it: > > dn: ou=oc-mod-test,ou=Testing,dc=stroeder,dc=de > objectClass: OpenLDAPou > objectClass: organizationalUnit > objectClass: labeledURIObject > ou: oc-mod-test > > > If you reverse the order of the STRUCTURAL object classes or remove > 'organizationalUnit' and let slapd re-add it works. > > objectClass: organizationalUnit > objectClass: OpenLDAPou The error is in the delete phase. I performed dn: ou=oc-mod-test,ou=Testing,dc=stroeder,dc=de changetype: modify delete: objectClass objectClass: OpenLDAPou objectClass: organizationalUnit objectClass: labeledURIObject - add: objectClass objectClass: OpenLDAPou objectClass: organizationalUnit What happens is that at the end of the delete phase, organizationalUnit is still there. Apparently, the fix to ITS#5517 was not complete. Thanks for spotting it. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------
______________ © Copyright 2010, OpenLDAP Foundation, info@OpenLDAP.org
