[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6181) slapo-unique: slaptest fails in case unique_uri is prepended the keywords "strict" or "ignore"

Full_Name: Daniel Pluta
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (


from slapo-unique's manpage:

"... It is possible to set strict checking for the uniqueness domain by
prepending the keyword strict. ..."

I've tried to use "unique_uri strict ldap:///....."; and/or "unique_uri ignore
ldap:///..."; configuration syntax within slapd.conf. Both settings cause
slaptest to fail with the error message:

line 86: <strict> invalid ldap urilist

my slapd.conf's line 86 looks (similar) to this one:
unique_uri strict ldap:///dc=example,dc=com?uid?sub?(objectClass=account)

The error message disapears and slapd starts up only in case the keywords
"strict" and/or "ignore" get removed from slapd.conf again.

After a quick look into unique's source I think the problem's cause seems to be
located within/around the ConfigDriver function "unique_cf_uri", especially
regarding the section "case LDAP_MOD_ADD:"

        if ( c->line ) rc = unique_new_domain ( &domain, c->line, c );
        else rc = unique_new_domain ( &domain, c->argv[1], c );

I've added the following Debug statement
Debug ( LDAP_DEBUG_TRACE, "c->line: %s\n", c->line, NULL, NULL );
just before the above condition. The output results in the following trace
==> unique_db_init
line 86 (unique_uri strict
c->line: (null)
==> unique_new_domain <strict>

Because c->line is (null) only the else branch get's traversed... I don't
understand exactly why. I've always used c->argv[n] (never used of c->line) in
the past.

Regarding the function:
unique_new_domain( unique_domain **domainp, char *domain_spec, ConfigArgs *c )

    if ( strncasecmp ( uri_start, "ignore ",
               STRLENOF( "ignore " ) ) == 0 ) {
        domain->ignore = 1;
        uri_start += STRLENOF( "ignore " );
    if ( strncasecmp ( uri_start, "strict ",
               STRLENOF( "strict " ) ) == 0 ) {
        domain->strict = 1;
        uri_start += STRLENOF( "strict " );
        if ( !domain->ignore
             && strncasecmp ( uri_start, "ignore ",
                      STRLENOF( "ignore " ) ) == 0 ) {
            domain->ignore = 1;
            uri_start += STRLENOF( "ignore " );

I'm not sure whether I've understand the design idea correctly but in my opinion
the above strncasecmp-condition block shouldn't be located in this function. I
would suggest to not handle the parsing and differentiation between "strict |
ignore | ldap_uri" here. In my opinion this could also/better be handled in
advance; perhaps directly within the ConfigDriver function by using the already
parsed configuration tokens c->argv[n] instead of "c->line"?

1.) initially using "unique_uri ldap:///...."; in slapd.conf
2.) converting slapd.conf into slapd.d-format
3.) Starting slapd
4.) Editing olcUniqueURI online via cn=config:
    inserting "strict" here work's fine (at least no error message is displayed

I've not tested whether the "strict" logic works correctly after these 4 steps.