[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8163) Broken handling of deprecated attributes



This is a cryptographically signed message in MIME format.

--------------ms020405000401010508050306
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

On 06/03/2015 11:47 AM, Michael Str=F6der wrote:
> On 2015-06-03 11:20, Pierre Schweitzer wrote:
>> This is not a question, but really a bug report about a broken behavio=
r.
>=20
> Again:
> I can confirm that requesting an attribute which does not exist in the
> subschema does not affect whether an entry is returned.
>=20
>> I quote them again: "Potentially, OpenLDAP should have a bug raised to=

>> make it impossible to get into a situation where error 65 is returned =
on
>> a query, as it likely does not conform to the RFC."
>=20
> Again: This statement is right and AFACIS OpenLDAP always worked correc=
tly.

OK, so you confirm that what we see here is an incorrect behavior.

>> Here is the log extract you're asking for (I just filtered out the
>> base DN):
>> Jun  3 09:17:30 rose-java slapd[6776]: conn=3D1516 op=3D1 SRCH base=3D=
"XXXX"
>> scope=3D2 deref=3D0 filter=3D"(&(objectClass=3DinetOrgPerson)(uid=3Dhe=
is spiter))"
>> Jun  3 09:17:30 rose-java slapd[6776]: conn=3D1516 op=3D1 SRCH
>> attr=3DjavaRemoteLocation
>> Jun  3 09:17:30 rose-java slapd[6776]: conn=3D1516 op=3D1 SEARCH RESUL=
T
>> tag=3D101 err=3D65 nentries=3D0 text=3D
>=20
> Up to now there's absolutely no evidence in the information you provide=
d
> that this is a bug.
>=20
> How did you make sure that an entry should be returned for exactly this=

> search with the bound identity and your configuration?
>=20
> I suspect a configuration or data error on your side. Many things can b=
e
> wrong.
> Without seeing your config, data and the bound identity nobody can
> track this down for you.

One technical information that would make sense: we are using the SQL
backend. I've just checked, there's some attributes management in
backend code, and the issue *may* come from this.
The Atlassian support cannot reproduce the error with "out-of-the-box"
OpenLDAP server not using SQL backend.

I will setup a dedicated test env for this issue so that I can more
easily track & debug the issue. I'll come back at you when I've more
information (or even a patch).

--=20
Pierre Schweitzer <pierre@reactos.org>
System & Network Administrator
Senior Kernel Developer
ReactOS Deutschland e.V.


--------------ms020405000401010508050306
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIMnTCC
BjQwggQcoAMCAQICASAwDQYJKoZIhvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoT
DVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNp
Z25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3
MTAyNDIxMDI1NVoXDTE3MTAyNDIxMDI1NVowgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1T
dGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWdu
aW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENs
aWVudCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMsohUWcASz7GfKrpTOM
KqANy9BV7V0igWdGxA8IU77L3aTxErQ+fcxtDYZ36Z6GH0YFn7fq5RADteP0AYzrCA+EQTfi
8q1+kA3m0nwtwXG94M5sIqsvs7lRP1aycBke/s5g9hJHryZ2acScnzczjBCAo7X1v5G3yw8M
DP2m2RCye0KfgZ4nODerZJVzhAlOD9YejvAXZqHksw56HzElVIoYSZ3q4+RJuPXXfIoyby+Y
2m1E+YzX5iCZXBx05gk6MKAW1vaw4/v2OOLy6FZH3XHHtOkzUreG//CsFnB9+uaYSlR65cdG
zTsmoIK8WH1ygoXhRBm98SD7Hf/r3FELNvUCAwEAAaOCAa0wggGpMA8GA1UdEwEB/wQFMAMB
Af8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSuVYNv7DHKufcd+q9rMfPIHeOsuzAfBgNV
HSMEGDAWgBROC+8apEBbpRdphzDKNGhD0EGu8jBmBggrBgEFBQcBAQRaMFgwJwYIKwYBBQUH
MAGGG2h0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9jYTAtBggrBgEFBQcwAoYhaHR0cDovL3d3
dy5zdGFydHNzbC5jb20vc2ZzY2EuY3J0MFsGA1UdHwRUMFIwJ6AloCOGIWh0dHA6Ly93d3cu
c3RhcnRzc2wuY29tL3Nmc2NhLmNybDAnoCWgI4YhaHR0cDovL2NybC5zdGFydHNzbC5jb20v
c2ZzY2EuY3JsMIGABgNVHSAEeTB3MHUGCysGAQQBgbU3AQIBMGYwLgYIKwYBBQUHAgEWImh0
dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93
d3cuc3RhcnRzc2wuY29tL2ludGVybWVkaWF0ZS5wZGYwDQYJKoZIhvcNAQEFBQADggIBADqp
Jw3I07QWke9plNBpxUxcffc7nUrIQpJHDci91DFG7fVhHRkMZ1J+BKg5UNUxIFJ2Z9B90Mic
c/NXcs7kPBRdn6XGO/vPc87Y6R+cWS9Nc9+fp3Enmsm94OxOwI9wn8qnr/6o3mD4noP9Jphw
UPTXwHovjavRnhUQHLfo/i2NG0XXgTHXS2Xm0kVUozXqpYpAdumMiB/vezj1QHQJDmUdPYMc
p+reg9901zkyT3fDW/ivJVv6pWtkh6Pw2ytZT7mvg7YhX3V50Nv860cV11mocUVcqBLv0gcT
+HBDYtbuvexNftwNQKD5193A7zN4vG7CTYkXxytSjKuXrpEatEiFPxWgb84nVj25SU5q/r1X
hwby6mLhkbaXslkVtwEWT3Van49rKjlK4XrUKYYWtnfzq6aSak5u0Vpxd1rY79tWhD3EdCvO
hNz/QplNa+VkIsrcp7+8ZhP1l1b2U6MaxIVteuVMD3X0vziIwr7jxYae9FZjbxlpUemqXjcC
0QaFfN7qI0JsQMALL7iGRBg7K0CoOBzECdD3fuZil5kU/LP9cr1BK31U0Uy651bFnAMMMkqh
AChIbn0ei72VnbpSsrrSdF0BAGYQ8vyHae5aCg+H75dVCV33K6FuxZrf09yTz+Vx/PkdRUYk
XmZz/OTfyJXsUOUXrym6KvI2rYpccSk5MIIGYTCCBUmgAwIBAgICWQwwDQYJKoZIhvcNAQEL
BQAwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJT
ZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBD
bGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTAeFw0xNDExMjQxNjI3Mjda
Fw0xNjExMjQyMDIyMjZaMH4xCzAJBgNVBAYTAkZSMRgwFgYDVQQIEw9IYXV0ZS1Ob3JtYW5k
aWUxFjAUBgNVBAcTDU1vbnRpdmlsbGllcnMxGjAYBgNVBAMTEVBpZXJyZSBTY2h3ZWl0emVy
MSEwHwYJKoZIhvcNAQkBFhJwaWVycmVAcmVhY3Rvcy5vcmcwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8SYZrOQ1QDv1kIOpgVq/b7szSPKslgvoWds2XORWlmr1sunnT6rh/
dS49XLFIfvqBtjZJfszA5ISFiI0jvp1kWqM+/DRvTZ+IRVyMtPaRjeAnvuXcjn/ARLzgX41l
Ud1Nvhr3xVUaBczz+PBrYpSiL33q8PWBlmPUB/aFCfiOshZUncf6Oyp6htM/wGYLBYPeYe/N
f/H22oA47gecS5Wklywa7mBdsLzDOkWM+4vtxPUSNcup1wsR/uQiYOLEC6NgjoUH+Io9p5oR
RrTYDjd3sLT+bhLAzBpwkMBa0MlIufzyxMSB2pJO0wj1itVbKORU0ms4lMBiOvpJNxMrS93J
AgMBAAGjggLYMIIC1DAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAdBgNVHSUEFjAUBggrBgEF
BQcDAgYIKwYBBQUHAwQwHQYDVR0OBBYEFBhmqkwsm1WisdrKJVqDH/Xhvm32MB8GA1UdIwQY
MBaAFK5Vg2/sMcq59x36r2sx88gd46y7MB0GA1UdEQQWMBSBEnBpZXJyZUByZWFjdG9zLm9y
ZzCCAUwGA1UdIASCAUMwggE/MIIBOwYLKwYBBAGBtTcBAgMwggEqMC4GCCsGAQUFBwIBFiJo
dHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3kucGRmMIH3BggrBgEFBQcCAjCB6jAnFiBT
dGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTADAgEBGoG+VGhpcyBjZXJ0aWZpY2F0
ZSB3YXMgaXNzdWVkIGFjY29yZGluZyB0byB0aGUgQ2xhc3MgMiBWYWxpZGF0aW9uIHJlcXVp
cmVtZW50cyBvZiB0aGUgU3RhcnRDb20gQ0EgcG9saWN5LCByZWxpYW5jZSBvbmx5IGZvciB0
aGUgaW50ZW5kZWQgcHVycG9zZSBpbiBjb21wbGlhbmNlIG9mIHRoZSByZWx5aW5nIHBhcnR5
IG9ibGlnYXRpb25zLjA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLnN0YXJ0c3NsLmNv
bS9jcnR1Mi1jcmwuY3JsMIGOBggrBgEFBQcBAQSBgTB/MDkGCCsGAQUFBzABhi1odHRwOi8v
b2NzcC5zdGFydHNzbC5jb20vc3ViL2NsYXNzMi9jbGllbnQvY2EwQgYIKwYBBQUHMAKGNmh0
dHA6Ly9haWEuc3RhcnRzc2wuY29tL2NlcnRzL3N1Yi5jbGFzczIuY2xpZW50LmNhLmNydDAj
BgNVHRIEHDAahhhodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS8wDQYJKoZIhvcNAQELBQADggEB
ACbcmhzJrkldFMDb4Qb1WXVnDtVJBNJjR/AzTZxc+8r/9UAdxfI4SlYbEXU9cZ/r2JaRXPeh
5A3FEaUOBafRkSwKYfw8XXIIe0q0S8tDJ+uigHChf9HR4YqhqhC+1pfO15YnlyEcRXe5xmHt
lNUyKrVqPEzPus/58i2dprOk2TJpoy3jPkg9Z/S31F9+ipojV7aOkOaEUn+GxAPVRhmbEWqr
c0Vnu45vvgVgXI4TwDCVp7lS9Rl/X/ytEunbC/AXAO4eEDLkkYxMTe8xkbLt39da5nqc0ta+
fsAecskmU8Jg38Xh2Kj5K+3MeKhZFyiLNdr4YKYJuVDFoZ8SWwIROBIxggPaMIID1gIBATCB
kzCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNl
Y3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENs
YXNzIDIgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xpZW50IENBAgJZDDAJBgUrDgMCGgUAoIIC
GzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNTA2MDMxMTQ3
MzhaMCMGCSqGSIb3DQEJBDEWBBQzjI2ph1YSdmtimunu50JmlPABvTBsBgkqhkiG9w0BCQ8x
XzBdMAsGCWCGSAFlAwQBKjALBglghkgBZQMEAQIwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwIC
AgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMIGkBgkrBgEEAYI3
EAQxgZYwgZMwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYD
VQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFy
dENvbSBDbGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQQICWQwwgaYGCyqG
SIb3DQEJEAILMYGWoIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRk
LjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UE
AxMvU3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAlkM
MA0GCSqGSIb3DQEBAQUABIIBABjJHLdvcE2ADkK1Fkr1+UA431l3bLVA7qOJyXcfuBIk5wRd
nRwlEeA39IRJc4m8lDO2OV7sZt99aTp5z4LC1Z5mfN0s3I9VBZRDvjFgx+oYAqnuoq19eoM0
Tc9VHtDL8hG1mrohtDtPLe6n5yJrTBugBQN7BHPHJL2c3S8/7CJdfWlJOZRwvnxh73Q8KVUD
3rEGfFa0K4JVBhaolSAXcGX1QSKvbb7utDuw7JbnOjNocFv4zIunJO4z23VJbyQ59Tjb1pbl
qEf7b4GFweA6Xkey1TCs6BcscxJEYSvyT0uv9zt/m6fJLkRED88Jxs0wVfyIHDNOhI4HI54/
LPIXytYAAAAAAAA=
--------------ms020405000401010508050306--