[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8458) syncrepl ppolicy with LDIF backend fails

Full_Name: Moriyoshi Koizumi
Version: 2.4.40
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

As LDIF backend tries to store the values for the attributes in "prettified"
form and the value is transferred verbatim in wire,  replication of pwdAttribute
( ends up with the following error:

> syncrepl_message_to_entry: rid=001 mo cheheck (pwdAttribute: value #0 invalid
per syntax)

The validation causing the error itself is done in the following part in

             * check that each value is valid per syntax
             *  and pretty if appropriate
            for ( nvals = 0; !BER_BVISNULL( &ml->sml_values[nvals] ); nvals++ )
                struct berval pval;

                if ( pretty ) {
                    rc = ordered_value_pretty( ad,
                        &ml->sml_values[nvals], &pval, ctx );
                } else {
                    rc = ordered_value_validate( ad,
                        &ml->sml_values[nvals], ml->sml_op );

                if( rc != 0 ) {
                    snprintf( textbuf, textlen,
                        "%s: value #%ld invalid per syntax",
                        ml->sml_type.bv_val, (long) nvals );
                    *text = textbuf;
                    return LDAP_INVALID_SYNTAX;

                if( pretty ) {
                    ber_memfree_x( ml->sml_values[nvals].bv_val, ctx );
                    ml->sml_values[nvals] = pval;

where pwdAttribute has the corresponding prettifier assigned to its schema
(servers/slapd/overlays/ppolicy.c), which eventually is fed with the value in
prettified form that will effectively make slap_bv2ad() in attrPretty() fail.

            Syntax *syn;
            MatchingRule *mr;

            syn = ch_malloc( sizeof( Syntax ));
            *syn = *ad_pwdAttribute->ad_type->sat_syntax;
            syn->ssyn_pretty = attrPretty;
            ad_pwdAttribute->ad_type->sat_syntax = syn;

            mr = ch_malloc( sizeof( MatchingRule ));
            *mr = *ad_pwdAttribute->ad_type->sat_equality;
            mr->smr_normalize = attrNormalize;
            ad_pwdAttribute->ad_type->sat_equality = mr;

The replication works fine for other such attributes that have the same syntax
(OID, like objectClass because those attributes
are accompanied by the validators as well as prettifiers which validate the
value both in prettified and OID form.  For instance, objectClass has the
corresponding validator oialalidate() besides the prettifier