Re: ldapmodify returns "No such object (32)" for user besides ROOTDN

["Pierangelo Masarati" <masarati@aero.polimi.it>]

John Ziniti writes: 

> I'm pretty much thrashing wildly on this one, so I'm going to try
> updgrading my openldap from 2.0.11 to 2.1.4, and see if that
> helps; but in case anyone is interested:

You don't need to go that far; there was a bug in parsing dn
regex pattern ".*" that was fixed in 2.0.12 or so :) This could
be the cause.  Try access to *, or upgrade. 

Pierangelo 

> This is the only access control I have in slapd.conf.  I have been
> starting slapd at "-d 255".  I was just trying not to attach too much
> cruft to my emails. 
>
> access to dn=.*
>  by dn="uid=rejpz,ou=Development,dc=channing,dc=harvard,dc=edu" write
>  by self write
>  by * read 
>
> There is "weird" (at least to me) looking things in slapd output, like 
>
> "ldap_send_result: 10::"
> "=> acl_mask: to all values by "", (=n)" 
>
> <ber_stuff snipped for brevity> 
>
> ==> ldbm_back_bind: dn: 
> uid=rejpz,ou=Development,dc=channing,dc=harvard,dc=edu
> daemon: select: listen=8 active_threads=1 tvp=NULL
> dn2entry_r: dn: "UID=REJPZ,OU=DEVELOPMENT,DC=CHANNING,DC=HARVARD,DC=EDU"
> daemon: select: listen=9 active_threads=1 tvp=NULL
> => dn2id( "UID=REJPZ,OU=DEVELOPMENT,DC=CHANNING,DC=HARVARD,DC=EDU" )
> ====> 
> cache_find_entry_dn2id("UID=REJPZ,OU=DEVELOPMENT,DC=CHANNING,DC=HARVARD,DC 
> =EDU"): 95 (1 tries)
> <= dn2id 95 (in cache)
> => id2entry_r( 95 )
> entry_rdwr_rtrylock: ID: 95
> ====> cache_find_entry_id( 95 ) 
> "uid=rejpz,ou=Development,dc=channing,dc=harvard,dc=edu" (found) (1 tries)
> <= id2entry_r( 95 ) 0x80e70a8 (cache)
> => access_allowed: auth access to 
> "uid=rejpz,ou=Development,dc=channing,dc=harvard,dc=edu" "userPassword" 
> requested
> => acl_get: [1] check attr userPassword
> <= acl_get: [1] acl uid=rejpz,ou=Development,dc=channing,dc=harvard,dc=edu 
> attr: userPassword
> => acl_mask: access to entry 
> "uid=rejpz,ou=Development,dc=channing,dc=harvard,dc=edu", attr 
> "userPassword" requested
> => acl_mask: to all values by "", (=n)
> <= check a_dn_pat: uid=rejpz,ou=Development,dc=channing,dc=harvard,dc=edu
> => string_expand: pattern:  
> uid=rejpz,ou=Development,dc=channing,dc=harvard,dc=edu
> => string_expand: expanded: 
> uid=rejpz,ou=Development,dc=channing,dc=harvard,dc=edu
> => regex_matches: string:  => regex_matches: rc: 1 no matches
> <= check a_dn_pat: uid=reyaw,ou=LIMS,dc=channing,dc=harvard,dc=edu
> => string_expand: pattern:  
> uid=reyaw,ou=LIMS,dc=channing,dc=harvard,dc=edu
> => string_expand: expanded: 
> uid=reyaw,ou=LIMS,dc=channing,dc=harvard,dc=edu
> => regex_matches: string:  => regex_matches: rc: 1 no matches
> <= check a_dn_pat: self
> <= check a_dn_pat: *
> <= acl_mask: [4] applying write (=wrscx) (stop)
> <= acl_mask: [4] mask: write (=wrscx)
> => access_allowed: auth access granted by write (=wrscx)
> entry_rdwr_runlock: ID: 95
> ====> cache_return_entry_r( 95 ): returned (0)
> do_bind: v3 bind: "uid=rejpz,ou=Development,dc=channing,dc=harvard,dc=edu" 
> to "uid=rejpz,ou=Development,dc=channing,dc=harvard,dc=edu"
> send_ldap_result: conn=4 op=0 p=3
> send_ldap_result: 0::
> send_ldap_response: msgid=1 tag=97 err=0
> ber_flush: 14 bytes to sd 12 
>
> <tons of ber_dump snipped> 
>
> modifications:
> daemon: select: listen=7 active_threads=1 tvp=NULL
>    replace: objectClass
> daemon: select: listen=8 active_threads=1 tvp=NULL
>    replace: mail
> daemon: select: listen=9 active_threads=1 tvp=NULL
>    replace: sn
>    replace: uid
>    replace: cn
>    replace: ou
>    replace: facsimileTelephoneNumber
>    replace: labeledURI
>    replace: telephoneNumber
>    replace: street
>    replace: personalTitle
>    replace: o
>    replace: userPassword
> conn=11 op=1 MOD dn="uid=example,ou=LIMS,dc=channing,dc=harvard,dc=edu"
> dn2entry_r: dn: "UID=EXAMPLE,OU=LIMS,DC=CHANNING,DC=HARVARD,DC=EDU"
> => dn2id( "UID=EXAMPLE,OU=LIMS,DC=CHANNING,DC=HARVARD,DC=EDU" )
> => ldbm_cache_open( "/usr/local/var/openldap-ldbm//dn2id.dbb", 3, 600 )
> <= ldbm_cache_open (cache 0)
> <= dn2id 122
> => id2entry_r( 122 )
> => ldbm_cache_open( "/usr/local/var/openldap-ldbm//id2entry.dbb", 3, 600 )
> <= ldbm_cache_open (cache 1)
> => str2entry
> <= str2entry(uid=example,ou=LIMS,dc=channing,dc=harvard,dc=edu) -> -1 
> (0x80ef128)
> entry_rdwr_rlock: ID: 122
> <= id2entry_r( 122 ) 0x80ef128 (disk)
> entry_rdwr_runlock: ID: 122
> ====> cache_return_entry_r( 122 ): created (0)
> send_ldap_result: conn=11 op=1 p=3
> send_ldap_result: 10::
> send_ldap_response: msgid=2 tag=103 err=32
> ber_flush: 14 bytes to sd 18
>  0000:  30 0c 02 01 02 67 07 0a  01 20 04 00 04 00         0....g... ....  
> ldap_write: want=14, written=14
>  0000:  30 0c 02 01 02 67 07 0a  01 20 04 00 04 00         0....g... ....  
> conn=11 op=1 RESULT tag=103 err=32 text=
> daemon: activity on 1 descriptors
> daemon: activity on: 18r
> daemon: read activity on 18
> connection_get(18)
> connection_get(18): got connid=11
> connection_read(18): checking for input on id=11
> ber_get_next
> ldap_read: want=1, got=1
>  0000:  30                                                 0               
> ldap_read: want=1, got=1
>  0000:  05                                                 .               
> ldap_read: want=5, got=5
>  0000:  02 01 03 42 00                                     ...B.           
> ber_get_next: tag 0x30 len 5 contents:
> ber_dump: buf=0x080e89d8 ptr=0x080e89d8 end=0x080e89dd len=5
>  0000:  02 01 03 42 00                                     ...B.           
> do_unbind
> ber_get_next
> ldap_read: want=1, got=0 
>
> ber_get_next on fd 18 failed errno=0 (Success)
> conn=11 op=2 UNBIND
> connection_read(18): input error=-2 id=11, closing.
> connection_closing: readying conn=11 sd=18 for close
> connection_close: deferring conn=11 sd=18
> connection_resched: reaquiring locks conn=11 sd=18
> daemon: select: listen=6 active_threads=1 tvp=NULL
> connection_resched: attempting closing conn=11 sd=18
> daemon: select: listen=7 active_threads=1 tvp=NULL
> connection_close: conn=11 sd=18
> daemon: select: listen=8 active_threads=1 tvp=NULL
> daemon: removing 18
> daemon: select: listen=9 active_threads=1 tvp=NULL
> conn=-1 fd=18 closed
> daemon: activity on 1 descriptors
> daemon: select: listen=6 active_threads=0 tvp=NULL
> daemon: select: listen=7 active_threads=0 tvp=NULL
> daemon: select: listen=8 active_threads=0 tvp=NULL
> daemon: select: listen=9 active_threads=0 tvp=NULL 
>
>
> Pierangelo Masarati wrote: 
>
> > John Ziniti writes: 
> >
> > > > It means the PARENT does not exist.  Looks like you're
> > > > trying to add an entry BEFORE adding the entry corresponding
> > > > to the suffix of your database.
> > >  
> > >
> > > I thought that at first, but the PARENT is without
> > > a doubt in the database.  Evidence:
> > > $ ldapmodify -D <ROOTDN> -f modifications.ldif
> > > $ ldapmodify -D <OTHERDN> -f modifications.ldif
> > > The first succeeds and the second fails with "No such object".
> >  
> >
> > I suggest you turn on debugging in slapd (-d -1) and check where
> > the error occurs; what version of slapd/ldapmodify are you using?
> > Pierangelo 
> >
> > Dr. Pierangelo Masarati               | voice: +39 02 2399 8309
> > Dip. Ing. Aerospaziale                | fax:   +39 02 2399 8334
> > Politecnico di Milano                 | 
> > mailto:pierangelo.masarati@polimi.it
> > via La Masa 34, 20156 Milano, Italy   | 
> > http://www.aero.polimi.it/~masarati 



Dr. Pierangelo Masarati               | voice: +39 02 2399 8309
Dip. Ing. Aerospaziale                | fax:   +39 02 2399 8334
Politecnico di Milano                 | mailto:pierangelo.masarati@polimi.it
via La Masa 34, 20156 Milano, Italy   | http://www.aero.polimi.it/~masarati