[Date Prev][Date Next] [Chronological] [Thread] [Top]
Re: (ITS#5296) Search netgroup by triple don't report existing entry

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#5296) Search netgroup by triple don't report existing entry
From: quanah@zimbra.com
Date: Fri, 21 Dec 2007 17:51:26 GMT
Please verify if this issue occurs in OpenLDAP 2.4.7.  Thanks.

--Quanah

--On December 21, 2007 11:37:38 AM +0000 rochette_jean-louis@emc.com wrote:

> Full_Name: Jean-Louis ROCHETTE
> Version: 2.3.39
> OS: Linux Fedora
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (152.62.109.163)
>
>
> Brief description of the problem
> --------------------------------
> Lookup of a netgroup by triple doesn't work in last stable release slapd
> 2.3.39, though it worked well with slapd 2.3.27.
> This looks like a regression in slapd.
> This should be easy to reproduce.
> The problem was first noticed in slapd 2.3.30.
> The lookup by triple succeeds with a iPlanet server.
>
>
> Details
> -------
> Let's define a host, and a netgroup with a single triple designating this
> host:
>
> dn: cn=r2d2,ou=Hosts,dc=devldapdom1,dc=lcsc
> objectClass: top
> objectClass: ipHost
> objectClass: device
> ipHostNumber: 192.168.5.69
> cn: r2d2
>
> dn: cn=r2d2netg,ou=netgroup,dc=devldapdom1,dc=lcsc
> objectClass: top
> objectClass: nisNetgroup
> cn: r2d2netg
> description: netgroup r2d2netg to test AR 98216
> nisNetgroupTriple: (r2d2,,)
>
> The syntax for the nisNetgroupTriple attribute is IA5String (instead of
> Netgroup Triple):
> attributeTypes: ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Netgroup
> triple' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
>
>
> 1) *** Test with slapd 2.3.27 : OK ***
> jlr@SUSE-LDAP1(53) uname -a
> Linux SUSE-LDAP1 2.6.18.2-34-default #1 SMP Mon Nov 27 11:46:27 UTC 2006
> i686 i686 i386 GNU/Linux
> jlr@SUSE-LDAP1(42) ps -ef |grep slap
> ldap      3774     1  0 Nov29 ?        00:04:47 /usr/lib/openldap/slapd -h
> ldap:/// -u ldap -g ldap -o slp=on
> jlr@SUSE-LDAP1(45) /usr/lib/openldap/slapd -V
> @(#) $OpenLDAP: slapd 2.3.27 (Nov 25 2006 17:08:16) $
>
> abuild@eisler:/usr/src/packages/BUILD/openldap-2.3.27/servers/slapd
> jlr@SUSE-LDAP1(46) ldapsearch -V
> ldapsearch: @(#) $OpenLDAP: ldapsearch 2.3.27 (Nov 25 2006 17:09:14) $
>         abuild@dale:/usr/src/packages/BUILD/openldap-2.3.27/clients/tools
>         (LDAP library: OpenLDAP 20327)
>
> // locate the netgroup by name -> find r2d2netg with triple (r2d2,,) : OK
> jlr@SUSE-LDAP1(49) ldapsearch -x -b "ou=netgroup,dc=devldapdom1,dc=lcsc"
> -s one "(&(objectClass=nisNetgroup)(cn=r2d2netg))" cn nisNetgroupTriple
># extended LDIF
>#
># LDAPv3
># base <ou=netgroup,dc=devldapdom1,dc=lcsc> with scope oneLevel
># filter: (&(objectClass=nisNetgroup)(cn=r2d2netg))
># requesting: cn nisNetgroupTriple
>#
>
># r2d2netg, netgroup, devldapdom1.lcsc
> dn: cn=r2d2netg,ou=netgroup,dc=devldapdom1,dc=lcsc
> cn: r2d2netg
> nisNetgroupTriple: (r2d2,,)
>
># search result
> search: 2
> result: 0 Success
>
># numResponses: 2
># numEntries: 1
>
> // locate the netgroup by triple -> found too, ok.
> jlr@SUSE-LDAP1(52) ldapsearch -x -b "ou=netgroup,dc=devldapdom1,dc=lcsc"
> -s one "(&(objectClass=nisNetgroup)(nisNetgroupTriple=\(r2d2,,\)))" cn
># extended LDIF
>#
># LDAPv3
># base <ou=netgroup,dc=devldapdom1,dc=lcsc> with scope oneLevel
># filter: (&(objectClass=nisNetgroup)(nisNetgroupTriple=\(r2d2,,\)))
># requesting: cn
>#
>
># r2d2netg, netgroup, devldapdom1.lcsc
> dn: cn=r2d2netg,ou=netgroup,dc=devldapdom1,dc=lcsc
> cn: r2d2netg
>
># search result
> search: 2
> result: 0 Success
>
># numResponses: 2
># numEntries: 1
>
>
> 2) *** Test with slapd 2.3.39 : PROBLEM ***
> jlr@newlnxjlr(19) uname -a
> Linux newlnxjlr 2.6.18-1.2798.fc6 #1 SMP Mon Oct 16 14:37:32 EDT 2006
> i686 i686 i386 GNU/Linux
> jlr@newlnxjlr(17) ps -ef |grep slap
> ldap      4684     1  0 Dec20 ?        00:00:00 /usr/sbin/slapd -h
> ldap:/// -u ldap
> jlr@newlnxjlr(18) /usr/sbin/slapd -V
> @(#) $OpenLDAP: slapd 2.3.39 (Dec 20 2007 17:00:06) $
>         jlr@newlnxjlr:/tmp/openldap-2.3.39/servers/slapd
> jlr@newlnxjlr(20) ldapsearch -V
> ldapsearch: @(#) $OpenLDAP: ldapsearch 2.3.39 (Dec 20 2007 16:58:50) $
>         jlr@newlnxjlr:/tmp/openldap-2.3.39/clients/tools
>         (LDAP library: OpenLDAP 20339)
> // this server is a replicate of previous one
>
> // locate the netgroup by name -> find r2d2netg with triple (r2d2,,) : OK
> jlr@newlnxjlr(24) ldapsearch -x -b "ou=netgroup,dc=devldapdom1,dc=lcsc"
> -s one "(&(objectClass=nisNetgroup)(cn=r2d2netg))" cn nisNetgroupTriple
># extended LDIF
>#
># LDAPv3
># base <ou=netgroup,dc=devldapdom1,dc=lcsc> with scope oneLevel
># filter: (&(objectClass=nisNetgroup)(cn=r2d2netg))
># requesting: cn nisNetgroupTriple
>#
>
># r2d2netg, netgroup, devldapdom1.lcsc
> dn: cn=r2d2netg,ou=netgroup,dc=devldapdom1,dc=lcsc
> cn: r2d2netg
> nisNetgroupTriple: (r2d2,,)
>
># search result
> search: 2
> result: 0 Success
>
># numResponses: 2
># numEntries: 1
>
> // locate the netgroup by triple -> NOT FOUND? PROBLEM.
> jlr@newlnxjlr(25) ldapsearch -x -b "ou=netgroup,dc=devldapdom1,dc=lcsc"
> -s one "(&(objectClass=nisNetgroup)(nisNetgroupTriple=\(r2d2,,\)))" cn
># extended LDIF
>#
># LDAPv3
># base <ou=netgroup,dc=devldapdom1,dc=lcsc> with scope oneLevel
># filter: (&(objectClass=nisNetgroup)(nisNetgroupTriple=\(r2d2,,\)))
># requesting: cn
>#
>
># search result
> search: 2
> result: 0 Success
>
># numResponses: 1
>
> // eof
>
>



--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration
Prev by Date: Re: (ITS#5297) I have a problem when I switch authldap.schema
Next by Date: Re: (ITS#4982) link libldap_r explicitly with the threading libraries
Index(es):
- Chronological
- Thread