[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6899) Read Entry Control response value is not compliant to definition of SearchResultEntry

To: openldap-its@OpenLDAP.org
Subject: (ITS#6899) Read Entry Control response value is not compliant to definition of SearchResultEntry
From: michael@stroeder.com
Date: Fri, 8 Apr 2011 21:39:52 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Michael Ströder
Version: 2.4.25
OS: 
URL: 
Submission from: (NULL) (84.163.53.138)


The very same client code was successfully tested with OpenDJ 2.4.1 but does not
work with OpenLDAP 2.4.25.

See analysis by pyasn1 developer on the pyasn1 mailing list:

--------------------------------- snip --------------------------------- 
It looks to me that your BER data does not fully match ASN.1 specification for
the SearchResultEntry object. According to RFC2251, the grammar is as follows:

        SearchResultEntry ::= [APPLICATION 4] SEQUENCE {
             objectName      LDAPDN,
             attributes      PartialAttributeList }

...

Notice the [implicitly] tagged outer SEQUENCE. In your BER data, that additional
tag seems to be missing and default tag for SEQUENCE type is
used instead.

If you modify the original pyasn1 grammar for SearchResultEntry object to match
your BER data (but not the standard!), pyasn1 decoder succeeds.

>>> from pyasn1_modules.rfc2251 import SearchResultEntry
>>> from pyasn1.type.univ import Sequence
>>> from pyasn1.codec.ber import decoder
>>> ber = '0c\x043cn=Samba Unix UID 
Pool,ou=Testing,dc=stroeder,dc=de0,0\x14\x04\tuidNumber1\x07\x04\x05100050\x14\x04\tgidNumber1\x07\x04\x0510005'
>>> SearchResultEntry.tagSet
TagSet(Tag(tagClass=64, tagFormat=32, tagId=4))
# the following statement will invalidate SearchResultEntry grammar!
>>> SearchResultEntry.tagSet = univ.Sequence.tagSet
>>> SearchResultEntry.tagSet
TagSet(Tag(tagClass=0, tagFormat=32, tagId=16))
>>> searchResultEntry, _ = decoder.decode(ber,asn1Spec=SearchResultEntry())
>>> print searchResultEntry.prettyPrint()
SearchResultEntry:
 objectName='cn=Samba Unix UID Pool,ou=Testing,dc=stroeder,dc=de'
 attributes=PartialAttributeList:
  Sequence:
   type='uidNumber'
   vals=SetOf:
    '10005'
  Sequence:
   type='gidNumber'
   vals=SetOf:
    '10005'
>>>

Therefore my impression is that OpenLDAP yields incorrect BER data for
SearchResultEntry object. What do you think?

Cheers,
Ilya

> I'd like to decode a LDAPv3 control value returned by OpenLDAP 2.4.25 when
> Pre-Read-Control was sent along with a LDAP modify request. But decoding it
> does not work.
>
> Short example:
>
>>>> from pyasn1_modules.rfc2251 import SearchResultEntry
>>>> from pyasn1.codec.ber import decoder
>>>> ber = '0c\x043cn=Samba Unix UID
> Pool,ou=Testing,dc=stroeder,dc=de0,0\x14\x04\tuidNumber1\x07\x04\x05100050\x14\x04\tgidNumber1\x07\x04\x0510005'
>>>> decoder.decode(ber,asn1Spec=SearchResultEntry())
> Traceback (most recent call last):
>  File "<stdin>", line 1, in <module>
>  File
> "/usr/local/lib/python2.6/site-packages/pyasn1-0.0.13a-py2.6.egg/pyasn1/codec/ber/decoder.py",
> line 663, in __call__
>    '%s not in asn1Spec: %s' % (tagSet, repr(asn1Spec))
> pyasn1.error.PyAsn1Error: TagSet(Tag(tagClass=0, tagFormat=32, tagId=16)) not
> in asn1Spec: SearchResultEntry()
>>>>

Prev by Date: Re: (ITS#6892) Segfault in Syncprov overlay
Next by Date: RE: (ITS#6898)
Index(es):
- Chronological
- Thread