You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Emmanuel Lecharny (JIRA)" <ji...@apache.org> on 2014/03/14 21:04:44 UTC
[jira] [Commented] (DIRSERVER-1964) Duplicate DN returned
[ https://issues.apache.org/jira/browse/DIRSERVER-1964?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13935553#comment-13935553 ]
Emmanuel Lecharny commented on DIRSERVER-1964:
----------------------------------------------
On 1.5.7, yes, everything is possible... We have fixed 419 issues in 16 releases since 1.5.7
> Duplicate DN returned
> ---------------------
>
> Key: DIRSERVER-1964
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1964
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: core
> Affects Versions: 1.5.7
> Reporter: Pierre-Luc Lacroix
>
> A single user started complaining that he was unable to login. When looking at the logs, we noticed the following entry:
> "result: 4 Size limit exceeded"
> Curious, I sent the same ldapsearch request to see why more than one user would be returned:
> # ldapsearch -x -h 192.168.1.150 -p 1850 -D "dc=authserver" -b "dc=authserver" "(&(cn=user50)(ou=UAT))" -w password -M -z 1 -l 5
> # extended LDIF
> #
> # LDAPv3
> # base <dc=authserver> with scope subtree # filter: (&(cn=user50)(ou=UAT)) # requesting: ALL # with manageDSAit control #
> # user50, UAT, authserver
> dn: cn=user50,ou=UAT,dc=authserver
> sn: user50
> name: user50
> userPassword:: MWYzNGJkMTctMjFhOS00ZDM2LWI4MzgtZDEwNDZmNmZiZGQ3
> objectClass: person
> objectClass: extensibleObject
> objectClass: top
> ou: UAT
> cn: user50
> # search result
> search: 2
> result: 4 Size limit exceeded
> # numResponses: 2
> # numEntries: 1
> Running the same, but with a higher value of -z (-z 1000):
> # ldapsearch -x -h 192.168.1.150 -p 1850 -D "dc=authserver" -b "dc=authserver" "(&(cn=user50)(ou=UAT))" -w password -M -z 1000 -l 5
> # extended LDIF
> #
> # LDAPv3
> # base <dc=authserver> with scope subtree # filter: (&(cn=user50)(ou=UAT)) # requesting: ALL # with manageDSAit control #
> # user50, UAT, authserver
> dn: cn=user50,ou=UAT,dc=authserver
> sn: user50
> name: user50
> userPassword:: MWYzNGJkMTctMjFhOS00ZDM2LWI4MzgtZDEwNDZmNmZiZGQ3
> objectClass: person
> objectClass: extensibleObject
> objectClass: top
> ou: UAT
> cn: user50
> # user50, UAT, authserver
> dn: cn=user50,ou=UAT,dc=authserver
> sn: user50
> name: user50
> userPassword:: YTg1NTM2MDMtZWQ1NS00OGQ4LWFlNjMtOTRkN2YwMzg1OGFj
> objectClass: person
> objectClass: extensibleObject
> objectClass: top
> ou: UAT
> cn: user50
> # search result
> search: 2
> result: 0 Success
> # numResponses: 3
> # numEntries: 2
> You can see that both entries have the exact same "dn":
> dn: cn=user50,ou=UAT,dc=authserver
> dn: cn=user50,ou=UAT,dc=authserver
> When looking at the code, I tried to reproduce the same issue in a different environment, but the CoreSession object will actually not allow you to add duplicate entries, throwing the following exception:
> org.apache.directory.shared.ldap.exception.LdapEntryAlreadyExistsException: ERR_250 cn=user50,ou=UAT,dc=authserver already exists!
> Is it possible that a bug in ApacheDS has corrupted the internal database?
> Thank you.
--
This message was sent by Atlassian JIRA
(v6.2#6252)