You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@directory.apache.org by Markus Pohle <ap...@webunity.de> on 2007/10/05 19:03:30 UTC
[ApacheDS 1.5.1] unable to search for uniqueMember
Hi List Members,
I installed ApacheDS in Version 1.5.1 on Linux (Centos 4.3) with Sun
JDK 1.5.0_10 with the rpm pachage available as download from
directory.apache.org.
After installation I configured my own partion in server.xml and
created a basic ldap structur with some content. (server.xml and ldif
file can be found here:
http://www.webunity.de/apacheds1.5.1/uniqueMemberIssue)
When I connect to the server with Apache Directory Studio and do a
search by hitting control-h and setting search base as
"dc=douglasholding", filter as "(uid=*kelly*)" and scope as "Subtree"
I get as result 2 entrys, one real user and the corresponding alias
object.
When I now try to do a search with the above conditions except that I
set the search filter to "(uniqueMember=*kelly*)" the Directory Studio
gives as result:
Error while performing search
[LDAP: error code 33 - failed on search operation: Unexpected exception.]
[LDAP: error code 33 - failed on search operation: Unexpected exception.]
Now I tried that from a bash with ldapsearch. Searching for uid
delivers the following:
[root@backupserv ~]# ldapsearch -h apacheds2.douglas-informatik.de -p
10389 -x -D "uid=admin,ou=system" -w secret -b "dc=DOUGLASHOLDING" -s
sub "(uid=*kelly*)"
Result: 2
But searching for uniqueMember delivers:
[root@backupserv ~]# ldapsearch -h apacheds2.douglas-informatik.de -p
10389 -x -D "uid=admin,ou=system" -w secret -b "dc=DOUGLASHOLDING" -s
sub "(uniqueMember=*kelly*)"
# extended LDIF
#
# LDAPv3
# base <dc=DOUGLASHOLDING> with scope sub
# filter: (uniqueMember=*kelly*)
# requesting: ALL
#
# search result
search: 2
result: 33 Alias problem
text: failed on search operation: Unexpected exception.
# numResponses: 1
Does anybody know what that happens? Any tip is appreciated!
TIA
Markus Pohle
Re: [ApacheDS 1.5.1] unable to search for uniqueMember
Posted by Pierre-Arnaud Marcelot <pa...@marcelot.net>.
I opened a Jira today for such a behavior, but it was happening only with
custom attributes.
https://issues.apache.org/jira/browse/DIRSERVER-1083
Maybe it's the same problem as yours Markus.
P-A
On 10/5/07, Emmanuel Lecharny <el...@gmail.com> wrote:
>
> Ok, we don't have JIRA for this bug.
>
> Can you fill one please ?
>
> Thanks !
>
> On 10/5/07, Emmanuel Lecharny <el...@gmail.com> wrote:
> > Hi Markus,
> >
> > seems to be a bug ...
> >
> > I don't really remember, but I think we already have a JIRA open about
> it.
> >
> > Let me dig it
> >
> > On 10/5/07, Markus Pohle <ap...@webunity.de> wrote:
> > >
> > > Hi List Members,
> > >
> > > I installed ApacheDS in Version 1.5.1 on Linux (Centos 4.3) with Sun
> > > JDK 1.5.0_10 with the rpm pachage available as download from
> > > directory.apache.org.
> > >
> > > After installation I configured my own partion in server.xml and
> > > created a basic ldap structur with some content. (server.xml and ldif
> > > file can be found here:
> > > http://www.webunity.de/apacheds1.5.1/uniqueMemberIssue)
> > >
> > > When I connect to the server with Apache Directory Studio and do a
> > > search by hitting control-h and setting search base as
> > > "dc=douglasholding", filter as "(uid=*kelly*)" and scope as "Subtree"
> > > I get as result 2 entrys, one real user and the corresponding alias
> > > object.
> > >
> > > When I now try to do a search with the above conditions except that I
> > > set the search filter to "(uniqueMember=*kelly*)" the Directory Studio
> > > gives as result:
> > > Error while performing search
> > > [LDAP: error code 33 - failed on search operation: Unexpected
> exception.]
> > > [LDAP: error code 33 - failed on search operation: Unexpected
> exception.]
> > >
> > >
> > > Now I tried that from a bash with ldapsearch. Searching for uid
> > > delivers the following:
> > > [root@backupserv ~]# ldapsearch -h apacheds2.douglas-informatik.de -p
> > > 10389 -x -D "uid=admin,ou=system" -w secret -b "dc=DOUGLASHOLDING" -s
> > > sub "(uid=*kelly*)"
> > > Result: 2
> > >
> > > But searching for uniqueMember delivers:
> > > [root@backupserv ~]# ldapsearch -h apacheds2.douglas-informatik.de -p
> > > 10389 -x -D "uid=admin,ou=system" -w secret -b "dc=DOUGLASHOLDING" -s
> > > sub "(uniqueMember=*kelly*)"
> > > # extended LDIF
> > > #
> > > # LDAPv3
> > > # base <dc=DOUGLASHOLDING> with scope sub
> > > # filter: (uniqueMember=*kelly*)
> > > # requesting: ALL
> > > #
> > >
> > > # search result
> > > search: 2
> > > result: 33 Alias problem
> > > text: failed on search operation: Unexpected exception.
> > >
> > > # numResponses: 1
> > >
> > >
> > > Does anybody know what that happens? Any tip is appreciated!
> > >
> > > TIA
> > > Markus Pohle
> > >
> > >
> >
> >
> > --
> > Regards,
> > Cordialement,
> > Emmanuel Lécharny
> > www.iktek.com
> >
>
>
> --
> Regards,
> Cordialement,
> Emmanuel Lécharny
> www.iktek.com
>
Re: [ApacheDS 1.5.1] unable to search for uniqueMember
Posted by Emmanuel Lecharny <el...@gmail.com>.
Ok, we don't have JIRA for this bug.
Can you fill one please ?
Thanks !
On 10/5/07, Emmanuel Lecharny <el...@gmail.com> wrote:
> Hi Markus,
>
> seems to be a bug ...
>
> I don't really remember, but I think we already have a JIRA open about it.
>
> Let me dig it
>
> On 10/5/07, Markus Pohle <ap...@webunity.de> wrote:
> >
> > Hi List Members,
> >
> > I installed ApacheDS in Version 1.5.1 on Linux (Centos 4.3) with Sun
> > JDK 1.5.0_10 with the rpm pachage available as download from
> > directory.apache.org.
> >
> > After installation I configured my own partion in server.xml and
> > created a basic ldap structur with some content. (server.xml and ldif
> > file can be found here:
> > http://www.webunity.de/apacheds1.5.1/uniqueMemberIssue)
> >
> > When I connect to the server with Apache Directory Studio and do a
> > search by hitting control-h and setting search base as
> > "dc=douglasholding", filter as "(uid=*kelly*)" and scope as "Subtree"
> > I get as result 2 entrys, one real user and the corresponding alias
> > object.
> >
> > When I now try to do a search with the above conditions except that I
> > set the search filter to "(uniqueMember=*kelly*)" the Directory Studio
> > gives as result:
> > Error while performing search
> > [LDAP: error code 33 - failed on search operation: Unexpected exception.]
> > [LDAP: error code 33 - failed on search operation: Unexpected exception.]
> >
> >
> > Now I tried that from a bash with ldapsearch. Searching for uid
> > delivers the following:
> > [root@backupserv ~]# ldapsearch -h apacheds2.douglas-informatik.de -p
> > 10389 -x -D "uid=admin,ou=system" -w secret -b "dc=DOUGLASHOLDING" -s
> > sub "(uid=*kelly*)"
> > Result: 2
> >
> > But searching for uniqueMember delivers:
> > [root@backupserv ~]# ldapsearch -h apacheds2.douglas-informatik.de -p
> > 10389 -x -D "uid=admin,ou=system" -w secret -b "dc=DOUGLASHOLDING" -s
> > sub "(uniqueMember=*kelly*)"
> > # extended LDIF
> > #
> > # LDAPv3
> > # base <dc=DOUGLASHOLDING> with scope sub
> > # filter: (uniqueMember=*kelly*)
> > # requesting: ALL
> > #
> >
> > # search result
> > search: 2
> > result: 33 Alias problem
> > text: failed on search operation: Unexpected exception.
> >
> > # numResponses: 1
> >
> >
> > Does anybody know what that happens? Any tip is appreciated!
> >
> > TIA
> > Markus Pohle
> >
> >
>
>
> --
> Regards,
> Cordialement,
> Emmanuel Lécharny
> www.iktek.com
>
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com
Re: [ApacheDS 1.5.1] unable to search for uniqueMember
Posted by Emmanuel Lecharny <el...@gmail.com>.
Hi Markus,
seems to be a bug ...
I don't really remember, but I think we already have a JIRA open about it.
Let me dig it
On 10/5/07, Markus Pohle <ap...@webunity.de> wrote:
>
> Hi List Members,
>
> I installed ApacheDS in Version 1.5.1 on Linux (Centos 4.3) with Sun
> JDK 1.5.0_10 with the rpm pachage available as download from
> directory.apache.org.
>
> After installation I configured my own partion in server.xml and
> created a basic ldap structur with some content. (server.xml and ldif
> file can be found here:
> http://www.webunity.de/apacheds1.5.1/uniqueMemberIssue)
>
> When I connect to the server with Apache Directory Studio and do a
> search by hitting control-h and setting search base as
> "dc=douglasholding", filter as "(uid=*kelly*)" and scope as "Subtree"
> I get as result 2 entrys, one real user and the corresponding alias
> object.
>
> When I now try to do a search with the above conditions except that I
> set the search filter to "(uniqueMember=*kelly*)" the Directory Studio
> gives as result:
> Error while performing search
> [LDAP: error code 33 - failed on search operation: Unexpected exception.]
> [LDAP: error code 33 - failed on search operation: Unexpected exception.]
>
>
> Now I tried that from a bash with ldapsearch. Searching for uid
> delivers the following:
> [root@backupserv ~]# ldapsearch -h apacheds2.douglas-informatik.de -p
> 10389 -x -D "uid=admin,ou=system" -w secret -b "dc=DOUGLASHOLDING" -s
> sub "(uid=*kelly*)"
> Result: 2
>
> But searching for uniqueMember delivers:
> [root@backupserv ~]# ldapsearch -h apacheds2.douglas-informatik.de -p
> 10389 -x -D "uid=admin,ou=system" -w secret -b "dc=DOUGLASHOLDING" -s
> sub "(uniqueMember=*kelly*)"
> # extended LDIF
> #
> # LDAPv3
> # base <dc=DOUGLASHOLDING> with scope sub
> # filter: (uniqueMember=*kelly*)
> # requesting: ALL
> #
>
> # search result
> search: 2
> result: 33 Alias problem
> text: failed on search operation: Unexpected exception.
>
> # numResponses: 1
>
>
> Does anybody know what that happens? Any tip is appreciated!
>
> TIA
> Markus Pohle
>
>
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com
Re: [ApacheDS 1.5.1] unable to search for uniqueMember
Posted by Alex Karasulu <ak...@apache.org>.
Perhaps extensible matching rules can be used for such corner cases?
Alex
On 10/8/07, Emmanuel Lecharny <el...@gmail.com> wrote:
>
> Hi,
>
> 1.5.0 was buggy, so we released 1.5.1
>
> 1.5.1 is much more strict regarding search requests, and this is why
> what was possible with the old version is not anymore allowad.
>
> Again, doing a seach with (uniqueMember=uid*) is _not_ allowed by the
> LDAP specification. At best, you should get an empty list.
>
> Substring search are valid for strings. A DN is not as string.
>
> On 10/8/07, Markus Pohle <ap...@webunity.de> wrote:
> >
> > Hi Emmanuel,
> >
> > nope sorry - that doesn't make it clearer for me - seems I am too
> > dump...?!??!
> >
> > Why I am able to do such a search for uniqueMember in an ApacheDS
> > Version 1.5.0 and within the snapshot build that Alex made for me some
> > weeks ago?
> >
> > I am totally confused and apologize for that!
> >
> > Markus
> >
> > Emmanuel Lecharny schrieb:
> > > Hi Markus,
> > >
> > > the UniqueMember attributeType is a distinguishedName, which is not a
> > > string. Doing a substring search on a non-string object is not
> > > possible (in fact, it should be treated as undefined - see RFC 4511,
> > > par. 4.5.1.7)
> > >
> > > You cannot get any result with such a filter :
> > > (uniqueMember=uid=g.kelly*)
> > >
> > > Nor can you with :
> > > (ObjectClass=orga*)
> > >
> > > Currently, you will simply get a NPE, which will translate to an
> > > Unexpected Exception on the client side.
> > >
> > > I'm currently investigating what we should return, and I think the
> > > client should receive an empty result instead of an exception.
> > >
> > > I hope it's clear enough
> > >
> > > Emmanuel
> > >
> >
>
>
> --
> Regards,
> Cordialement,
> Emmanuel Lécharny
> www.iktek.com
>
Re: [ApacheDS 1.5.1] unable to search for uniqueMember
Posted by Emmanuel Lecharny <el...@gmail.com>.
On 10/8/07, Markus Pohle <ap...@webunity.de> wrote:
> Is there a way to do that kind of search with a different way within
> Directory Studio? I ask that because I have to handle a large amount of
> LDAP information where I often need to search for such a think like
> (uniqueMember=uid=g.kelly*)
The big problem with such searches is that it's simply not allowed !
At least, you can't rely on any result a server will give you back,
because the result is supposed to be undefined !
Here, what you are trying to search for is every objects which
uniqueMember starts with a specific value for an UID. I see no other
way than doing it through two requests :
for each object which has the uniqueMember attribute set (Uniquemember=*)
do
String uniqueMember = object.getAttribute( "unqieMember" );
if ( uniqueMember.startswith( "uid=g.kelly" )
{
// This is a correct object
}
done
>
> More and more often I realize that LDAP is not that "Lightweight" its
> name implies :-)
The "Lightweight" applies to the protocol, not the server itself :)
And if you ever read X.500 specification, you will see that LDAP is
really much more simple, even if LDAP is now slowly moving to add
X.500 features, because X.500 just came 20 years to early....
FYI, we are trying to get a workaround for your problem : if there is
no Substring MatchingRule for an AttributeType, then it will default
to the Equality matching rule. This way, you will be able to use
(UniqueMember=uid=g.kelly*). But be aware that if you try
(UniqueMember=UID=g.kelly*), it will simply fail...
>
> Sorry for all my questions
>
> Markus
>
> Emmanuel Lecharny schrieb:
> > Hi,
> >
> > 1.5.0 was buggy, so we released 1.5.1
> >
> > 1.5.1 is much more strict regarding search requests, and this is why
> > what was possible with the old version is not anymore allowad.
> >
> > Again, doing a seach with (uniqueMember=uid*) is _not_ allowed by the
> > LDAP specification. At best, you should get an empty list.
> >
> > Substring search are valid for strings. A DN is not as string.
> >
> > On 10/8/07, Markus Pohle <ap...@webunity.de> wrote:
> >> Hi Emmanuel,
> >>
> >> nope sorry - that doesn't make it clearer for me - seems I am too
> >> dump...?!??!
> >>
> >> Why I am able to do such a search for uniqueMember in an ApacheDS
> >> Version 1.5.0 and within the snapshot build that Alex made for me some
> >> weeks ago?
> >>
> >> I am totally confused and apologize for that!
> >>
> >> Markus
> >>
> >> Emmanuel Lecharny schrieb:
> >>> Hi Markus,
> >>>
> >>> the UniqueMember attributeType is a distinguishedName, which is not a
> >>> string. Doing a substring search on a non-string object is not
> >>> possible (in fact, it should be treated as undefined - see RFC 4511,
> >>> par. 4.5.1.7)
> >>>
> >>> You cannot get any result with such a filter :
> >>> (uniqueMember=uid=g.kelly*)
> >>>
> >>> Nor can you with :
> >>> (ObjectClass=orga*)
> >>>
> >>> Currently, you will simply get a NPE, which will translate to an
> >>> Unexpected Exception on the client side.
> >>>
> >>> I'm currently investigating what we should return, and I think the
> >>> client should receive an empty result instead of an exception.
> >>>
> >>> I hope it's clear enough
> >>>
> >>> Emmanuel
> >>>
> >
> >
>
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com
Re: [ApacheDS 1.5.1] unable to search for uniqueMember
Posted by Markus Pohle <ap...@webunity.de>.
Ok, i see!
I do understand that ApacheDS 1.5.0 was buggy and therefor version 1.5.1
was released which is stricter regarding search requests.
Is there a way to do that kind of search with a different way within
Directory Studio? I ask that because I have to handle a large amount of
LDAP information where I often need to search for such a think like
(uniqueMember=uid=g.kelly*)
More and more often I realize that LDAP is not that "Lightweight" its
name implies :-)
Sorry for all my questions
Markus
Emmanuel Lecharny schrieb:
> Hi,
>
> 1.5.0 was buggy, so we released 1.5.1
>
> 1.5.1 is much more strict regarding search requests, and this is why
> what was possible with the old version is not anymore allowad.
>
> Again, doing a seach with (uniqueMember=uid*) is _not_ allowed by the
> LDAP specification. At best, you should get an empty list.
>
> Substring search are valid for strings. A DN is not as string.
>
> On 10/8/07, Markus Pohle <ap...@webunity.de> wrote:
>> Hi Emmanuel,
>>
>> nope sorry - that doesn't make it clearer for me - seems I am too
>> dump...?!??!
>>
>> Why I am able to do such a search for uniqueMember in an ApacheDS
>> Version 1.5.0 and within the snapshot build that Alex made for me some
>> weeks ago?
>>
>> I am totally confused and apologize for that!
>>
>> Markus
>>
>> Emmanuel Lecharny schrieb:
>>> Hi Markus,
>>>
>>> the UniqueMember attributeType is a distinguishedName, which is not a
>>> string. Doing a substring search on a non-string object is not
>>> possible (in fact, it should be treated as undefined - see RFC 4511,
>>> par. 4.5.1.7)
>>>
>>> You cannot get any result with such a filter :
>>> (uniqueMember=uid=g.kelly*)
>>>
>>> Nor can you with :
>>> (ObjectClass=orga*)
>>>
>>> Currently, you will simply get a NPE, which will translate to an
>>> Unexpected Exception on the client side.
>>>
>>> I'm currently investigating what we should return, and I think the
>>> client should receive an empty result instead of an exception.
>>>
>>> I hope it's clear enough
>>>
>>> Emmanuel
>>>
>
>
Re: [ApacheDS 1.5.1] unable to search for uniqueMember
Posted by Alex Karasulu <ak...@apache.org>.
On 10/8/07, Emmanuel Lecharny <el...@gmail.com> wrote:
>
> Again, doing a seach with (uniqueMember=uid*) is _not_ allowed by the
> LDAP specification. At best, you should get an empty list.
>
> Substring search are valid for strings. A DN is not as string.
>
This is hard to believe although I totally follow your reasoning. It just
seems like a very
common search to be performing to determine group membership. DN's btw do
have a
string representation defined in RFC's so I don't understand why the
matching would
not be conducted on the string representation.
Also note that you cannot construct a DN with name components using
attributeTypes
that do not have support for equality matching. I don't think the same
applies for substring
matching.
I'm afraid we may be quickly coming to the wrong conclusions on this topic.
Perhaps
we're lacking some additional knowledge. Perhaps we can post some questions
on the
umich LDAP mailing list to get to the bottom of this.
Alex
Re: [ApacheDS 1.5.1] unable to search for uniqueMember
Posted by Emmanuel Lecharny <el...@gmail.com>.
Hi,
1.5.0 was buggy, so we released 1.5.1
1.5.1 is much more strict regarding search requests, and this is why
what was possible with the old version is not anymore allowad.
Again, doing a seach with (uniqueMember=uid*) is _not_ allowed by the
LDAP specification. At best, you should get an empty list.
Substring search are valid for strings. A DN is not as string.
On 10/8/07, Markus Pohle <ap...@webunity.de> wrote:
>
> Hi Emmanuel,
>
> nope sorry - that doesn't make it clearer for me - seems I am too
> dump...?!??!
>
> Why I am able to do such a search for uniqueMember in an ApacheDS
> Version 1.5.0 and within the snapshot build that Alex made for me some
> weeks ago?
>
> I am totally confused and apologize for that!
>
> Markus
>
> Emmanuel Lecharny schrieb:
> > Hi Markus,
> >
> > the UniqueMember attributeType is a distinguishedName, which is not a
> > string. Doing a substring search on a non-string object is not
> > possible (in fact, it should be treated as undefined - see RFC 4511,
> > par. 4.5.1.7)
> >
> > You cannot get any result with such a filter :
> > (uniqueMember=uid=g.kelly*)
> >
> > Nor can you with :
> > (ObjectClass=orga*)
> >
> > Currently, you will simply get a NPE, which will translate to an
> > Unexpected Exception on the client side.
> >
> > I'm currently investigating what we should return, and I think the
> > client should receive an empty result instead of an exception.
> >
> > I hope it's clear enough
> >
> > Emmanuel
> >
>
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com
Re: [ApacheDS 1.5.1] unable to search for uniqueMember
Posted by Markus Pohle <ap...@webunity.de>.
Hi Emmanuel,
nope sorry - that doesn't make it clearer for me - seems I am too
dump...?!??!
Why I am able to do such a search for uniqueMember in an ApacheDS
Version 1.5.0 and within the snapshot build that Alex made for me some
weeks ago?
I am totally confused and apologize for that!
Markus
Emmanuel Lecharny schrieb:
> Hi Markus,
>
> the UniqueMember attributeType is a distinguishedName, which is not a
> string. Doing a substring search on a non-string object is not
> possible (in fact, it should be treated as undefined - see RFC 4511,
> par. 4.5.1.7)
>
> You cannot get any result with such a filter :
> (uniqueMember=uid=g.kelly*)
>
> Nor can you with :
> (ObjectClass=orga*)
>
> Currently, you will simply get a NPE, which will translate to an
> Unexpected Exception on the client side.
>
> I'm currently investigating what we should return, and I think the
> client should receive an empty result instead of an exception.
>
> I hope it's clear enough
>
> Emmanuel
>
Re: [ApacheDS 1.5.1] unable to search for uniqueMember
Posted by Emmanuel Lecharny <el...@gmail.com>.
Hi Markus,
the UniqueMember attributeType is a distinguishedName, which is not a
string. Doing a substring search on a non-string object is not
possible (in fact, it should be treated as undefined - see RFC 4511,
par. 4.5.1.7)
You cannot get any result with such a filter :
(uniqueMember=uid=g.kelly*)
Nor can you with :
(ObjectClass=orga*)
Currently, you will simply get a NPE, which will translate to an
Unexpected Exception on the client side.
I'm currently investigating what we should return, and I think the
client should receive an empty result instead of an exception.
I hope it's clear enough
Emmanuel
On 10/8/07, Markus Pohle <ap...@webunity.de> wrote:
> Hi Emmanuel,
>
> I am a little bit confused! Why is search request not allowed? You said
> that "... there is no SUBSTRING MatchingRule defined for this attribute
> type... " but:
>
> on an installed apacheds-1.5.0 using my own DouglasHoldingPartition same
> to the one that can be downloaded from the URL shown below it is
> possible for me to do such a search
>
> ... and ...
>
> on an installed apacheds-1.5.1-snapshot that Alex Karasulu built for me
> in mid of July when I had probs with the apacheds-tools I am able to do
> a uniqueMember search on my partition.
>
> Maybe a simple explanation for me? That I am able to understand?
>
> TIA
> Markus
>
>
> Emmanuel Lecharny schrieb:
> > Hi Markus,
> >
> > sorry, it should have been obvious to me, but I was deep into the code
> > when you posted this mail.
> >
> > Such search requests (ie, using substring matching with uniqueMember)
> > is simply not allowed : there is no SUBSTRING MatchingRule defined for
> > this attribute type, so any attempt to search it using a substring
> > search will (and must) mail.
> >
> > However, you didn't get a failure, just an empty result.
> >
> > My question would be :
> > - should we generate an error like :
> > Error while performing search
> > [LDAP: error code 36 - failed on search operation: Normalizer for
> > OID 2.5.4.50 does not exist!]
> > ?
> >
> > Or should we just return an empty result ?
> >
> > On 10/5/07, Markus Pohle <ap...@webunity.de> wrote:
> >> Hi List Members,
> >>
> >> I installed ApacheDS in Version 1.5.1 on Linux (Centos 4.3) with Sun
> >> JDK 1.5.0_10 with the rpm pachage available as download from
> >> directory.apache.org.
> >>
> >> After installation I configured my own partion in server.xml and
> >> created a basic ldap structur with some content. (server.xml and ldif
> >> file can be found here:
> >> http://www.webunity.de/apacheds1.5.1/uniqueMemberIssue)
> >>
> >> When I connect to the server with Apache Directory Studio and do a
> >> search by hitting control-h and setting search base as
> >> "dc=douglasholding", filter as "(uid=*kelly*)" and scope as "Subtree"
> >> I get as result 2 entrys, one real user and the corresponding alias
> >> object.
> >>
> >> When I now try to do a search with the above conditions except that I
> >> set the search filter to "(uniqueMember=*kelly*)" the Directory Studio
> >> gives as result:
> >> Error while performing search
> >> [LDAP: error code 33 - failed on search operation: Unexpected exception.]
> >> [LDAP: error code 33 - failed on search operation: Unexpected exception.]
> >>
> >>
> >> Now I tried that from a bash with ldapsearch. Searching for uid
> >> delivers the following:
> >> [root@backupserv ~]# ldapsearch -h apacheds2.douglas-informatik.de -p
> >> 10389 -x -D "uid=admin,ou=system" -w secret -b "dc=DOUGLASHOLDING" -s
> >> sub "(uid=*kelly*)"
> >> Result: 2
> >>
> >> But searching for uniqueMember delivers:
> >> [root@backupserv ~]# ldapsearch -h apacheds2.douglas-informatik.de -p
> >> 10389 -x -D "uid=admin,ou=system" -w secret -b "dc=DOUGLASHOLDING" -s
> >> sub "(uniqueMember=*kelly*)"
> >> # extended LDIF
> >> #
> >> # LDAPv3
> >> # base <dc=DOUGLASHOLDING> with scope sub
> >> # filter: (uniqueMember=*kelly*)
> >> # requesting: ALL
> >> #
> >>
> >> # search result
> >> search: 2
> >> result: 33 Alias problem
> >> text: failed on search operation: Unexpected exception.
> >>
> >> # numResponses: 1
> >>
> >>
> >> Does anybody know what that happens? Any tip is appreciated!
> >>
> >> TIA
> >> Markus Pohle
> >>
> >>
> >
> >
>
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com
Re: [ApacheDS 1.5.1] unable to search for uniqueMember
Posted by Markus Pohle <ap...@webunity.de>.
Hi Emmanuel,
I am a little bit confused! Why is search request not allowed? You said
that "... there is no SUBSTRING MatchingRule defined for this attribute
type... " but:
on an installed apacheds-1.5.0 using my own DouglasHoldingPartition same
to the one that can be downloaded from the URL shown below it is
possible for me to do such a search
... and ...
on an installed apacheds-1.5.1-snapshot that Alex Karasulu built for me
in mid of July when I had probs with the apacheds-tools I am able to do
a uniqueMember search on my partition.
Maybe a simple explanation for me? That I am able to understand?
TIA
Markus
Emmanuel Lecharny schrieb:
> Hi Markus,
>
> sorry, it should have been obvious to me, but I was deep into the code
> when you posted this mail.
>
> Such search requests (ie, using substring matching with uniqueMember)
> is simply not allowed : there is no SUBSTRING MatchingRule defined for
> this attribute type, so any attempt to search it using a substring
> search will (and must) mail.
>
> However, you didn't get a failure, just an empty result.
>
> My question would be :
> - should we generate an error like :
> Error while performing search
> [LDAP: error code 36 - failed on search operation: Normalizer for
> OID 2.5.4.50 does not exist!]
> ?
>
> Or should we just return an empty result ?
>
> On 10/5/07, Markus Pohle <ap...@webunity.de> wrote:
>> Hi List Members,
>>
>> I installed ApacheDS in Version 1.5.1 on Linux (Centos 4.3) with Sun
>> JDK 1.5.0_10 with the rpm pachage available as download from
>> directory.apache.org.
>>
>> After installation I configured my own partion in server.xml and
>> created a basic ldap structur with some content. (server.xml and ldif
>> file can be found here:
>> http://www.webunity.de/apacheds1.5.1/uniqueMemberIssue)
>>
>> When I connect to the server with Apache Directory Studio and do a
>> search by hitting control-h and setting search base as
>> "dc=douglasholding", filter as "(uid=*kelly*)" and scope as "Subtree"
>> I get as result 2 entrys, one real user and the corresponding alias
>> object.
>>
>> When I now try to do a search with the above conditions except that I
>> set the search filter to "(uniqueMember=*kelly*)" the Directory Studio
>> gives as result:
>> Error while performing search
>> [LDAP: error code 33 - failed on search operation: Unexpected exception.]
>> [LDAP: error code 33 - failed on search operation: Unexpected exception.]
>>
>>
>> Now I tried that from a bash with ldapsearch. Searching for uid
>> delivers the following:
>> [root@backupserv ~]# ldapsearch -h apacheds2.douglas-informatik.de -p
>> 10389 -x -D "uid=admin,ou=system" -w secret -b "dc=DOUGLASHOLDING" -s
>> sub "(uid=*kelly*)"
>> Result: 2
>>
>> But searching for uniqueMember delivers:
>> [root@backupserv ~]# ldapsearch -h apacheds2.douglas-informatik.de -p
>> 10389 -x -D "uid=admin,ou=system" -w secret -b "dc=DOUGLASHOLDING" -s
>> sub "(uniqueMember=*kelly*)"
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <dc=DOUGLASHOLDING> with scope sub
>> # filter: (uniqueMember=*kelly*)
>> # requesting: ALL
>> #
>>
>> # search result
>> search: 2
>> result: 33 Alias problem
>> text: failed on search operation: Unexpected exception.
>>
>> # numResponses: 1
>>
>>
>> Does anybody know what that happens? Any tip is appreciated!
>>
>> TIA
>> Markus Pohle
>>
>>
>
>
Re: [ApacheDS 1.5.1] unable to search for uniqueMember
Posted by Alex Karasulu <ak...@apache.org>.
On 10/6/07, Emmanuel Lecharny <el...@gmail.com> wrote:
>
> Hi,
>
> I would suggest another error :
> Error while performing search
> [LDAP: error code 18 - failed on search operation: No matching rule
> defined for attribute uniqueMember[2.5.4.50]]
>
> WDYT ?
>
Yes this error message sounds clearer. However one idea and perhaps a bad
one: what about falling
back to use the EQUALITY matchingRule on substring searches if one cannot be
found for SUBSTR?
Alex
Re: [ApacheDS 1.5.1] unable to search for uniqueMember
Posted by Emmanuel Lecharny <el...@gmail.com>.
Hi,
I would suggest another error :
Error while performing search
[LDAP: error code 18 - failed on search operation: No matching rule
defined for attribute uniqueMember[2.5.4.50]]
WDYT ?
On 10/6/07, Emmanuel Lecharny <el...@gmail.com> wrote:
> Hi Markus,
>
> sorry, it should have been obvious to me, but I was deep into the code
> when you posted this mail.
>
> Such search requests (ie, using substring matching with uniqueMember)
> is simply not allowed : there is no SUBSTRING MatchingRule defined for
> this attribute type, so any attempt to search it using a substring
> search will (and must) mail.
>
> However, you didn't get a failure, just an empty result.
>
> My question would be :
> - should we generate an error like :
> Error while performing search
> [LDAP: error code 36 - failed on search operation: Normalizer for
> OID 2.5.4.50 does not exist!]
> ?
>
> Or should we just return an empty result ?
>
> On 10/5/07, Markus Pohle <ap...@webunity.de> wrote:
> >
> > Hi List Members,
> >
> > I installed ApacheDS in Version 1.5.1 on Linux (Centos 4.3) with Sun
> > JDK 1.5.0_10 with the rpm pachage available as download from
> > directory.apache.org.
> >
> > After installation I configured my own partion in server.xml and
> > created a basic ldap structur with some content. (server.xml and ldif
> > file can be found here:
> > http://www.webunity.de/apacheds1.5.1/uniqueMemberIssue)
> >
> > When I connect to the server with Apache Directory Studio and do a
> > search by hitting control-h and setting search base as
> > "dc=douglasholding", filter as "(uid=*kelly*)" and scope as "Subtree"
> > I get as result 2 entrys, one real user and the corresponding alias
> > object.
> >
> > When I now try to do a search with the above conditions except that I
> > set the search filter to "(uniqueMember=*kelly*)" the Directory Studio
> > gives as result:
> > Error while performing search
> > [LDAP: error code 33 - failed on search operation: Unexpected exception.]
> > [LDAP: error code 33 - failed on search operation: Unexpected exception.]
> >
> >
> > Now I tried that from a bash with ldapsearch. Searching for uid
> > delivers the following:
> > [root@backupserv ~]# ldapsearch -h apacheds2.douglas-informatik.de -p
> > 10389 -x -D "uid=admin,ou=system" -w secret -b "dc=DOUGLASHOLDING" -s
> > sub "(uid=*kelly*)"
> > Result: 2
> >
> > But searching for uniqueMember delivers:
> > [root@backupserv ~]# ldapsearch -h apacheds2.douglas-informatik.de -p
> > 10389 -x -D "uid=admin,ou=system" -w secret -b "dc=DOUGLASHOLDING" -s
> > sub "(uniqueMember=*kelly*)"
> > # extended LDIF
> > #
> > # LDAPv3
> > # base <dc=DOUGLASHOLDING> with scope sub
> > # filter: (uniqueMember=*kelly*)
> > # requesting: ALL
> > #
> >
> > # search result
> > search: 2
> > result: 33 Alias problem
> > text: failed on search operation: Unexpected exception.
> >
> > # numResponses: 1
> >
> >
> > Does anybody know what that happens? Any tip is appreciated!
> >
> > TIA
> > Markus Pohle
> >
> >
>
>
> --
> Regards,
> Cordialement,
> Emmanuel Lécharny
> www.iktek.com
>
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com
Re: [ApacheDS 1.5.1] unable to search for uniqueMember
Posted by Emmanuel Lecharny <el...@gmail.com>.
Hi Markus,
sorry, it should have been obvious to me, but I was deep into the code
when you posted this mail.
Such search requests (ie, using substring matching with uniqueMember)
is simply not allowed : there is no SUBSTRING MatchingRule defined for
this attribute type, so any attempt to search it using a substring
search will (and must) mail.
However, you didn't get a failure, just an empty result.
My question would be :
- should we generate an error like :
Error while performing search
[LDAP: error code 36 - failed on search operation: Normalizer for
OID 2.5.4.50 does not exist!]
?
Or should we just return an empty result ?
On 10/5/07, Markus Pohle <ap...@webunity.de> wrote:
>
> Hi List Members,
>
> I installed ApacheDS in Version 1.5.1 on Linux (Centos 4.3) with Sun
> JDK 1.5.0_10 with the rpm pachage available as download from
> directory.apache.org.
>
> After installation I configured my own partion in server.xml and
> created a basic ldap structur with some content. (server.xml and ldif
> file can be found here:
> http://www.webunity.de/apacheds1.5.1/uniqueMemberIssue)
>
> When I connect to the server with Apache Directory Studio and do a
> search by hitting control-h and setting search base as
> "dc=douglasholding", filter as "(uid=*kelly*)" and scope as "Subtree"
> I get as result 2 entrys, one real user and the corresponding alias
> object.
>
> When I now try to do a search with the above conditions except that I
> set the search filter to "(uniqueMember=*kelly*)" the Directory Studio
> gives as result:
> Error while performing search
> [LDAP: error code 33 - failed on search operation: Unexpected exception.]
> [LDAP: error code 33 - failed on search operation: Unexpected exception.]
>
>
> Now I tried that from a bash with ldapsearch. Searching for uid
> delivers the following:
> [root@backupserv ~]# ldapsearch -h apacheds2.douglas-informatik.de -p
> 10389 -x -D "uid=admin,ou=system" -w secret -b "dc=DOUGLASHOLDING" -s
> sub "(uid=*kelly*)"
> Result: 2
>
> But searching for uniqueMember delivers:
> [root@backupserv ~]# ldapsearch -h apacheds2.douglas-informatik.de -p
> 10389 -x -D "uid=admin,ou=system" -w secret -b "dc=DOUGLASHOLDING" -s
> sub "(uniqueMember=*kelly*)"
> # extended LDIF
> #
> # LDAPv3
> # base <dc=DOUGLASHOLDING> with scope sub
> # filter: (uniqueMember=*kelly*)
> # requesting: ALL
> #
>
> # search result
> search: 2
> result: 33 Alias problem
> text: failed on search operation: Unexpected exception.
>
> # numResponses: 1
>
>
> Does anybody know what that happens? Any tip is appreciated!
>
> TIA
> Markus Pohle
>
>
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com