[ApacheDS 1.5.1] unable to search for uniqueMember

[Markus Pohle <ap...@webunity.de>]

Hi List Members,

I installed ApacheDS in Version 1.5.1 on Linux (Centos 4.3) with Sun  
JDK 1.5.0_10 with the rpm pachage available as download from  
directory.apache.org.

After installation I configured my own partion in server.xml and  
created a basic ldap structur with some content. (server.xml and ldif  
file can be found here:  
http://www.webunity.de/apacheds1.5.1/uniqueMemberIssue)

When I connect to the server with Apache Directory Studio and do a  
search by hitting control-h and setting search base as  
"dc=douglasholding", filter as "(uid=*kelly*)" and scope as "Subtree"  
I get as result 2 entrys, one real user and the corresponding alias  
object.

When I now try to do a search with the above conditions except that I  
set the search filter to "(uniqueMember=*kelly*)" the Directory Studio  
gives as result:
Error while performing search
   [LDAP: error code 33 - failed on search operation: Unexpected exception.]
   [LDAP: error code 33 - failed on search operation: Unexpected exception.]


Now I tried that from a bash with ldapsearch. Searching for uid  
delivers the following:
[root@backupserv ~]#  ldapsearch -h apacheds2.douglas-informatik.de -p  
10389 -x -D "uid=admin,ou=system" -w secret -b "dc=DOUGLASHOLDING" -s  
sub "(uid=*kelly*)"
Result: 2

But searching for uniqueMember delivers:
[root@backupserv ~]#  ldapsearch -h apacheds2.douglas-informatik.de -p  
10389 -x -D "uid=admin,ou=system" -w secret -b "dc=DOUGLASHOLDING" -s  
sub "(uniqueMember=*kelly*)"
# extended LDIF
#
# LDAPv3
# base <dc=DOUGLASHOLDING> with scope sub
# filter: (uniqueMember=*kelly*)
# requesting: ALL
#

# search result
search: 2
result: 33 Alias problem
text: failed on search operation: Unexpected exception.

# numResponses: 1


Does anybody know what that happens? Any tip is appreciated!

TIA
Markus Pohle

Re: [ApacheDS 1.5.1] unable to search for uniqueMember

[Pierre-Arnaud Marcelot <pa...@marcelot.net>]

I opened a Jira today for such a behavior, but it was happening only with
custom attributes.

https://issues.apache.org/jira/browse/DIRSERVER-1083

Maybe it's the same problem as yours Markus.

P-A

On 10/5/07, Emmanuel Lecharny <el...@gmail.com> wrote:
>
> Ok, we don't have JIRA for this bug.
>
> Can you fill one please ?
>
> Thanks !
>
> On 10/5/07, Emmanuel Lecharny <el...@gmail.com> wrote:
> > Hi Markus,
> >
> > seems to be a bug ...
> >
> > I don't really remember, but I think we already have a JIRA open about
> it.
> >
> > Let me dig it
> >
> > On 10/5/07, Markus Pohle <ap...@webunity.de> wrote:
> > >
> > > Hi List Members,
> > >
> > > I installed ApacheDS in Version 1.5.1 on Linux (Centos 4.3) with Sun
> > > JDK 1.5.0_10 with the rpm pachage available as download from
> > > directory.apache.org.
> > >
> > > After installation I configured my own partion in server.xml and
> > > created a basic ldap structur with some content. (server.xml and ldif
> > > file can be found here:
> > > http://www.webunity.de/apacheds1.5.1/uniqueMemberIssue)
> > >
> > > When I connect to the server with Apache Directory Studio and do a
> > > search by hitting control-h and setting search base as
> > > "dc=douglasholding", filter as "(uid=*kelly*)" and scope as "Subtree"
> > > I get as result 2 entrys, one real user and the corresponding alias
> > > object.
> > >
> > > When I now try to do a search with the above conditions except that I
> > > set the search filter to "(uniqueMember=*kelly*)" the Directory Studio
> > > gives as result:
> > > Error while performing search
> > >    [LDAP: error code 33 - failed on search operation: Unexpected
> exception.]
> > >    [LDAP: error code 33 - failed on search operation: Unexpected
> exception.]
> > >
> > >
> > > Now I tried that from a bash with ldapsearch. Searching for uid
> > > delivers the following:
> > > [root@backupserv ~]#  ldapsearch -h apacheds2.douglas-informatik.de -p
> > > 10389 -x -D "uid=admin,ou=system" -w secret -b "dc=DOUGLASHOLDING" -s
> > > sub "(uid=*kelly*)"
> > > Result: 2
> > >
> > > But searching for uniqueMember delivers:
> > > [root@backupserv ~]#  ldapsearch -h apacheds2.douglas-informatik.de -p
> > > 10389 -x -D "uid=admin,ou=system" -w secret -b "dc=DOUGLASHOLDING" -s
> > > sub "(uniqueMember=*kelly*)"
> > > # extended LDIF
> > > #
> > > # LDAPv3
> > > # base <dc=DOUGLASHOLDING> with scope sub
> > > # filter: (uniqueMember=*kelly*)
> > > # requesting: ALL
> > > #
> > >
> > > # search result
> > > search: 2
> > > result: 33 Alias problem
> > > text: failed on search operation: Unexpected exception.
> > >
> > > # numResponses: 1
> > >
> > >
> > > Does anybody know what that happens? Any tip is appreciated!
> > >
> > > TIA
> > > Markus Pohle
> > >
> > >
> >
> >
> > --
> > Regards,
> > Cordialement,
> > Emmanuel Lécharny
> > www.iktek.com
> >
>
>
> --
> Regards,
> Cordialement,
> Emmanuel Lécharny
> www.iktek.com
>

Re: [ApacheDS 1.5.1] unable to search for uniqueMember

[Emmanuel Lecharny <el...@gmail.com>]

Ok, we don't have JIRA for this bug.

Can you fill one please ?

Thanks !

On 10/5/07, Emmanuel Lecharny <el...@gmail.com> wrote:
> Hi Markus,
>
> seems to be a bug ...
>
> I don't really remember, but I think we already have a JIRA open about it.
>
> Let me dig it
>
> On 10/5/07, Markus Pohle <ap...@webunity.de> wrote:
> >
> > Hi List Members,
> >
> > I installed ApacheDS in Version 1.5.1 on Linux (Centos 4.3) with Sun
> > JDK 1.5.0_10 with the rpm pachage available as download from
> > directory.apache.org.
> >
> > After installation I configured my own partion in server.xml and
> > created a basic ldap structur with some content. (server.xml and ldif
> > file can be found here:
> > http://www.webunity.de/apacheds1.5.1/uniqueMemberIssue)
> >
> > When I connect to the server with Apache Directory Studio and do a
> > search by hitting control-h and setting search base as
> > "dc=douglasholding", filter as "(uid=*kelly*)" and scope as "Subtree"
> > I get as result 2 entrys, one real user and the corresponding alias
> > object.
> >
> > When I now try to do a search with the above conditions except that I
> > set the search filter to "(uniqueMember=*kelly*)" the Directory Studio
> > gives as result:
> > Error while performing search
> >    [LDAP: error code 33 - failed on search operation: Unexpected exception.]
> >    [LDAP: error code 33 - failed on search operation: Unexpected exception.]
> >
> >
> > Now I tried that from a bash with ldapsearch. Searching for uid
> > delivers the following:
> > [root@backupserv ~]#  ldapsearch -h apacheds2.douglas-informatik.de -p
> > 10389 -x -D "uid=admin,ou=system" -w secret -b "dc=DOUGLASHOLDING" -s
> > sub "(uid=*kelly*)"
> > Result: 2
> >
> > But searching for uniqueMember delivers:
> > [root@backupserv ~]#  ldapsearch -h apacheds2.douglas-informatik.de -p
> > 10389 -x -D "uid=admin,ou=system" -w secret -b "dc=DOUGLASHOLDING" -s
> > sub "(uniqueMember=*kelly*)"
> > # extended LDIF
> > #
> > # LDAPv3
> > # base <dc=DOUGLASHOLDING> with scope sub
> > # filter: (uniqueMember=*kelly*)
> > # requesting: ALL
> > #
> >
> > # search result
> > search: 2
> > result: 33 Alias problem
> > text: failed on search operation: Unexpected exception.
> >
> > # numResponses: 1
> >
> >
> > Does anybody know what that happens? Any tip is appreciated!
> >
> > TIA
> > Markus Pohle
> >
> >
>
>
> --
> Regards,
> Cordialement,
> Emmanuel Lécharny
> www.iktek.com
>


-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com

Re: [ApacheDS 1.5.1] unable to search for uniqueMember

[Emmanuel Lecharny <el...@gmail.com>]

Hi Markus,

seems to be a bug ...

I don't really remember, but I think we already have a JIRA open about it.

Let me dig it

On 10/5/07, Markus Pohle <ap...@webunity.de> wrote:
>
> Hi List Members,
>
> I installed ApacheDS in Version 1.5.1 on Linux (Centos 4.3) with Sun
> JDK 1.5.0_10 with the rpm pachage available as download from
> directory.apache.org.
>
> After installation I configured my own partion in server.xml and
> created a basic ldap structur with some content. (server.xml and ldif
> file can be found here:
> http://www.webunity.de/apacheds1.5.1/uniqueMemberIssue)
>
> When I connect to the server with Apache Directory Studio and do a
> search by hitting control-h and setting search base as
> "dc=douglasholding", filter as "(uid=*kelly*)" and scope as "Subtree"
> I get as result 2 entrys, one real user and the corresponding alias
> object.
>
> When I now try to do a search with the above conditions except that I
> set the search filter to "(uniqueMember=*kelly*)" the Directory Studio
> gives as result:
> Error while performing search
>    [LDAP: error code 33 - failed on search operation: Unexpected exception.]
>    [LDAP: error code 33 - failed on search operation: Unexpected exception.]
>
>
> Now I tried that from a bash with ldapsearch. Searching for uid
> delivers the following:
> [root@backupserv ~]#  ldapsearch -h apacheds2.douglas-informatik.de -p
> 10389 -x -D "uid=admin,ou=system" -w secret -b "dc=DOUGLASHOLDING" -s
> sub "(uid=*kelly*)"
> Result: 2
>
> But searching for uniqueMember delivers:
> [root@backupserv ~]#  ldapsearch -h apacheds2.douglas-informatik.de -p
> 10389 -x -D "uid=admin,ou=system" -w secret -b "dc=DOUGLASHOLDING" -s
> sub "(uniqueMember=*kelly*)"
> # extended LDIF
> #
> # LDAPv3
> # base <dc=DOUGLASHOLDING> with scope sub
> # filter: (uniqueMember=*kelly*)
> # requesting: ALL
> #
>
> # search result
> search: 2
> result: 33 Alias problem
> text: failed on search operation: Unexpected exception.
>
> # numResponses: 1
>
>
> Does anybody know what that happens? Any tip is appreciated!
>
> TIA
> Markus Pohle
>
>


-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com

Re: [ApacheDS 1.5.1] unable to search for uniqueMember

[Alex Karasulu <ak...@apache.org>]

Perhaps extensible matching rules can be used for such corner cases?

Alex

On 10/8/07, Emmanuel Lecharny <el...@gmail.com> wrote:
>
> Hi,
>
> 1.5.0 was buggy, so we released 1.5.1
>
> 1.5.1 is much more strict regarding search requests, and this is why
> what was possible with the old version is not anymore allowad.
>
> Again, doing a seach with (uniqueMember=uid*) is _not_ allowed by the
> LDAP specification. At best, you should get an empty list.
>
> Substring search are valid for strings. A DN is not as string.
>
> On 10/8/07, Markus Pohle <ap...@webunity.de> wrote:
> >
> > Hi Emmanuel,
> >
> > nope sorry - that doesn't make it clearer for me - seems I am too
> > dump...?!??!
> >
> > Why I am able to do such a search for uniqueMember in an ApacheDS
> > Version 1.5.0 and within the snapshot build that Alex made for me some
> > weeks ago?
> >
> > I am totally confused and apologize for that!
> >
> > Markus
> >
> > Emmanuel Lecharny schrieb:
> > > Hi Markus,
> > >
> > > the UniqueMember attributeType is a distinguishedName, which is not a
> > > string. Doing a substring search on a non-string object is not
> > > possible (in fact, it should be treated as undefined - see RFC 4511,
> > > par. 4.5.1.7)
> > >
> > > You cannot get any result with such a filter :
> > > (uniqueMember=uid=g.kelly*)
> > >
> > > Nor can you with :
> > > (ObjectClass=orga*)
> > >
> > > Currently, you will simply get a NPE, which will translate to an
> > > Unexpected Exception on the client side.
> > >
> > > I'm currently investigating what we should return, and I think the
> > > client should receive an empty result instead of an exception.
> > >
> > > I hope it's clear enough
> > >
> > > Emmanuel
> > >
> >
>
>
> --
> Regards,
> Cordialement,
> Emmanuel Lécharny
> www.iktek.com
>

Re: [ApacheDS 1.5.1] unable to search for uniqueMember

[Emmanuel Lecharny <el...@gmail.com>]

On 10/8/07, Markus Pohle <ap...@webunity.de> wrote:
> Is there a way to do that kind of search with a different way within
> Directory Studio? I ask that because I have to handle a large amount of
> LDAP information where I often need to search for such a think like
> (uniqueMember=uid=g.kelly*)

The big problem with such searches is that it's simply not allowed !
At least, you can't rely on any result a server will give you back,
because the result is supposed to be undefined !

Here, what you are trying to search for is every objects which
uniqueMember starts with a specific value for an UID. I see no other
way than doing it through two requests :

for each object which has the uniqueMember attribute set (Uniquemember=*)
  do
    String uniqueMember = object.getAttribute( "unqieMember" );
    if ( uniqueMember.startswith( "uid=g.kelly" )
      {
      // This is a correct object
      }
  done

>
> More and more often I realize that LDAP is not that "Lightweight" its
> name implies :-)

The "Lightweight" applies to the protocol, not the server itself :)
And if you ever read X.500 specification, you will see that LDAP is
really much more simple, even if LDAP is now slowly moving to add
X.500 features, because X.500 just came 20 years to early....

FYI, we are trying to get a workaround for your problem : if there is
no Substring MatchingRule for an AttributeType, then it will default
to the Equality matching rule. This way, you will be able to use
(UniqueMember=uid=g.kelly*). But be aware that if you try
(UniqueMember=UID=g.kelly*), it will simply fail...
>
> Sorry for all my questions
>
> Markus
>
> Emmanuel Lecharny schrieb:
> > Hi,
> >
> > 1.5.0 was buggy, so we released 1.5.1
> >
> > 1.5.1 is much more strict regarding search requests, and this is why
> > what was possible with the old version is not anymore allowad.
> >
> > Again, doing a seach with (uniqueMember=uid*) is _not_ allowed by the
> > LDAP specification. At best, you should get an empty list.
> >
> > Substring search are valid for strings. A DN is not as string.
> >
> > On 10/8/07, Markus Pohle <ap...@webunity.de> wrote:
> >> Hi Emmanuel,
> >>
> >> nope sorry - that doesn't make it clearer for me - seems I am too
> >> dump...?!??!
> >>
> >> Why I am able to do such a search for uniqueMember in an ApacheDS
> >> Version 1.5.0 and within the snapshot build that Alex made for me some
> >> weeks ago?
> >>
> >> I am totally confused and apologize for that!
> >>
> >> Markus
> >>
> >> Emmanuel Lecharny schrieb:
> >>> Hi Markus,
> >>>
> >>> the UniqueMember attributeType is a distinguishedName, which is not a
> >>> string. Doing a substring search on a non-string object is not
> >>> possible (in fact, it should be treated as undefined - see RFC 4511,
> >>> par. 4.5.1.7)
> >>>
> >>> You cannot get any result with such a filter :
> >>> (uniqueMember=uid=g.kelly*)
> >>>
> >>> Nor can you with :
> >>> (ObjectClass=orga*)
> >>>
> >>> Currently, you will simply get a NPE, which will translate to an
> >>> Unexpected Exception on the client side.
> >>>
> >>> I'm currently investigating what we should return, and I think the
> >>> client should receive an empty result instead of an exception.
> >>>
> >>> I hope it's clear enough
> >>>
> >>> Emmanuel
> >>>
> >
> >
>


-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com

Re: [ApacheDS 1.5.1] unable to search for uniqueMember

[Markus Pohle <ap...@webunity.de>]

Ok, i see!

I do understand that ApacheDS 1.5.0 was buggy and therefor version 1.5.1 
was released which is stricter regarding search requests.

Is there a way to do that kind of search with a different way within 
Directory Studio? I ask that because I have to handle a large amount of 
LDAP information where I often need to search for such a think like 
(uniqueMember=uid=g.kelly*)

More and more often I realize that LDAP is not that "Lightweight" its 
name implies :-)

Sorry for all my questions

Markus

Emmanuel Lecharny schrieb:
> Hi,
> 
> 1.5.0 was buggy, so we released 1.5.1
> 
> 1.5.1 is much more strict regarding search requests, and this is why
> what was possible with the old version is not anymore allowad.
> 
> Again, doing a seach with (uniqueMember=uid*) is _not_ allowed by the
> LDAP specification. At best, you should get an empty list.
> 
> Substring search are valid for strings. A DN is not as string.
> 
> On 10/8/07, Markus Pohle <ap...@webunity.de> wrote:
>> Hi Emmanuel,
>>
>> nope sorry - that doesn't make it clearer for me - seems I am too
>> dump...?!??!
>>
>> Why I am able to do such a search for uniqueMember in an ApacheDS
>> Version 1.5.0 and within the snapshot build that Alex made for me some
>> weeks ago?
>>
>> I am totally confused and apologize for that!
>>
>> Markus
>>
>> Emmanuel Lecharny schrieb:
>>> Hi Markus,
>>>
>>> the UniqueMember attributeType is a distinguishedName, which is not a
>>> string. Doing a substring search on a non-string object is not
>>> possible (in fact, it should be treated as undefined - see RFC 4511,
>>> par. 4.5.1.7)
>>>
>>> You cannot get any result with such a filter :
>>> (uniqueMember=uid=g.kelly*)
>>>
>>> Nor can you with :
>>> (ObjectClass=orga*)
>>>
>>> Currently, you will simply get a NPE, which will translate to an
>>> Unexpected Exception on the client side.
>>>
>>> I'm currently investigating what we should return, and I think the
>>> client should receive an empty result instead of an exception.
>>>
>>> I hope it's clear enough
>>>
>>> Emmanuel
>>>
> 
> 

Re: [ApacheDS 1.5.1] unable to search for uniqueMember

[Alex Karasulu <ak...@apache.org>]

On 10/8/07, Emmanuel Lecharny <el...@gmail.com> wrote:
>
> Again, doing a seach with (uniqueMember=uid*) is _not_ allowed by the
> LDAP specification. At best, you should get an empty list.
>
> Substring search are valid for strings. A DN is not as string.
>

This is hard to believe although I totally follow your reasoning.  It just
seems like a very
common search to be performing to determine group membership.  DN's btw do
have a
string representation defined in RFC's so I don't understand why the
matching would
not be conducted on the string representation.

Also note that you cannot construct a DN with name components using
attributeTypes
that do not have support for equality matching.  I don't think the same
applies for substring
matching.

I'm afraid we may be quickly coming to the wrong conclusions on this topic.
Perhaps
we're lacking some additional knowledge.  Perhaps we can post some questions
on the
umich LDAP mailing list to get to the bottom of this.

Alex

Re: [ApacheDS 1.5.1] unable to search for uniqueMember

[Emmanuel Lecharny <el...@gmail.com>]

Hi,

1.5.0 was buggy, so we released 1.5.1

1.5.1 is much more strict regarding search requests, and this is why
what was possible with the old version is not anymore allowad.

Again, doing a seach with (uniqueMember=uid*) is _not_ allowed by the
LDAP specification. At best, you should get an empty list.

Substring search are valid for strings. A DN is not as string.

On 10/8/07, Markus Pohle <ap...@webunity.de> wrote:
>
> Hi Emmanuel,
>
> nope sorry - that doesn't make it clearer for me - seems I am too
> dump...?!??!
>
> Why I am able to do such a search for uniqueMember in an ApacheDS
> Version 1.5.0 and within the snapshot build that Alex made for me some
> weeks ago?
>
> I am totally confused and apologize for that!
>
> Markus
>
> Emmanuel Lecharny schrieb:
> > Hi Markus,
> >
> > the UniqueMember attributeType is a distinguishedName, which is not a
> > string. Doing a substring search on a non-string object is not
> > possible (in fact, it should be treated as undefined - see RFC 4511,
> > par. 4.5.1.7)
> >
> > You cannot get any result with such a filter :
> > (uniqueMember=uid=g.kelly*)
> >
> > Nor can you with :
> > (ObjectClass=orga*)
> >
> > Currently, you will simply get a NPE, which will translate to an
> > Unexpected Exception on the client side.
> >
> > I'm currently investigating what we should return, and I think the
> > client should receive an empty result instead of an exception.
> >
> > I hope it's clear enough
> >
> > Emmanuel
> >
>


-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com

Re: [ApacheDS 1.5.1] unable to search for uniqueMember

[Markus Pohle <ap...@webunity.de>]

Hi Emmanuel,

nope sorry - that doesn't make it clearer for me - seems I am too 
dump...?!??!

Why I am able to do such a search for uniqueMember in an ApacheDS 
Version 1.5.0 and within the snapshot build that Alex made for me some 
weeks ago?

I am totally confused and apologize for that!

Markus

Emmanuel Lecharny schrieb:
> Hi Markus,
> 
> the UniqueMember attributeType is a distinguishedName, which is not a
> string. Doing a substring search on a non-string object is not
> possible (in fact, it should be treated as undefined - see RFC 4511,
> par. 4.5.1.7)
> 
> You cannot get any result with such a filter :
> (uniqueMember=uid=g.kelly*)
> 
> Nor can you with :
> (ObjectClass=orga*)
> 
> Currently, you will simply get a NPE, which will translate to an
> Unexpected Exception on the client side.
> 
> I'm currently investigating what we should return, and I think the
> client should receive an empty result instead of an exception.
> 
> I hope it's clear enough
> 
> Emmanuel
> 

Re: [ApacheDS 1.5.1] unable to search for uniqueMember

[Emmanuel Lecharny <el...@gmail.com>]

Hi Markus,

the UniqueMember attributeType is a distinguishedName, which is not a
string. Doing a substring search on a non-string object is not
possible (in fact, it should be treated as undefined - see RFC 4511,
par. 4.5.1.7)

You cannot get any result with such a filter :
(uniqueMember=uid=g.kelly*)

Nor can you with :
(ObjectClass=orga*)

Currently, you will simply get a NPE, which will translate to an
Unexpected Exception on the client side.

I'm currently investigating what we should return, and I think the
client should receive an empty result instead of an exception.

I hope it's clear enough

Emmanuel

On 10/8/07, Markus Pohle <ap...@webunity.de> wrote:
> Hi Emmanuel,
>
> I am a little bit confused! Why is search request not allowed? You said
> that "... there is no SUBSTRING MatchingRule defined for this attribute
> type... " but:
>
> on an installed apacheds-1.5.0 using my own DouglasHoldingPartition same
> to the one that can be downloaded from the URL shown below it is
> possible for me to do such a search
>
> ... and ...
>
> on an installed apacheds-1.5.1-snapshot that Alex Karasulu built for me
> in mid of July when I had probs with the apacheds-tools I am able to do
> a uniqueMember search on my partition.
>
> Maybe a simple explanation for me? That I am able to understand?
>
> TIA
> Markus
>
>
> Emmanuel Lecharny schrieb:
> > Hi Markus,
> >
> > sorry, it should have been obvious to me, but I was deep into the code
> > when you posted this mail.
> >
> > Such search requests (ie, using substring matching with uniqueMember)
> > is simply not allowed : there is no SUBSTRING MatchingRule defined for
> > this attribute type, so any attempt to search it using a substring
> > search will (and must) mail.
> >
> > However, you didn't get a failure, just an empty result.
> >
> > My question would be :
> > - should we generate an error like :
> > Error while performing search
> >   [LDAP: error code 36 - failed on search operation: Normalizer for
> > OID 2.5.4.50 does not exist!]
> >  ?
> >
> > Or should we just return an empty result ?
> >
> > On 10/5/07, Markus Pohle <ap...@webunity.de> wrote:
> >> Hi List Members,
> >>
> >> I installed ApacheDS in Version 1.5.1 on Linux (Centos 4.3) with Sun
> >> JDK 1.5.0_10 with the rpm pachage available as download from
> >> directory.apache.org.
> >>
> >> After installation I configured my own partion in server.xml and
> >> created a basic ldap structur with some content. (server.xml and ldif
> >> file can be found here:
> >> http://www.webunity.de/apacheds1.5.1/uniqueMemberIssue)
> >>
> >> When I connect to the server with Apache Directory Studio and do a
> >> search by hitting control-h and setting search base as
> >> "dc=douglasholding", filter as "(uid=*kelly*)" and scope as "Subtree"
> >> I get as result 2 entrys, one real user and the corresponding alias
> >> object.
> >>
> >> When I now try to do a search with the above conditions except that I
> >> set the search filter to "(uniqueMember=*kelly*)" the Directory Studio
> >> gives as result:
> >> Error while performing search
> >>    [LDAP: error code 33 - failed on search operation: Unexpected exception.]
> >>    [LDAP: error code 33 - failed on search operation: Unexpected exception.]
> >>
> >>
> >> Now I tried that from a bash with ldapsearch. Searching for uid
> >> delivers the following:
> >> [root@backupserv ~]#  ldapsearch -h apacheds2.douglas-informatik.de -p
> >> 10389 -x -D "uid=admin,ou=system" -w secret -b "dc=DOUGLASHOLDING" -s
> >> sub "(uid=*kelly*)"
> >> Result: 2
> >>
> >> But searching for uniqueMember delivers:
> >> [root@backupserv ~]#  ldapsearch -h apacheds2.douglas-informatik.de -p
> >> 10389 -x -D "uid=admin,ou=system" -w secret -b "dc=DOUGLASHOLDING" -s
> >> sub "(uniqueMember=*kelly*)"
> >> # extended LDIF
> >> #
> >> # LDAPv3
> >> # base <dc=DOUGLASHOLDING> with scope sub
> >> # filter: (uniqueMember=*kelly*)
> >> # requesting: ALL
> >> #
> >>
> >> # search result
> >> search: 2
> >> result: 33 Alias problem
> >> text: failed on search operation: Unexpected exception.
> >>
> >> # numResponses: 1
> >>
> >>
> >> Does anybody know what that happens? Any tip is appreciated!
> >>
> >> TIA
> >> Markus Pohle
> >>
> >>
> >
> >
>


-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com

Re: [ApacheDS 1.5.1] unable to search for uniqueMember

[Markus Pohle <ap...@webunity.de>]

Hi Emmanuel,

I am a little bit confused! Why is search request not allowed? You said 
that "... there is no SUBSTRING MatchingRule defined for this attribute 
type... " but:

on an installed apacheds-1.5.0 using my own DouglasHoldingPartition same 
to the one that can be downloaded from the URL shown below it is 
possible for me to do such a search

... and ...

on an installed apacheds-1.5.1-snapshot that Alex Karasulu built for me 
in mid of July when I had probs with the apacheds-tools I am able to do 
a uniqueMember search on my partition.

Maybe a simple explanation for me? That I am able to understand?

TIA
Markus


Emmanuel Lecharny schrieb:
> Hi Markus,
> 
> sorry, it should have been obvious to me, but I was deep into the code
> when you posted this mail.
> 
> Such search requests (ie, using substring matching with uniqueMember)
> is simply not allowed : there is no SUBSTRING MatchingRule defined for
> this attribute type, so any attempt to search it using a substring
> search will (and must) mail.
> 
> However, you didn't get a failure, just an empty result.
> 
> My question would be :
> - should we generate an error like :
> Error while performing search
>   [LDAP: error code 36 - failed on search operation: Normalizer for
> OID 2.5.4.50 does not exist!]
>  ?
> 
> Or should we just return an empty result ?
> 
> On 10/5/07, Markus Pohle <ap...@webunity.de> wrote:
>> Hi List Members,
>>
>> I installed ApacheDS in Version 1.5.1 on Linux (Centos 4.3) with Sun
>> JDK 1.5.0_10 with the rpm pachage available as download from
>> directory.apache.org.
>>
>> After installation I configured my own partion in server.xml and
>> created a basic ldap structur with some content. (server.xml and ldif
>> file can be found here:
>> http://www.webunity.de/apacheds1.5.1/uniqueMemberIssue)
>>
>> When I connect to the server with Apache Directory Studio and do a
>> search by hitting control-h and setting search base as
>> "dc=douglasholding", filter as "(uid=*kelly*)" and scope as "Subtree"
>> I get as result 2 entrys, one real user and the corresponding alias
>> object.
>>
>> When I now try to do a search with the above conditions except that I
>> set the search filter to "(uniqueMember=*kelly*)" the Directory Studio
>> gives as result:
>> Error while performing search
>>    [LDAP: error code 33 - failed on search operation: Unexpected exception.]
>>    [LDAP: error code 33 - failed on search operation: Unexpected exception.]
>>
>>
>> Now I tried that from a bash with ldapsearch. Searching for uid
>> delivers the following:
>> [root@backupserv ~]#  ldapsearch -h apacheds2.douglas-informatik.de -p
>> 10389 -x -D "uid=admin,ou=system" -w secret -b "dc=DOUGLASHOLDING" -s
>> sub "(uid=*kelly*)"
>> Result: 2
>>
>> But searching for uniqueMember delivers:
>> [root@backupserv ~]#  ldapsearch -h apacheds2.douglas-informatik.de -p
>> 10389 -x -D "uid=admin,ou=system" -w secret -b "dc=DOUGLASHOLDING" -s
>> sub "(uniqueMember=*kelly*)"
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <dc=DOUGLASHOLDING> with scope sub
>> # filter: (uniqueMember=*kelly*)
>> # requesting: ALL
>> #
>>
>> # search result
>> search: 2
>> result: 33 Alias problem
>> text: failed on search operation: Unexpected exception.
>>
>> # numResponses: 1
>>
>>
>> Does anybody know what that happens? Any tip is appreciated!
>>
>> TIA
>> Markus Pohle
>>
>>
> 
> 

Re: [ApacheDS 1.5.1] unable to search for uniqueMember

[Alex Karasulu <ak...@apache.org>]

On 10/6/07, Emmanuel Lecharny <el...@gmail.com> wrote:
>
> Hi,
>
> I would suggest another error :
> Error while performing search
>   [LDAP: error code 18 - failed on search operation: No matching rule
> defined for attribute uniqueMember[2.5.4.50]]
>
> WDYT ?
>

Yes this error message sounds clearer.  However one idea and perhaps a bad
one: what about falling
back to use the EQUALITY matchingRule on substring searches if one cannot be
found for SUBSTR?

Alex

Re: [ApacheDS 1.5.1] unable to search for uniqueMember

[Emmanuel Lecharny <el...@gmail.com>]

Hi,

I would suggest another error :
Error while performing search
  [LDAP: error code 18 - failed on search operation: No matching rule
defined for attribute uniqueMember[2.5.4.50]]

WDYT ?

On 10/6/07, Emmanuel Lecharny <el...@gmail.com> wrote:
> Hi Markus,
>
> sorry, it should have been obvious to me, but I was deep into the code
> when you posted this mail.
>
> Such search requests (ie, using substring matching with uniqueMember)
> is simply not allowed : there is no SUBSTRING MatchingRule defined for
> this attribute type, so any attempt to search it using a substring
> search will (and must) mail.
>
> However, you didn't get a failure, just an empty result.
>
> My question would be :
> - should we generate an error like :
> Error while performing search
>   [LDAP: error code 36 - failed on search operation: Normalizer for
> OID 2.5.4.50 does not exist!]
>  ?
>
> Or should we just return an empty result ?
>
> On 10/5/07, Markus Pohle <ap...@webunity.de> wrote:
> >
> > Hi List Members,
> >
> > I installed ApacheDS in Version 1.5.1 on Linux (Centos 4.3) with Sun
> > JDK 1.5.0_10 with the rpm pachage available as download from
> > directory.apache.org.
> >
> > After installation I configured my own partion in server.xml and
> > created a basic ldap structur with some content. (server.xml and ldif
> > file can be found here:
> > http://www.webunity.de/apacheds1.5.1/uniqueMemberIssue)
> >
> > When I connect to the server with Apache Directory Studio and do a
> > search by hitting control-h and setting search base as
> > "dc=douglasholding", filter as "(uid=*kelly*)" and scope as "Subtree"
> > I get as result 2 entrys, one real user and the corresponding alias
> > object.
> >
> > When I now try to do a search with the above conditions except that I
> > set the search filter to "(uniqueMember=*kelly*)" the Directory Studio
> > gives as result:
> > Error while performing search
> >    [LDAP: error code 33 - failed on search operation: Unexpected exception.]
> >    [LDAP: error code 33 - failed on search operation: Unexpected exception.]
> >
> >
> > Now I tried that from a bash with ldapsearch. Searching for uid
> > delivers the following:
> > [root@backupserv ~]#  ldapsearch -h apacheds2.douglas-informatik.de -p
> > 10389 -x -D "uid=admin,ou=system" -w secret -b "dc=DOUGLASHOLDING" -s
> > sub "(uid=*kelly*)"
> > Result: 2
> >
> > But searching for uniqueMember delivers:
> > [root@backupserv ~]#  ldapsearch -h apacheds2.douglas-informatik.de -p
> > 10389 -x -D "uid=admin,ou=system" -w secret -b "dc=DOUGLASHOLDING" -s
> > sub "(uniqueMember=*kelly*)"
> > # extended LDIF
> > #
> > # LDAPv3
> > # base <dc=DOUGLASHOLDING> with scope sub
> > # filter: (uniqueMember=*kelly*)
> > # requesting: ALL
> > #
> >
> > # search result
> > search: 2
> > result: 33 Alias problem
> > text: failed on search operation: Unexpected exception.
> >
> > # numResponses: 1
> >
> >
> > Does anybody know what that happens? Any tip is appreciated!
> >
> > TIA
> > Markus Pohle
> >
> >
>
>
> --
> Regards,
> Cordialement,
> Emmanuel Lécharny
> www.iktek.com
>


-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com

Re: [ApacheDS 1.5.1] unable to search for uniqueMember

[Emmanuel Lecharny <el...@gmail.com>]

Hi Markus,

sorry, it should have been obvious to me, but I was deep into the code
when you posted this mail.

Such search requests (ie, using substring matching with uniqueMember)
is simply not allowed : there is no SUBSTRING MatchingRule defined for
this attribute type, so any attempt to search it using a substring
search will (and must) mail.

However, you didn't get a failure, just an empty result.

My question would be :
- should we generate an error like :
Error while performing search
  [LDAP: error code 36 - failed on search operation: Normalizer for
OID 2.5.4.50 does not exist!]
 ?

Or should we just return an empty result ?

On 10/5/07, Markus Pohle <ap...@webunity.de> wrote:
>
> Hi List Members,
>
> I installed ApacheDS in Version 1.5.1 on Linux (Centos 4.3) with Sun
> JDK 1.5.0_10 with the rpm pachage available as download from
> directory.apache.org.
>
> After installation I configured my own partion in server.xml and
> created a basic ldap structur with some content. (server.xml and ldif
> file can be found here:
> http://www.webunity.de/apacheds1.5.1/uniqueMemberIssue)
>
> When I connect to the server with Apache Directory Studio and do a
> search by hitting control-h and setting search base as
> "dc=douglasholding", filter as "(uid=*kelly*)" and scope as "Subtree"
> I get as result 2 entrys, one real user and the corresponding alias
> object.
>
> When I now try to do a search with the above conditions except that I
> set the search filter to "(uniqueMember=*kelly*)" the Directory Studio
> gives as result:
> Error while performing search
>    [LDAP: error code 33 - failed on search operation: Unexpected exception.]
>    [LDAP: error code 33 - failed on search operation: Unexpected exception.]
>
>
> Now I tried that from a bash with ldapsearch. Searching for uid
> delivers the following:
> [root@backupserv ~]#  ldapsearch -h apacheds2.douglas-informatik.de -p
> 10389 -x -D "uid=admin,ou=system" -w secret -b "dc=DOUGLASHOLDING" -s
> sub "(uid=*kelly*)"
> Result: 2
>
> But searching for uniqueMember delivers:
> [root@backupserv ~]#  ldapsearch -h apacheds2.douglas-informatik.de -p
> 10389 -x -D "uid=admin,ou=system" -w secret -b "dc=DOUGLASHOLDING" -s
> sub "(uniqueMember=*kelly*)"
> # extended LDIF
> #
> # LDAPv3
> # base <dc=DOUGLASHOLDING> with scope sub
> # filter: (uniqueMember=*kelly*)
> # requesting: ALL
> #
>
> # search result
> search: 2
> result: 33 Alias problem
> text: failed on search operation: Unexpected exception.
>
> # numResponses: 1
>
>
> Does anybody know what that happens? Any tip is appreciated!
>
> TIA
> Markus Pohle
>
>


-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com