You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Stefan Zoerner (JIRA)" <di...@incubator.apache.org> on 2006/01/10 18:17:20 UTC

[jira] Updated: (DIREVE-274) Adding a group with invalid member DN corrupts the server

     [ http://issues.apache.org/jira/browse/DIREVE-274?page=all ]

Stefan Zoerner updated DIREVE-274:
----------------------------------

    Attachment: addGroup.ldif

This is the LDIF that caused the error, which is now resolved. Anyway I attach the file for completeness.

> Adding a group with invalid member DN corrupts the server
> ---------------------------------------------------------
>
>          Key: DIREVE-274
>          URL: http://issues.apache.org/jira/browse/DIREVE-274
>      Project: Directory Server
>         Type: Bug
>     Reporter: Stefan Zoerner
>     Assignee: Alex Karasulu
>     Priority: Blocker
>      Fix For: 0.9.3
>  Attachments: addGroup.ldif
>
> If you add an entry like this to the server
> dn: cn=myGroup,dc=apache,dc=org
> cn: myGroup
> objectclass: top
> objectclass: groupOfUniqueNames
> uniqueMember: satisfaction=guaranteed
> e.g. with this command
> $ ldapadd -D uid=admin,ou=system -w ***** -h magritte -p 10389 -f addEntry.ldif
> the clients gets an error:
> ldap_add: Loop detected
> ldap_add: additional info: failed to add entry cn=myGroup,dc=apache,dc=org:
> javax.naming.NamingException: OID for name 'satisfaction' was not found within the OID registry
> stack trace omitted
> I am not sure whether this is correct behavior, other servers let me do that (i.e. add a DN value with unknown attribute names). But this is another story.
> Problem 1: Actually, the entry is created:
> $ ldapsearch -h magritte -p 10389 -b dc=apache,dc=org -s one "(objectClass=*)"
> cn=myGroup,dc=apache,dc=org
> cn=myGroup
> objectclass=groupOfUniqueNames
> objectclass=top
> uniqueMember=satisfaction=guaranteed
> $
> Therefore, the error above does not tell the truth ("failed to add entry"). It is even possible to delete this entry without any errors. And is is highly recommended to do this, because
> Problem 2: (this is the major problem)
> After stopping the server, you can't restart it because of this illegal entry. Here is the stacktrace.  
> Exception in thread "main" javax.naming.NamingException: OID for name 'satisfaction' was not found within the OID registry
>         at org.apache.ldap.server.schema.GlobalOidRegistry.getOid(GlobalOidRegistry.java:188)
>         at org.apache.ldap.server.schema.GlobalAttributeTypeRegistry.lookup(GlobalAttributeTypeRegistry.java:124)
>         at org.apache.ldap.server.schema.ConcreteNameComponentNormalizer.lookup(ConcreteNameComponentNormalizer.java:85)
>         at org.apache.ldap.server.schema.ConcreteNameComponentNormalizer.normalizeByName(ConcreteNameComponentNormalizer.java:59)
>         at org.apache.ldap.common.name.antlrValueParser.value(antlrValueParser.java:128)
>         at org.apache.ldap.common.name.antlrNameParser.attributeTypeAndValue(antlrNameParser.java:189)
>         at org.apache.ldap.common.name.antlrNameParser.nameComponent(antlrNameParser.java:120)
>         at org.apache.ldap.common.name.antlrNameParser.name(antlrNameParser.java:69)
>         at org.apache.ldap.common.name.DnParser.parse(DnParser.java:178)
>         at org.apache.ldap.common.name.DnParser.parse(DnParser.java:219)
>         at org.apache.ldap.server.authz.GroupCache.addMembers(GroupCache.java:177)
>         at org.apache.ldap.server.authz.GroupCache.initialize(GroupCache.java:111)
>         at org.apache.ldap.server.authz.GroupCache.<init>(GroupCache.java:79)
>         at org.apache.ldap.server.authz.AuthorizationService.init(AuthorizationService.java:95)
>         at org.apache.ldap.server.interceptor.InterceptorChain.register0(InterceptorChain.java:400)
>         at org.apache.ldap.server.interceptor.InterceptorChain.register(InterceptorChain.java:359)
>         at org.apache.ldap.server.interceptor.InterceptorChain.init(InterceptorChain.java:231)
>         at org.apache.ldap.server.DefaultDirectoryService.initialize(DefaultDirectoryService.java:672)
>         at org.apache.ldap.server.DefaultDirectoryService.startup(DefaultDirectoryService.java:204)
>         at org.apache.ldap.server.jndi.AbstractContextFactory.getInitialContext(AbstractContextFactory.java:102)
>         at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
>         at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
>         at javax.naming.InitialContext.init(InitialContext.java:223)
>         at javax.naming.InitialContext.<init>(InitialContext.java:197)
>         at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
>         at org.apache.ldap.server.ServerMain.main(ServerMain.java:76)

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira