[jira] Closed: (DIREVE-274) Adding a group with invalid member DN corrupts the server

Tue, 10 Jan 2006 09:21:44 -0800 

     [ http://issues.apache.org/jira/browse/DIREVE-274?page=all ]
     
Stefan Zoerner closed DIREVE-274:
---------------------------------


The two misbehaviors do not occur anymore in a current 0.9.4 snapshot build. It 
is allowed to create an entry as described in the issue text, and the server 
does not have the startup problems anymore afterwards. Therefore I close the 
issue.

> Adding a group with invalid member DN corrupts the server
> ---------------------------------------------------------
>
>          Key: DIREVE-274
>          URL: http://issues.apache.org/jira/browse/DIREVE-274
>      Project: Directory Server
>         Type: Bug
>     Reporter: Stefan Zoerner
>     Assignee: Alex Karasulu
>     Priority: Blocker
>      Fix For: 0.9.3
>  Attachments: addGroup.ldif
>
> If you add an entry like this to the server
> dn: cn=myGroup,dc=apache,dc=org
> cn: myGroup
> objectclass: top
> objectclass: groupOfUniqueNames
> uniqueMember: satisfaction=guaranteed
> e.g. with this command
> $ ldapadd -D uid=admin,ou=system -w ***** -h magritte -p 10389 -f 
> addEntry.ldif
> the clients gets an error:
> ldap_add: Loop detected
> ldap_add: additional info: failed to add entry cn=myGroup,dc=apache,dc=org:
> javax.naming.NamingException: OID for name 'satisfaction' was not found 
> within the OID registry
> stack trace omitted
> I am not sure whether this is correct behavior, other servers let me do that 
> (i.e. add a DN value with unknown attribute names). But this is another story.
> Problem 1: Actually, the entry is created:
> $ ldapsearch -h magritte -p 10389 -b dc=apache,dc=org -s one "(objectClass=*)"
> cn=myGroup,dc=apache,dc=org
> cn=myGroup
> objectclass=groupOfUniqueNames
> objectclass=top
> uniqueMember=satisfaction=guaranteed
> $
> Therefore, the error above does not tell the truth ("failed to add entry"). 
> It is even possible to delete this entry without any errors. And is is highly 
> recommended to do this, because
> Problem 2: (this is the major problem)
> After stopping the server, you can't restart it because of this illegal 
> entry. Here is the stacktrace.  
> Exception in thread "main" javax.naming.NamingException: OID for name 
> 'satisfaction' was not found within the OID registry
>         at 
> org.apache.ldap.server.schema.GlobalOidRegistry.getOid(GlobalOidRegistry.java:188)
>         at 
> org.apache.ldap.server.schema.GlobalAttributeTypeRegistry.lookup(GlobalAttributeTypeRegistry.java:124)
>         at 
> org.apache.ldap.server.schema.ConcreteNameComponentNormalizer.lookup(ConcreteNameComponentNormalizer.java:85)
>         at 
> org.apache.ldap.server.schema.ConcreteNameComponentNormalizer.normalizeByName(ConcreteNameComponentNormalizer.java:59)
>         at 
> org.apache.ldap.common.name.antlrValueParser.value(antlrValueParser.java:128)
>         at 
> org.apache.ldap.common.name.antlrNameParser.attributeTypeAndValue(antlrNameParser.java:189)
>         at 
> org.apache.ldap.common.name.antlrNameParser.nameComponent(antlrNameParser.java:120)
>         at 
> org.apache.ldap.common.name.antlrNameParser.name(antlrNameParser.java:69)
>         at org.apache.ldap.common.name.DnParser.parse(DnParser.java:178)
>         at org.apache.ldap.common.name.DnParser.parse(DnParser.java:219)
>         at 
> org.apache.ldap.server.authz.GroupCache.addMembers(GroupCache.java:177)
>         at 
> org.apache.ldap.server.authz.GroupCache.initialize(GroupCache.java:111)
>         at org.apache.ldap.server.authz.GroupCache.<init>(GroupCache.java:79)
>         at 
> org.apache.ldap.server.authz.AuthorizationService.init(AuthorizationService.java:95)
>         at 
> org.apache.ldap.server.interceptor.InterceptorChain.register0(InterceptorChain.java:400)
>         at 
> org.apache.ldap.server.interceptor.InterceptorChain.register(InterceptorChain.java:359)
>         at 
> org.apache.ldap.server.interceptor.InterceptorChain.init(InterceptorChain.java:231)
>         at 
> org.apache.ldap.server.DefaultDirectoryService.initialize(DefaultDirectoryService.java:672)
>         at 
> org.apache.ldap.server.DefaultDirectoryService.startup(DefaultDirectoryService.java:204)
>         at 
> org.apache.ldap.server.jndi.AbstractContextFactory.getInitialContext(AbstractContextFactory.java:102)
>         at 
> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
>         at 
> javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
>         at javax.naming.InitialContext.init(InitialContext.java:223)
>         at javax.naming.InitialContext.<init>(InitialContext.java:197)
>         at 
> javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
>         at org.apache.ldap.server.ServerMain.main(ServerMain.java:76)

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

Reply via email to