[
https://issues.apache.org/jira/browse/DIRSERVER-1440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13044882#comment-13044882
]
Emmanuel Lecharny commented on DIRSERVER-1440:
----------------------------------------------
There is a bigger pb :
in fact, we have a serious issue in the way we process DNs and RDns.
Let me explain.
Suppose you have a DN like : "cn=John\+Doe,ou=system"
What happens is that the RDN will be parsed by the ComplexDnParser which will
create a RDN containing two values :
- the upValue ( cn=John\+Doe )
- the normValue ( cn=John+Doe )
So far, so good. Except that when we process the AVA, we 'normalize' it in
order to be able to expose an escaped form (ie, where special chars like '+'
are prefixed with an '\'). That reverts the previous value (ie John+Doe) and
replace it with the escaped value (ie John\+Doe).
Now, we can't anymore do a comparison between "John+Doe" and "John\+Doe", like,
for instance, when we check that the RDN is present as an AT in the entry (if
the OC is 'person', the entry *must* have a cn: john+doe Attribute and Value),
leading to an error.
The big mistake was to have only one method to cover two features. The
Ava.normalize() method do the escaping in order to produce a DN which is valid.
This is not necessarily a complex issue to fix, but it needs some work. Note
that it impacts a lot of parts in the server and the API.
Add to that the fact that the normalization should also use the SchemaManager
to correctly transform the value, accordingly to the AT, we have some painful
cleanup to do in this area...
> Using leading and/or trailing blanks in RDN attribute leads to erroneous
> behaviour.
> -----------------------------------------------------------------------------------
>
> Key: DIRSERVER-1440
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1440
> Project: Directory ApacheDS
> Issue Type: Bug
> Affects Versions: 1.5.5
> Environment: WinXPx64, JDK 1_5_0_22, Tomcat 5.0.19, ADS 1.5.5,
> ADStudio 1.5.0.v20091102
> A partition of type:
> objectClass=dcObject
> objectClass=organization
> objectClass=top
> dc=example
> o=org
> Reporter: Günter Albrecht
> Fix For: 2.0.0-M1
>
>
> 1. scenario RDN with escaped leading blank:
>
> private Attribute createObjectClassPerson() {
> Attribute objectClass = new BasicAttribute("objectClass");
> objectClass.add("top");
> objectClass.add("person");
> objectClass.add("organizationalPerson");
> objectClass.add("inetOrgPerson");
> return objectClass;
> }
> public void insert() {
> Attributes attributes = new BasicAttributes(false);
> attributes.put(createObjectClassPerson());
> // attributes.put("cn", "\\ User"); // This MUST be set if used with
> leading or trailing blanks! In all the other cases not!
> attributes.put("sn", "\\ Name\\ ");
> try {
> getLdapContext().createSubcontext("cn=\\ User", attributes);
> }
> catch (NamingException e) {
> e.printStackTrace();
> }
> }
>
> The result is:
> Two cn entries, one with a leading blank and one with an escaped leading
> blank and a warning
> WARN
> [org.apache.directory.server.core.normalization.NormalizationInterceptor] -
> The RDN 'cn=\\ User' is not present in the entry
> objectClass=inetOrgPerson
> objectClass=organizationalPerson
> objectClass=person
> objectClass=top
> cn= User
> cn=\ User
> sn=\ Name\
> 2. scenario RDN with escaped trailing blank:
> private Attribute createObjectClassPerson() {
> Attribute objectClass = new BasicAttribute("objectClass");
> objectClass.add("top");
> objectClass.add("person");
> objectClass.add("organizationalPerson");
> objectClass.add("inetOrgPerson");
> return objectClass;
> }
> public void insert() {
> Attributes attributes = new BasicAttributes(false);
> attributes.put(createObjectClassPerson());
> // attributes.put("cn", "User\\ "); // This MUST be set if used with
> leading or trailing blanks! In all the other cases not!
> attributes.put("sn", "\\ Name\\ ");
> try {
> getLdapContext().createSubcontext("cn=User\\ ", attributes);
> }
> catch (NamingException e) {
> e.printStackTrace();
> }
> }
> The result is a NamingException
> javax.naming.NamingException: [LDAP: error code 80 - OTHER: failed for
> Add Request :
> ClientEntry
> dn: cn=User\ ,dc=ietpx.bwb,dc=org
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> sn: \ Name\
> cn: User
> : Unescaped special characters are not allowed]; remaining name 'cn=User\ '
> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3085)
> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
> at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(LdapCtx.java:788)
> at
> com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(ComponentDirContext.java:319)
> at
> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:248)
> at
> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:236)
> at
> javax.naming.directory.InitialDirContext.createSubcontext(InitialDirContext.java:178)
> at test.BlankTest.insert(BlankTest.java:84)
> at test.BlankTest.main(BlankTest.java:92)
> Conclusion:
> Forgetting to set the RDN attribute explicitely remains undetected until one
> stores RDN values with leading and/or trailing blanks.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
