Please verify if this issue occurs in OpenLDAP 2.4.7. Thanks. --Quanah
--On December 21, 2007 11:37:38 AM +0000 [EMAIL PROTECTED] wrote: > Full_Name: Jean-Louis ROCHETTE > Version: 2.3.39 > OS: Linux Fedora > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (152.62.109.163) > > > Brief description of the problem > -------------------------------- > Lookup of a netgroup by triple doesn't work in last stable release slapd > 2.3.39, though it worked well with slapd 2.3.27. > This looks like a regression in slapd. > This should be easy to reproduce. > The problem was first noticed in slapd 2.3.30. > The lookup by triple succeeds with a iPlanet server. > > > Details > ------- > Let's define a host, and a netgroup with a single triple designating this > host: > > dn: cn=r2d2,ou=Hosts,dc=devldapdom1,dc=lcsc > objectClass: top > objectClass: ipHost > objectClass: device > ipHostNumber: 192.168.5.69 > cn: r2d2 > > dn: cn=r2d2netg,ou=netgroup,dc=devldapdom1,dc=lcsc > objectClass: top > objectClass: nisNetgroup > cn: r2d2netg > description: netgroup r2d2netg to test AR 98216 > nisNetgroupTriple: (r2d2,,) > > The syntax for the nisNetgroupTriple attribute is IA5String (instead of > Netgroup Triple): > attributeTypes: ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Netgroup > triple' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) > > > 1) *** Test with slapd 2.3.27 : OK *** > [EMAIL PROTECTED](53) uname -a > Linux SUSE-LDAP1 2.6.18.2-34-default #1 SMP Mon Nov 27 11:46:27 UTC 2006 > i686 i686 i386 GNU/Linux > [EMAIL PROTECTED](42) ps -ef |grep slap > ldap 3774 1 0 Nov29 ? 00:04:47 /usr/lib/openldap/slapd -h > ldap:/// -u ldap -g ldap -o slp=on > [EMAIL PROTECTED](45) /usr/lib/openldap/slapd -V > @(#) $OpenLDAP: slapd 2.3.27 (Nov 25 2006 17:08:16) $ > > [EMAIL PROTECTED]:/usr/src/packages/BUILD/openldap-2.3.27/servers/slapd > [EMAIL PROTECTED](46) ldapsearch -V > ldapsearch: @(#) $OpenLDAP: ldapsearch 2.3.27 (Nov 25 2006 17:09:14) $ > [EMAIL > PROTECTED]:/usr/src/packages/BUILD/openldap-2.3.27/clients/tools > (LDAP library: OpenLDAP 20327) > > // locate the netgroup by name -> find r2d2netg with triple (r2d2,,) : OK > [EMAIL PROTECTED](49) ldapsearch -x -b "ou=netgroup,dc=devldapdom1,dc=lcsc" > -s one "(&(objectClass=nisNetgroup)(cn=r2d2netg))" cn nisNetgroupTriple ># extended LDIF ># ># LDAPv3 ># base <ou=netgroup,dc=devldapdom1,dc=lcsc> with scope oneLevel ># filter: (&(objectClass=nisNetgroup)(cn=r2d2netg)) ># requesting: cn nisNetgroupTriple ># > ># r2d2netg, netgroup, devldapdom1.lcsc > dn: cn=r2d2netg,ou=netgroup,dc=devldapdom1,dc=lcsc > cn: r2d2netg > nisNetgroupTriple: (r2d2,,) > ># search result > search: 2 > result: 0 Success > ># numResponses: 2 ># numEntries: 1 > > // locate the netgroup by triple -> found too, ok. > [EMAIL PROTECTED](52) ldapsearch -x -b "ou=netgroup,dc=devldapdom1,dc=lcsc" > -s one "(&(objectClass=nisNetgroup)(nisNetgroupTriple=\(r2d2,,\)))" cn ># extended LDIF ># ># LDAPv3 ># base <ou=netgroup,dc=devldapdom1,dc=lcsc> with scope oneLevel ># filter: (&(objectClass=nisNetgroup)(nisNetgroupTriple=\(r2d2,,\))) ># requesting: cn ># > ># r2d2netg, netgroup, devldapdom1.lcsc > dn: cn=r2d2netg,ou=netgroup,dc=devldapdom1,dc=lcsc > cn: r2d2netg > ># search result > search: 2 > result: 0 Success > ># numResponses: 2 ># numEntries: 1 > > > 2) *** Test with slapd 2.3.39 : PROBLEM *** > [EMAIL PROTECTED](19) uname -a > Linux newlnxjlr 2.6.18-1.2798.fc6 #1 SMP Mon Oct 16 14:37:32 EDT 2006 > i686 i686 i386 GNU/Linux > [EMAIL PROTECTED](17) ps -ef |grep slap > ldap 4684 1 0 Dec20 ? 00:00:00 /usr/sbin/slapd -h > ldap:/// -u ldap > [EMAIL PROTECTED](18) /usr/sbin/slapd -V > @(#) $OpenLDAP: slapd 2.3.39 (Dec 20 2007 17:00:06) $ > [EMAIL PROTECTED]:/tmp/openldap-2.3.39/servers/slapd > [EMAIL PROTECTED](20) ldapsearch -V > ldapsearch: @(#) $OpenLDAP: ldapsearch 2.3.39 (Dec 20 2007 16:58:50) $ > [EMAIL PROTECTED]:/tmp/openldap-2.3.39/clients/tools > (LDAP library: OpenLDAP 20339) > // this server is a replicate of previous one > > // locate the netgroup by name -> find r2d2netg with triple (r2d2,,) : OK > [EMAIL PROTECTED](24) ldapsearch -x -b "ou=netgroup,dc=devldapdom1,dc=lcsc" > -s one "(&(objectClass=nisNetgroup)(cn=r2d2netg))" cn nisNetgroupTriple ># extended LDIF ># ># LDAPv3 ># base <ou=netgroup,dc=devldapdom1,dc=lcsc> with scope oneLevel ># filter: (&(objectClass=nisNetgroup)(cn=r2d2netg)) ># requesting: cn nisNetgroupTriple ># > ># r2d2netg, netgroup, devldapdom1.lcsc > dn: cn=r2d2netg,ou=netgroup,dc=devldapdom1,dc=lcsc > cn: r2d2netg > nisNetgroupTriple: (r2d2,,) > ># search result > search: 2 > result: 0 Success > ># numResponses: 2 ># numEntries: 1 > > // locate the netgroup by triple -> NOT FOUND? PROBLEM. > [EMAIL PROTECTED](25) ldapsearch -x -b "ou=netgroup,dc=devldapdom1,dc=lcsc" > -s one "(&(objectClass=nisNetgroup)(nisNetgroupTriple=\(r2d2,,\)))" cn ># extended LDIF ># ># LDAPv3 ># base <ou=netgroup,dc=devldapdom1,dc=lcsc> with scope oneLevel ># filter: (&(objectClass=nisNetgroup)(nisNetgroupTriple=\(r2d2,,\))) ># requesting: cn ># > ># search result > search: 2 > result: 0 Success > ># numResponses: 1 > > // eof > > -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
