Hello,
I try to use apache ds for testing. It works fine, except for one error,
I am not able to explain.
I have a search query with a filter like
(&(objectClass=*)(!(cn=groupName))), retrieving all children excluding
those objects with the given attribute cn=groupName. This query fails in
apacheDS.
I have no user index for this attribute cn (2.5.4.3) using the plain
downloaded instance (partition example).
When i remove the "!"-Operator the search is successful!
I installed an index (n.b.: how could I check, that it´s working,
besides the better performance?)
by
1) adding an element in server.xml (explained in documentation)
<bean
class="org.apache.directory.server.core.partition.impl.btree.MutableIndexConfiguration">
<property name="attributeId" value="cn" />
<property name="cacheSize" value="100" />
</bean>
2) start java -jar apacheds-tools.jar index -i
C:\Programs\apacheds-1.0.1 -p example -a cn
3) restart LDAP server
This does not change anything as far as I could see. If I omit the inner
parentheses, which one reference recommends, I get an
org.springframework.ldap.BadLdapGrammarException: Invalid search filter;
nested exception is javax.naming.directory.InvalidSearchFilterException:
Unbalanced parenthesis
javax.naming.directory.InvalidSearchFilterException: Unbalanced
parenthesis; remaining name 'ou=cedis, cn=groups, cn=portalmanager,
dc=example, dc=com'
at com.sun.jndi.ldap.Filter.findRightParen(Filter.java:479)
at com.sun.jndi.ldap.Filter.encodeFilterList(Filter.java:514)
at com.sun.jndi.ldap.Filter.encodeComplexFilter(Filter.java:442)
at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:99)
at com.sun.jndi.ldap.Filter.encodeFilterList(Filter.java:522)
Is this just an index problem? Sorry, I really could not see the problem
being not a ldap expert.
Thanks very much in advance,
best regards,
Georg K.
P.S.:
Env:
jre1.5.0_11\bin\client\jvm.dll,
Apache Directory Server Service 1.0.1.
Exception is either error code 36, 33 or 54 (depending on debug mode?):
javax.naming.NamingException: [LDAP: error code 36 - failed on search
operation: Failed to resolve primary name for 2.5.4.3 in user index
lookup:
SearchRequest
baseDn : 'ou=cedis,cn=groups,cn=portalmanager,dc=example,dc=com'
filter : '(& (2.5.4.0=*)[11] (! (2.5.4.3
=cediskeyuser)[2147483647] ) ) '
scope : single level
typesOnly : false
no limit
Time Limit : no limit
Deref Aliases : deref Always
attributes :
:
org.apache.directory.server.core.partition.impl.btree.IndexNotFoundException
: Failed to resolve primary name for 2.5.4.3 in user index lookup [Root
exception is javax.naming.NamingException: OID '2.5.4.3' was not found
within the OID registry]
at
org.apache.directory.server.core.partition.impl.btree.jdbm.JdbmPartition.getUserIndex(
JdbmPartition.java:522)
at
org.apache.directory.server.core.partition.impl.btree.DefaultOptimizer.getNegationScan(
DefaultOptimizer.java:219)
at
org.apache.directory.server.core.partition.impl.btree.DefaultOptimizer.annotate(
DefaultOptimizer.java:148)
at
org.apache.directory.server.core.partition.impl.btree.DefaultOptimizer.getConjunctionScan(
DefaultOptimizer.java:187)
at
org.apache.directory.server.core.partition.impl.btree.DefaultOptimizer.annotate(
DefaultOptimizer.java:145)
at
org.apache.directory.server.core.partition.impl.btree.DefaultOptimizer.getConjunctionScan(
DefaultOptimizer.java:187)
at
org.apache.directory.server.core.partition.impl.btree.DefaultOptimizer.annotate(
DefaultOptimizer.java:145)
at
org.apache.directory.server.core.partition.impl.btree.DefaultSearchEngine.search(
DefaultSearchEngine.java:135)
at
org.apache.directory.server.core.partition.impl.btree.BTreePartition.search(
BTreePartition.java:367)
at
org.apache.directory.server.core.partition.DefaultPartitionNexus.search(
DefaultPartitionNexus.java:863)
at
org.apache.directory.server.core.interceptor.InterceptorChain$1.search(
InterceptorChain.java:139)
at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
at
org.apache.directory.server.core.interceptor.BaseInterceptor.search(
BaseInterceptor.java:202)
at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
at
org.apache.directory.server.core.collective.CollectiveAttributeService.search(
CollectiveAttributeService.java:318)
at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
at
org.apache.directory.server.core.operational.OperationalAttributeService.search(
OperationalAttributeService.java:293)
at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
at
org.apache.directory.server.core.subtree.SubentryService.search(
SubentryService.java:232)
at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
at org.apache.directory.server.core.schema.SchemaService.search(
SchemaService.java:447)
at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
at
org.apache.directory.server.core.exception.ExceptionService.search(
ExceptionService.java:394)
at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
at
org.apache.directory.server.core.authz.DefaultAuthorizationService.search(
DefaultAuthorizationService.java:495)
at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
at
org.apache.directory.server.core.authz.AuthorizationService.search(
AuthorizationService.java:978)
at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
at
org.apache.directory.server.core.referral.ReferralService.search(
ReferralService.java:985)
at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
at
org.apache.directory.server.core.authn.AuthenticationService.search(
AuthenticationService.java:417)
at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
at
org.apache.directory.server.core.normalization.NormalizationService.search(
NormalizationService.java:326)
at
org.apache.directory.server.core.interceptor.InterceptorChain.search(
InterceptorChain.java:828)
at
org.apache.directory.server.core.partition.PartitionNexusProxy.search(
PartitionNexusProxy.java:478)
at
org.apache.directory.server.core.partition.PartitionNexusProxy.search(
PartitionNexusProxy.java:423)
at org.apache.directory.server.core.jndi.ServerDirContext.search(
ServerDirContext.java:609)
at
org.apache.directory.server.ldap.support.SearchHandler.messageReceived(
SearchHandler.java:313)
at
org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(
DemuxingIoHandler.java:144)
at
org.apache.directory.server.ldap.LdapProtocolProvider$LdapProtocolHandler.messageReceived(
LdapProtocolProvider.java:403)
at
org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(
AbstractIoFilterChain.java:703)
at
org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(
AbstractIoFilterChain.java:362)
at
org.apache.mina.common.support.AbstractIoFilterChain.access$1200(
AbstractIoFilterChain.java:54)
at
org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(
AbstractIoFilterChain.java:800)
at
org.apache.mina.filter.codec.support.SimpleProtocolDecoderOutput.flush(
SimpleProtocolDecoderOutput.java:60)
at
org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(
ProtocolCodecFilter.java:190)
at
org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(
AbstractIoFilterChain.java:362)
at
org.apache.mina.common.support.AbstractIoFilterChain.access$1200(
AbstractIoFilterChain.java:54)
at
org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(
AbstractIoFilterChain.java:800)
at org.apache.mina.filter.executor.ExecutorFilter.processEvent(
ExecutorFilter.java:243)
at
org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(
ExecutorFilter.java:305)
at
edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask(
ThreadPoolExecutor.java:665)
at
edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(
ThreadPoolExecutor.java:690)
at java.lang.Thread.run(Unknown Source)
Caused by: javax.naming.NamingException: OID '2.5.4.3' was not found
within the OID registry
at
org.apache.directory.server.core.schema.GlobalOidRegistry.getPrimaryName(
GlobalOidRegistry.java:246)
at
org.apache.directory.server.core.partition.impl.btree.jdbm.JdbmPartition.getUserIndex(
JdbmPartition.java:516)
... 53 more
]; remaining name 'ou=cedis, cn=groups, cn=portalmanager, dc=example,
dc=com'javax.naming.NamingException: [LDAP: error code 36 - failed on
search operation: Failed to resolve primary name for 2.5.4.3 in user
index lookup:
SearchRequest
baseDn : 'ou=cedis,cn=groups,cn=portalmanager,dc=example,dc=com'
filter : '(& (2.5.4.0=*)[11] (! (2.5.4.3
=cediskeyuser)[2147483647] ) ) '
scope : single level
typesOnly : false
no limit
Time Limit : no limit
Deref Aliases : deref Always
attributes :
:
org.apache.directory.server.core.partition.impl.btree.IndexNotFoundException
: Failed to resolve primary name for 2.5.4.3 in user index lookup [Root
exception is javax.naming.NamingException: OID '2.5.4.3' was not found
within the OID registry]
at
org.apache.directory.server.core.partition.impl.btree.jdbm.JdbmPartition.getUserIndex(
JdbmPartition.java:522)
at
org.apache.directory.server.core.partition.impl.btree.DefaultOptimizer.getNegationScan(
DefaultOptimizer.java:219)
at
org.apache.directory.server.core.partition.impl.btree.DefaultOptimizer.annotate(
DefaultOptimizer.java:148)
at
org.apache.directory.server.core.partition.impl.btree.DefaultOptimizer.getConjunctionScan(
DefaultOptimizer.java:187)
at
org.apache.directory.server.core.partition.impl.btree.DefaultOptimizer.annotate(
DefaultOptimizer.java:145)
at
org.apache.directory.server.core.partition.impl.btree.DefaultOptimizer.getConjunctionScan(
DefaultOptimizer.java:187)
at
org.apache.directory.server.core.partition.impl.btree.DefaultOptimizer.annotate(
DefaultOptimizer.java:145)
at
org.apache.directory.server.core.partition.impl.btree.DefaultSearchEngine.search(
DefaultSearchEngine.java:135)
at
org.apache.directory.server.core.partition.impl.btree.BTreePartition.search(
BTreePartition.java:367)
at
org.apache.directory.server.core.partition.DefaultPartitionNexus.search(
DefaultPartitionNexus.java:863)
at
org.apache.directory.server.core.interceptor.InterceptorChain$1.search(
InterceptorChain.java:139)
at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
at
org.apache.directory.server.core.interceptor.BaseInterceptor.search(
BaseInterceptor.java:202)
at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
at
org.apache.directory.server.core.collective.CollectiveAttributeService.search(
CollectiveAttributeService.java:318)
at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
at
org.apache.directory.server.core.operational.OperationalAttributeService.search(
OperationalAttributeService.java:293)
at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
at
org.apache.directory.server.core.subtree.SubentryService.search(
SubentryService.java:232)
at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
at org.apache.directory.server.core.schema.SchemaService.search(
SchemaService.java:447)
at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
at
org.apache.directory.server.core.exception.ExceptionService.search(
ExceptionService.java:394)
at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
at
org.apache.directory.server.core.authz.DefaultAuthorizationService.search(
DefaultAuthorizationService.java:495)
at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
at
org.apache.directory.server.core.authz.AuthorizationService.search(
AuthorizationService.java:978)
at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
at
org.apache.directory.server.core.referral.ReferralService.search(
ReferralService.java:985)
at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
at
org.apache.directory.server.core.authn.AuthenticationService.search(
AuthenticationService.java:417)
at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.search(
InterceptorChain.java:1263)
at
org.apache.directory.server.core.normalization.NormalizationService.search(
NormalizationService.java:326)
at
org.apache.directory.server.core.interceptor.InterceptorChain.search(
InterceptorChain.java:828)
at
org.apache.directory.server.core.partition.PartitionNexusProxy.search(
PartitionNexusProxy.java:478)
at
org.apache.directory.server.core.partition.PartitionNexusProxy.search(
PartitionNexusProxy.java:423)
at org.apache.directory.server.core.jndi.ServerDirContext.search(
ServerDirContext.java:609)
at
org.apache.directory.server.ldap.support.SearchHandler.messageReceived(
SearchHandler.java:313)
at
org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(
DemuxingIoHandler.java:144)
at
org.apache.directory.server.ldap.LdapProtocolProvider$LdapProtocolHandler.messageReceived(
LdapProtocolProvider.java:403)
at
org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(
AbstractIoFilterChain.java:703)
at
org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(
AbstractIoFilterChain.java:362)
at
org.apache.mina.common.support.AbstractIoFilterChain.access$1200(
AbstractIoFilterChain.java:54)
at
org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(
AbstractIoFilterChain.java:800)
at
org.apache.mina.filter.codec.support.SimpleProtocolDecoderOutput.flush(
SimpleProtocolDecoderOutput.java:60)
at
org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(
ProtocolCodecFilter.java:190)
at
org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(
AbstractIoFilterChain.java:362)
at
org.apache.mina.common.support.AbstractIoFilterChain.access$1200(
AbstractIoFilterChain.java:54)
at
org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(
AbstractIoFilterChain.java:800)
at org.apache.mina.filter.executor.ExecutorFilter.processEvent(
ExecutorFilter.java:243)
at
org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(
ExecutorFilter.java:305)
at
edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask(
ThreadPoolExecutor.java:665)
at
edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(
ThreadPoolExecutor.java:690)
at java.lang.Thread.run(Unknown Source)
Caused by: javax.naming.NamingException: OID '2.5.4.3' was not found
within the OID registry
at
org.apache.directory.server.core.schema.GlobalOidRegistry.getPrimaryName(
GlobalOidRegistry.java:246)
at
org.apache.directory.server.core.partition.impl.btree.jdbm.JdbmPartition.getUserIndex(
JdbmPartition.java:516)
... 53 more
or
javax.naming.NamingException: [LDAP: error code 33 - failed on search
operation: Failed to resolve primary name for 2.5.4.3 in user index
lookup]; remaining name 'ou=cedis, cn=groups, cn=portalmanager,
dc=example, dc=com'
javax.naming.NamingException: [LDAP: error code 33 - failed on search
operation: Failed to resolve primary name for 2.5.4.3 in user index
lookup]; remaining name 'ou=cedis, cn=groups, cn=portalmanager,
dc=example, dc=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2965)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2737)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1808)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1731)
or
javax.naming.NamingException: [LDAP: error code 54 - failed on search
operation: Failed to resolve primary name for 2.5.4.3 in user index
lookup]; remaining name 'ou=cedis,cn=groups,
cn=portalmanager,dc=example, dc=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3002)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2737)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1808)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1731)...
Test class:
import junit.framework.TestCase;
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
public class PlainSearchTest extends TestCase {
Hashtable env = new Hashtable();
protected void setUp() throws Exception {
// TODO Auto-generated method stub
super.setUp();
// JNDI connection data, move them to jndi.properties
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://localhost:10389/";);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "uid=admin,ou=system");
env.put(Context.SECURITY_CREDENTIALS, "secret");
}
public void testSearch() {
try {
DirContext ctx = new InitialDirContext(env);
String base = "ou=cedis, cn=groups, cn=portalmanager,
dc=example, dc=com";
String filter =
"(&(objectClass=*)(!(cn=cedisKeyuser)))";
SearchControls ctls = new SearchControls();
ctls.setSearchScope(SearchControls.ONELEVEL_SCOPE);
// ctls.setReturningAttributes(new String[] { "uid",
"mail" });
NamingEnumeration resultEnum = ctx.search(base,
filter, ctls);
while (resultEnum.hasMore()) {
SearchResult result = (SearchResult)
resultEnum.next();
// print DN of entry
System.out.println(result.getNameInNamespace());
// print attributes returned by search
Attributes attrs = result.getAttributes();
NamingEnumeration e = attrs.getAll();
while (e.hasMore()) {
Attribute attr = (Attribute) e.next();
System.out.println(attr);
}
System.out.println();
}
ctx.close();
} catch (NamingException e) {
System.out.println(e.getMessage());
}
}
}
Dump of LDAP tree:
#---------------------
# Entry: 1
#---------------------
dn: dc=example,dc=com
dc: example
objectclass: top
objectclass: domain
objectclass: extensibleObject
#---------------------
# Entry: 2
#---------------------
dn: cn=users, dc=example, dc=com
description: Default desciption
objectclass: top
objectclass: organizationalrole
cn: users
#---------------------
# Entry: 3
#---------------------
dn: cn=portalmanager, dc=example, dc=com
description: Default desciption
objectclass: top
objectclass: organizationalrole
cn: portalmanager
#---------------------
# Entry: 4
#---------------------
dn: cn=groups, cn=portalmanager, dc=example, dc=com
description: Default desciption
objectclass: top
objectclass: organizationalrole
cn: groups
#---------------------
# Entry: 5
#---------------------
dn: cn=keyuser, dc=example, dc=com
description: Default desciption
objectclass: top
objectclass: organizationalrole
cn: keyuser
#---------------------
# Entry: 6
#---------------------
dn: cn=users, cn=keyuser, dc=example, dc=com
description: Default desciption
objectclass: top
objectclass: organizationalrole
cn: users
#---------------------
# Entry: 7
#---------------------
dn: ou=cedis, cn=groups, cn=portalmanager, dc=example, dc=com
description: Default desciption
ou: cedis
objectclass: top
objectclass: organizationalrole
cn: cedis
#---------------------
# Entry: 8
#---------------------
dn: ou=cedis, cn=users, cn=keyuser, dc=example, dc=com
ou: cedis
objectclass: top
objectclass: groupofuniquenames
cn: cedis
description: Default desciption
uniquemember: [EMAIL PROTECTED], cn=users, dc=example, dc=com
#---------------------
# Entry: 11
#---------------------
dn: cn=cedisKeyuser, ou=cedis, cn=groups, cn=portalmanager, dc=example,
dc=com
cn: cedisKeyuser
objectclass: top
objectclass: groupofuniquenames
description: Default desciption
uniquemember: [EMAIL PROTECTED], cn=users, dc=example, dc=com
uniquemember: [EMAIL PROTECTED], cn=users, dc=example,
dc=com
#---------------------
# Entry: 12
#---------------------
dn: cn=cedisMitarbeiter, ou=cedis, cn=groups, cn=portalmanager,
dc=example, dc=com
cn: cedisMitarbeiter
objectclass: top
objectclass: groupofuniquenames
description: Default desciption
uniquemember: [EMAIL PROTECTED], cn=users, dc=example, dc=com
uniquemember: [EMAIL PROTECTED], cn=users, dc=example, dc=com
------------------------------------------------------
Georg Kallidis
FUeL Softwareentwicklung
Center für Digitale Systeme (CeDiS)
Freie Universität Berlin
Ihnestr. 24
14195 Berlin
Tel.: (+49 - (0) 30) - 838 - 53406
Fax: (+49 - (0) 30) - 838 - 52846
[EMAIL PROTECTED]
