From cyril@coupel.net Sat Feb 24 11:38:59 2007 From: cyril@coupel.net To: openldap-bugs@openldap.org Subject: RE: (ITS#4849) LDAP URL not recognized with bind9 Date: Sat, 24 Feb 2007 11:38:58 +0000 Message-ID: <200702241138.l1OBcwWV030118@boole.openldap.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6268497040249982440==" --===============6268497040249982440== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Il s'agit d'un message ` parties multiples au format MIME. ------=_NextPart_000_0163_01C75810.9E49DBB0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable FYI =20 -----Message d'origine----- De : Pierangelo Masarati [mailto:ando(a)sys-net.it]=20 Envoy=E9 : vendredi 23 f=E9vrier 2007 22:02 =C0 : cyril(a)coupel.net Cc : openldap-its(a)openldap.org Objet : Re: (ITS#4849) LDAP URL not recognized with bind9 =20 cyril(a)coupel.net wrote: > Tanks for your answer. > I tested by removing the %xxxx% from the URL and the tests are passed; = but > there is an error saying that there is no %xxx% token. > I already open a case to the BIND team, but they reply this is not a = bind > problem. > However, I will transmit this information to the BIND/DLZ team. =20 I have few more comments; see below. =20 =20 > Cyril COUPEL wrote: >> I agree with this information. >> The fact is the ldapURL is not used as it, the key %zone% (or = %client%) is >> replaced with the ns domain (the client name). >>=20 >> It was working well since I upgrade to 2.3.30-r2. =20 There is no OpenLDAP 2.3.30-r2; the current version is 2.3.34. This is a Gentoo relase based on 2.3.30 (the latest relase available is 2.3.33) =20 Also, you mentioned an error message "failed to parse ldap URL"; there's no such message in bind 9.3.4 code, nor in 9.4.0rc2. Also, there's no explicit ldap_url_parse() call, so the problem could only arise when performing an operation with that broken DN. However, I don't see how the error message could be raised by bind, since the URL is parsed by bind itself, without using the OpenLDAP API function, and the DN is only used as base for other operations, so OpenLDAP API cannot have any notion of that DN being part of an URL. Finally, bind itself, while parsing the URL, checks for badly encoded portions of the URL, and the corresponding error message is "LDAP sdb zone '%s': URL: bad hex = values". =20 The message is located in =20 isc_result_t dlz_ldap_checkURL(char *URL, int attrCnt, const char *msg) located in file bin/named/dlz_ldap_driver.c provided by ctrix_dlz_9.3.3.patch =20 Could you point us to the __real__ version of OpenLDAP __and__ bind you pretend to be broken? =20 =20 p. =20 =20 =20 Ing. Pierangelo Masarati OpenLDAP Core Team =20 SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati(a)sys-net.it ------------------------------------------ =20 ------=_NextPart_000_0163_01C75810.9E49DBB0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

FYI

-----Message d'origine-----
De : Pierangelo Masarati [mailto:ando(a)sys-net.it]
Envoy=E9 : vendredi 23 f=E9vrier 2007 22:02
=C0 : cyril(a)coupel.net
Cc : openldap-its(a)openldap.org
Objet : Re: (ITS#4849) LDAP URL not recognized with = bind9

cyril(a)coupel.net wrote:

> Tanks for your answer.

> I tested by removing the %xxxx% from the = URL and the tests are passed; but

> there is an error saying that there is no = %xxx% token.

> I already open a case to the BIND team, but = they reply this is not a bind

> problem.

> However, I will transmit this information = to the BIND/DLZ team.

I have few more comments; see = below.

> Cyril COUPEL wrote:

>> I agree with this = information.

>> The fact is the ldapURL is not used as = it, the key %zone% (or %client%) is

>> replaced with the ns domain (the client = name).

>>

>> It was working well since I upgrade to 2.3.30-r2.

There is no = OpenLDAP 2.3.30-r2; the current version is 2.3.34.

This = is a Gentoo relase based on 2.3.30 (the latest relase available is = 2.3.33)

Also, you mentioned an error message = "failed to parse ldap URL"; there's

no such message in bind 9.3.4 code, nor in = 9.4.0rc2.=A0 Also, there's no

explicit ldap_url_parse() call, so the problem = could only arise when

performing an operation with that broken DN.=A0 = However, I don't see how

the error message could be raised by bind, since = the URL is parsed by

bind itself, without using the OpenLDAP API = function, and the DN is only

used as base for other operations, so OpenLDAP = API cannot have any

notion of that DN being part of an URL.=A0 = Finally, bind itself, while

parsing the URL, checks for badly encoded = portions of the URL, and the

corresponding error message is "LDAP sdb = zone '%s': URL: bad hex values".

The = message is located in =A0=A0=A0

isc_result_t dlz_ldap_checkURL(char *URL, int attrCnt, const char *msg)

located in file bin/named/dlz_ldap_driver.c provided by ctrix_dlz_9.3.3.patch

Could you point us to the __real__ version of = OpenLDAP __and__ bind you

pretend to be broken?

p.

Ing. Pierangelo Masarati

OpenLDAP Core Team

SysNet s.n.c.

Via Dossi, 8 - 27100 Pavia - = ITALIA

http://www.sys-net.it

------------------------------------------

Office:=A0=A0 +39.02.23998309

Mobile:=A0=A0 +39.333.4963172

Email:=A0=A0=A0 = pierangelo.masarati(a)sys-net.it

------------------------------------------

------=_NextPart_000_0163_01C75810.9E49DBB0-- --===============6268497040249982440==--