Full_Name: Landry Breuil Version: 2.4.31 OS: Debian sid URL: Submission from: (NULL) (194.214.164.50)
using slapd 2.4.31 on debian sid (with cn=config), i have an abort triggered by the following configuration :
I'm using autogroup module/overlay to automatically generate posixGroup objects from various filters on my ou=people branch :
dn: cn=SV_REVIEWER,ou=groups,dc=example,dc=org objectClass: labeledURIObject objectClass: posixGroup gidNumber: 10 labeledURI: ldap:///ou=people,dc=example,dc=org?uid?one?(&(objectClass=inetOrgPerson)(o=myorg))
So far, that works fine. Problem is, with that configuration i'm getting memberUid values containing only uid attributes. Now that i want to use memberOf overlay to get the reverse membership, i realize that i need my posixGroup to have DN-valued memberUid attrs.
I tried using a labeledURI specifying that i want a DN returned :
labeledURI: ldap:///ou=people,dc=example,dc=org?dn?one?(&(objectClass=inetOrgPerson)(o=myorg))
This errors out in autogroup_add_group after parsing the filter with :
517e6bc0 autogroup_add_group: unable to find AttributeDescription "dn".
That, i can understand - a dn is not an attribute per se.
Tried using a labeledURI without attr specification (as, from what i understand unless mistaken, should return the object, or its dn ?)
labeledURI: ldap:///ou=people,dc=example,dc=org??one?(&(objectClass=inetOrgPerson)(o=myorg))
But this results in the following assertion (w/ debug trace) :
517e70d5 ==> autogroup_add_group <cn=SV_REVIEWER,ou=groups,dc=example,dc=org> ldap_url_parse_ext(ldap:///ou=people,dc=example,dc=org??one?(&(objectClass=inetOrgPerson)(o=myorg))) 517e70d5 >>> dnPrettyNormal: <ou=people,dc=example,dc=org> 517e70d5 <<< dnPrettyNormal: <ou=people,dc=example,dc=org>, <ou=people,dc=example,dc=org> put_filter: "(&(objectClass=inetOrgPerson)(o=myorg))" put_filter: AND put_filter_list "(objectClass=inetOrgPerson)(o=myorg)" put_filter: "(objectClass=inetOrgPerson)" put_filter: simple put_simple_filter: "objectClass=inetOrgPerson" put_filter: "(o=myorg)" put_filter: simple put_simple_filter: "o=myorg" ber_scanf fmt ({mm}) ber: ber_scanf fmt ({mm}) ber: 517e70d5 ==> autogroup_add_members_from_filter <cn=SV_REVIEWER,ou=groups,dc=example,dc=org> 517e70d5 => hdb_search 517e70d5 bdb_dn2entry("ou=people,dc=example,dc=org") 517e70d5 search_candidates: base="ou=people,dc=example,dc=org" (0x00000005) scope=1 517e70d5 => hdb_dn2idl("ou=people,dc=example,dc=org") 517e70d5 => bdb_equality_candidates (objectClass) 517e70d5 => key_read 517e70d5 <= bdb_index_read: failed (-30987) 517e70d5 <= bdb_equality_candidates: id=0, first=0, last=0 517e70d5 => bdb_equality_candidates (objectClass) 517e70d5 => key_read 517e70d5 <= bdb_index_read 738 candidates 517e70d5 <= bdb_equality_candidates: id=738, first=6, last=763 517e70d5 => bdb_equality_candidates (o) 517e70d5 <= bdb_equality_candidates: (o) not indexed 517e70d5 bdb_search_candidates: id=437 first=6 last=763 517e70d5 ==> autogroup_member_search_modify_cb <uid=user1,ou=people,dc=example,dc=org> 517e70d5 ==> autogroup_member_search_modify_cb <uid=user2,ou=people,dc=example,dc=org> 517e70d5 hdb_search: 288 does not match filter .... 517e70d5 hdb_search: 762 does not match filter 517e70d5 hdb_search: 763 does not match filter 517e70d5 send_ldap_result: conn=1000 op=8 p=3 517e70d5 bdb_dn2entry("cn=sv_reviewer,ou=groups,dc=example,dc=org") 517e70d5 bdb_entry_get: rc=0 517e70d5 bdb_dn2entry("cn=sv_reviewer,ou=groups,dc=example,dc=org") 517e70d5 bdb_modify_internal: 0x000002e0: cn=SV_REVIEWER,ou=groups,dc=example,dc=org slapd: ../../../../servers/slapd/mods.c:64: modify_add_values: Assertion `mod->sm_numvals == i' failed.
How can i achieve the desired setup ? Fix autogroup to allow asking for a dn, or try to see why slapd blows in modify_add_values when not asking for a specific attribute ?