Full_Name: Jean-Louis ROCHETTE Version: 2.3.39 OS: Linux Fedora URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (152.62.109.163)
Brief description of the problem -------------------------------- Lookup of a netgroup by triple doesn't work in last stable release slapd 2.3.39, though it worked well with slapd 2.3.27. This looks like a regression in slapd. This should be easy to reproduce. The problem was first noticed in slapd 2.3.30. The lookup by triple succeeds with a iPlanet server.
Details ------- Let's define a host, and a netgroup with a single triple designating this host:
dn: cn=r2d2,ou=Hosts,dc=devldapdom1,dc=lcsc objectClass: top objectClass: ipHost objectClass: device ipHostNumber: 192.168.5.69 cn: r2d2
dn: cn=r2d2netg,ou=netgroup,dc=devldapdom1,dc=lcsc objectClass: top objectClass: nisNetgroup cn: r2d2netg description: netgroup r2d2netg to test AR 98216 nisNetgroupTriple: (r2d2,,)
The syntax for the nisNetgroupTriple attribute is IA5String (instead of Netgroup Triple): attributeTypes: ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Netgroup triple' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
1) *** Test with slapd 2.3.27 : OK *** jlr@SUSE-LDAP1(53) uname -a Linux SUSE-LDAP1 2.6.18.2-34-default #1 SMP Mon Nov 27 11:46:27 UTC 2006 i686 i686 i386 GNU/Linux jlr@SUSE-LDAP1(42) ps -ef |grep slap ldap 3774 1 0 Nov29 ? 00:04:47 /usr/lib/openldap/slapd -h ldap:/// -u ldap -g ldap -o slp=on jlr@SUSE-LDAP1(45) /usr/lib/openldap/slapd -V @(#) $OpenLDAP: slapd 2.3.27 (Nov 25 2006 17:08:16) $ abuild@eisler:/usr/src/packages/BUILD/openldap-2.3.27/servers/slapd jlr@SUSE-LDAP1(46) ldapsearch -V ldapsearch: @(#) $OpenLDAP: ldapsearch 2.3.27 (Nov 25 2006 17:09:14) $ abuild@dale:/usr/src/packages/BUILD/openldap-2.3.27/clients/tools (LDAP library: OpenLDAP 20327)
// locate the netgroup by name -> find r2d2netg with triple (r2d2,,) : OK jlr@SUSE-LDAP1(49) ldapsearch -x -b "ou=netgroup,dc=devldapdom1,dc=lcsc" -s one "(&(objectClass=nisNetgroup)(cn=r2d2netg))" cn nisNetgroupTriple # extended LDIF # # LDAPv3 # base <ou=netgroup,dc=devldapdom1,dc=lcsc> with scope oneLevel # filter: (&(objectClass=nisNetgroup)(cn=r2d2netg)) # requesting: cn nisNetgroupTriple #
# r2d2netg, netgroup, devldapdom1.lcsc dn: cn=r2d2netg,ou=netgroup,dc=devldapdom1,dc=lcsc cn: r2d2netg nisNetgroupTriple: (r2d2,,)
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
// locate the netgroup by triple -> found too, ok. jlr@SUSE-LDAP1(52) ldapsearch -x -b "ou=netgroup,dc=devldapdom1,dc=lcsc" -s one "(&(objectClass=nisNetgroup)(nisNetgroupTriple=(r2d2,,)))" cn # extended LDIF # # LDAPv3 # base <ou=netgroup,dc=devldapdom1,dc=lcsc> with scope oneLevel # filter: (&(objectClass=nisNetgroup)(nisNetgroupTriple=(r2d2,,))) # requesting: cn #
# r2d2netg, netgroup, devldapdom1.lcsc dn: cn=r2d2netg,ou=netgroup,dc=devldapdom1,dc=lcsc cn: r2d2netg
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
2) *** Test with slapd 2.3.39 : PROBLEM *** jlr@newlnxjlr(19) uname -a Linux newlnxjlr 2.6.18-1.2798.fc6 #1 SMP Mon Oct 16 14:37:32 EDT 2006 i686 i686 i386 GNU/Linux jlr@newlnxjlr(17) ps -ef |grep slap ldap 4684 1 0 Dec20 ? 00:00:00 /usr/sbin/slapd -h ldap:/// -u ldap jlr@newlnxjlr(18) /usr/sbin/slapd -V @(#) $OpenLDAP: slapd 2.3.39 (Dec 20 2007 17:00:06) $ jlr@newlnxjlr:/tmp/openldap-2.3.39/servers/slapd jlr@newlnxjlr(20) ldapsearch -V ldapsearch: @(#) $OpenLDAP: ldapsearch 2.3.39 (Dec 20 2007 16:58:50) $ jlr@newlnxjlr:/tmp/openldap-2.3.39/clients/tools (LDAP library: OpenLDAP 20339) // this server is a replicate of previous one
// locate the netgroup by name -> find r2d2netg with triple (r2d2,,) : OK jlr@newlnxjlr(24) ldapsearch -x -b "ou=netgroup,dc=devldapdom1,dc=lcsc" -s one "(&(objectClass=nisNetgroup)(cn=r2d2netg))" cn nisNetgroupTriple # extended LDIF # # LDAPv3 # base <ou=netgroup,dc=devldapdom1,dc=lcsc> with scope oneLevel # filter: (&(objectClass=nisNetgroup)(cn=r2d2netg)) # requesting: cn nisNetgroupTriple #
# r2d2netg, netgroup, devldapdom1.lcsc dn: cn=r2d2netg,ou=netgroup,dc=devldapdom1,dc=lcsc cn: r2d2netg nisNetgroupTriple: (r2d2,,)
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
// locate the netgroup by triple -> NOT FOUND? PROBLEM. jlr@newlnxjlr(25) ldapsearch -x -b "ou=netgroup,dc=devldapdom1,dc=lcsc" -s one "(&(objectClass=nisNetgroup)(nisNetgroupTriple=(r2d2,,)))" cn # extended LDIF # # LDAPv3 # base <ou=netgroup,dc=devldapdom1,dc=lcsc> with scope oneLevel # filter: (&(objectClass=nisNetgroup)(nisNetgroupTriple=(r2d2,,))) # requesting: cn #
# search result search: 2 result: 0 Success
# numResponses: 1
// eof