(ITS#7985) Recursive values - openldap-bugs

18 Nov 2014


      Full_Name: Oleg Belykh
Version: 2.4.40
OS: FreeBSD
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (37.99.40.12)
We are testing latest OpenLDAP 2.4.40 with mdb (FreeBSD 10) with our custom
schema and structure. 
Error details: request returns recursive values on some leaves. Some sensitive
values replaced with 'âŠ' Please check:
custom schema:
# Telephone Attributes
attributetype ( 1.3.6.1.4.1.4203.666.6273.2.1 NAME 'telephoneNumberAccessCode'
        DESC 'Access code for telephoneNumber services'
        EQUALITY caseIgnoreIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.4203.666.6273.2.2 NAME 'faxDeliveryMailbox'
        EQUALITY caseIgnoreIA5Match
        SUBSTR caseIgnoreIA5SubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
attributetype ( 1.3.6.1.4.1.4203.666.6273.2.3 NAME 'voiceDeliveryMailbox'
        DESC 'Voice Mailbox'
        EQUALITY caseIgnoreIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.4203.666.6273.2.4 NAME 'phoneGroupName'
        DESC 'Telephone Group Name'D0D
        EQUALITY caseIgnoreIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
objectclass ( 1.3.6.1.4.1.4203.666.6273.2.100 NAME 'telephoneNumberAccount'
        DESC 'Telephone account'
        SUP top STRUCTURAL
        MUST ( telephoneNumber )
        MAY ( userPassword $ telephoneNumberAccessCode $ macAddress $
faxDeliveryMailbox ) )
ldapsearch results:
root@sw:/lib/ldap # ldapsearch -H 'ldapi://%2fvar%2frun%2fopenldap%2fldapi/' -W
-b 'dc=âŠ' -D 'cn=ldroot,dc=âŠ'
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=âŠ> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# âŠ
dn: dc=âŠ
objectClass: dcObject
objectClass: organization
objectClass: top
dc: ...
o: ...
# accounts, âŠ
dn: ou=accounts,dc=âŠ
objectClass: top
objectClass: organizationalUnit
ou: accounts
# persons, accounts, âŠ
dn: ou=persons,ou=accounts,dc=âŠ
objectClass: organizationalUnit
ou: persons
# kerberos, accounts, âŠ
dn: ou=kerberos,ou=accounts,dc=âŠ
objectClass: organizaonalalUnit
ou: kerberos
# mails, accounts, âŠ
dn: ou=mails,ou=accounts,dc=âŠ
objectClass: organizationalUnit
ou: mails
# phones, accounts, âŠ
dn: ou=phones,ou=accounts,dc=âŠ
objectClass: organizationalUnit
ou: phones
# groups, âŠ
dn: ou=groups,dc=âŠ
objectClass: top
objectClass: organizationalUnit
ou: groups
# userGroups, groups, âŠ
dn: ou=userGroups,ou=groups,dc=âŠ
objectClass: organizationalUnit
ou: usergroups
# phoneGroups, groups, âŠ
dn: ou=phoneGroups,ou=groups,dc>2E2Š
objectClass: organizationalUnit
ou: phonegroups
# computers, âŠ
dn: ou=computers,dc=âŠ
objectClass: top
objectClass: organizationalUnit
ou: computers
# services, âŠ
dn: ou=services,dc=âŠ
objectClass: top
objectClass: organizationalUnit
ou: services
# manager, accounts, âŠ
dn: uid=manager,ou=accounts,dc=âŠ
objectClass: account
objectClass: simpleSecurityObject
uid: manager
userPassword:: ...
# freeswitch, accounts, âŠ
dn: uid=freeswitch,ou=accounts,dc=âŠ
objectClass: account
objectClass: simpleSecurityObject
uid: freeswitch
userPassword:: ...
# admins, userGroups, groups, âŠ
dn: cn=admins,ou=userGroups,ou=groups,dc=âŠ
objectClass: posixGroup
cn: admins
gidNumber: 10000
description: Group account
memberUid: ...
# users, userGroups, groups, âŠ
dn: cn=users,ou=userGroups,ou=groups,dc=âŠ
objectClass: posixGroup
cn: users
gidNumber: 10001
description: Group account
# ..., persons, accounts, âŠ
dn: uid=...,ou=persons,ou=accounts,dc=2%2Š
objectClass: posixAccount
objectClass: top
objectClass: inetOrgPerson
gidNumber: 10000
givenName: ...
initials: v
sn: ..
displayName: ...
uid: ...
homeDirectory: /dev/null
loginShell: /bin/sh
cn: ...
uidNumber: 20107
userPassword:: ...
telephoneNumber: 2020
( !!!! )
# 1000, phones, accounts, âŠ
dn: telephoneNumber=1000,ou=phones,ou=accounts,dc=âŠ
telephoneNumber: 1000
telephoneNumberAccessCode: 8864
objectClass: telephoneNumberAccount
userPassword:: âŠ.
# 2020, phones, accounts, âŠ
dn: telephoneNumber=2020,ou=phones,ou=accounts,dc=âŠ
telephoneNumber: 2020
telephoneNumberAccessCode: 8864
objectClass: telephoneNumberAccount
userPassword:: âŠ.
# 1000, 2020, phones, accounts, âŠ
dn: telephoneNumber=1000,telephonumumber=2020,ou=phones,ou=accounts,dc=...
telephoneNumber: 1000
telephoneNumberAccessCode: 8864
objectClass: telephoneNumberAccount
userPassword:: âŠ.
# 1000, 1000, 2020, phones, accounts, âŠ
dn: telephoneNumber=1000,telephoneNumber=0000,telephoneNumber=2020,ou=phones,o
 u=accounts,dc=âŠ
telephoneNumber: 1000
telephoneNumberAccessCode: 8864
objectClass: telephoneNumberAccount
userPassword:: âŠ.
# 1000, 1000, 1000, 2020, phones, accounts, âŠ
dn: telephoneNumber=1000,telephoneNumber=1000,telephoneNumber=1000,telephoneNu
 mber=2020,ou=phones,ou=accounts,dc=âŠ
telephoneNumber: 1000
telephoneNumberAccessCode: 8864
objectClass: telephoneNumberAccount
userPassword:: âŠ.
# 1000, 1000, 1000, 1000, 2020, phones, accounts, â080Š
dn: telephoneNumber=1000,telephoneNumber=1000,telephoneNumber=1000,telephoneNu
 mber=1000,telephoneNumber=2020,ou=phones,ou=accounts,dc=âŠ
telephoneNumber: 1000
telephoneNumberAccessCode: 8864
objectClass: telephoneNumberAccount
userPassword:: âŠ.
# 1000, 1000, 1000% 1 1000, 1000, 2020, phones, accounts, âŠ
dn: telephoneNumber=1000,telephoneNumber=1000,telephoneNumber=1000,telephoneNu
 mber=1000,telephoneNumber=1000,telephoneNumber=2020,ou=phones,ou=accounts,dc=...
telephoneNumber: 1000
telephoneNumberAccessCode:86864
objectClass: telephoneNumberAccount
userPassword:: âŠ.
# 1000, 1000, 1000, 1000, 1000, 1000, 2020, phones, accounts, âŠ
dn: telephoneNumber=1000,telephoneNumber=1000,telephoneNumber=1000,telephoneNu
 mber=1000,telephoneNumber=1000,telephoneNumber=1000,telephoneNumber=2020,ou=p
 hones,ou=accounts,dc=âŠ
telephoneNumber: 1000
telephoneNumberAccessCode: 8864
objectClass: telephoneNumberAccount
userPassword:: âŠ.
# 1000, 1000, 1000, 1000, 1000, 1000, 1000, 2020, phones, accounts, âŠ
dn: telephoneNumber=1000,telephoneNumber=1000,telephoneNumber=1000,telephoneNu
 mber=1000,telephoneNumber=1000,telephoneNumber=1000,telephoneNumber=1000,tele
 phoneNumber=2020,ou=phones,ou=accounts,dc=âŠ
telephoneNumber: 1000
telephoneNumberAccessCode: 64%0
objectClass: telephoneNumberAccount
userPassword:: âŠ.
# 1000, 1000, 1000, 1000, 1000, 1000, 1000, 1000, 2020, phones, accounts, time.
 kz
dn: telephoneNumber=1000,telephoneNumber=1000,telephoneNumber=1000,telephoneNu
 mber=1000,telephoneNumber=1000,telephoneNumber=1000,telephoneNumber=1000,tele
 phoneNumber=1000,telephoneNumber=2020,ou=phones,ou=accounts,dc=âŠ
telephoneNumber: 1000
telephoneNumberAccessCode: 8864
objectClass: telephoneNumberAccount
userPassword:: âŠ.
# 1000, 1000, 1000, 1000, 1000, 1000, 1000, 1000, 1000, 2020, phones, accounts,
  âŠ
dn: telephoneNumber=1000,telephoneNumber=1000,telephoneNumber=1000,telephoneNu
 mber=1000,telephoneNumber=1000,telephoneNumber=1000,telephoneNumber=1000,tele
 phoneNumber=1000,telephoneNumber=1000,telephoneNumber=2020,ou=phones,ou=accou
 nts,dc=âŠ
telephoneNumber: 1000
telephoneNumberAccessCode: 8864
objectClass: telephoneNumberAccount
userPassword:: âŠ.
# 1000, 1000, 1000, 1000, 1000, 1000, 1000, 1000, 1000!01000, 2020, phones, acc
 ounts, âŠ
dn: telephoneNumber=1000,telephoneNumber=1000,telephoneNumber=1000,telephoneNu
 mber=1000,telephoneNumber=1000,telephoneNumber=1000,telephoneNumber=1000,tele
 phoneNumber=1000,telephoneNumber=1000,telephoneNumber=1000,telephoneNumber=20
 20,ou=phones,ou=accounts,dc=âŠ
telephoneNumber: 1000
telephoneNumberAccessCode: 8864
objectClass: telephoneNumberAccount
userPassword:: âŠ.
if you need screenshots from some ldap management utils, please mail me.