https://bugs.openldap.org/show_bug.cgi?id=9893
Issue ID: 9893 Summary: Unable to create ldap object with same unique value as deleted object Product: OpenLDAP Version: 2.6.3 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: overlays Assignee: bugs@openldap.org Reporter: curtis.ruck+github@gmail.com Target Milestone: ---
I have a unique overlay that is trying to ensure uniqueness of two attributes, mail and uid.
My configdir config for my mdb database:
dn: olcOverlay={1}unique objectClass: olcUniqueConfig objectClass: olcOverlayConfig olcOverlay: unique olcUniqueURI: ldap://?mail?sub olcUniqueURI: ldap://?uid?sub structuralObjectClass: olcUniqueConfig
If I delete a user, and then go to recreate it, I get this error:
msgtype 105, error 19, constraint violation non-unique attributes found with (|(uid=jdoe)(givenName=John)(sn=Doe)(cn=John Doe)(mail=john@example.com)(userPassword=<password>)(objectClass=inetOrgPerson))
Somehow I believe the unique index structure is broken.
https://bugs.openldap.org/show_bug.cgi?id=9893
curtis.ruck+github@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |curtis.ruck+github@gmail.co | |m
--- Comment #1 from curtis.ruck+github@gmail.com --- Further information... I can't create any new objects (users) after deleting an object, even if I have a new mail and uid attribute.
Seems I have to stop the instance, slapcat it, delete the mdb files, and slapadd them back.
https://bugs.openldap.org/show_bug.cgi?id=9893
--- Comment #2 from Howard Chu hyc@openldap.org --- What is the output from ldapsearch using the filter shown in the error message?
https://bugs.openldap.org/show_bug.cgi?id=9893
--- Comment #3 from Michael Ströder michael@stroeder.com --- (In reply to curtis.ruck+github from comment #0)
My configdir config for my mdb database: [..] olcUniqueURI: ldap://?mail?sub olcUniqueURI: ldap://?uid?sub structuralObjectClass: olcUniqueConfig
If I delete a user, and then go to recreate it, I get this error:
msgtype 105, error 19, constraint violation non-unique attributes found with (|(uid=jdoe)(givenName=John)(sn=Doe)(cn=John Doe)(mail=john@example. com)(userPassword=<password>)(objectClass=inetOrgPerson))
I'm a bit confused that the filter in the error messages contains assertion types 'givenName', 'sn', 'cn' and 'userPassword' which are not listed in your slapo-unique config.
https://bugs.openldap.org/show_bug.cgi?id=9893
--- Comment #4 from curtis.ruck+github@gmail.com --- (In reply to Michael Ströder from comment #3)
(In reply to curtis.ruck+github from comment #0)
My configdir config for my mdb database: [..] olcUniqueURI: ldap://?mail?sub olcUniqueURI: ldap://?uid?sub structuralObjectClass: olcUniqueConfig
If I delete a user, and then go to recreate it, I get this error:
msgtype 105, error 19, constraint violation non-unique attributes found with (|(uid=jdoe)(givenName=John)(sn=Doe)(cn=John Doe)(mail=john@example. com)(userPassword=<password>)(objectClass=inetOrgPerson))
I'm a bit confused that the filter in the error messages contains assertion types 'givenName', 'sn', 'cn' and 'userPassword' which are not listed in your slapo-unique config.
I am also. I am just doing an ldapadd with those attributes, and it responds with that error.
https://bugs.openldap.org/show_bug.cgi?id=9893
--- Comment #5 from curtis.ruck+github@gmail.com --- If i turn on filter/ber debug levels I see this:
62ed6d14.36c5613d 0x7f3a7ffff700 ==> unique_add <uid=john.doe,ou=users,dc=example,dc=com> 62ed6d14.36c58ae1 0x7f3a7ffff700 ==> unique_search (|(uid=john.doe)(givenName=John)(sn=Doe)(cn=John Doe)(mail=john.doe@example.com)(userPassword=changeit)(objectClass=inetOrgPerson)) 62ed6d14.36c593a1 0x7f3a7ffff700 str2filter "(|(uid=john.doe)(givenName=John)(sn=Doe)(cn=John Doe)(mail=john.doe@example.com)(userPassword=changeit)(objectClass=inetOrgPerson))" 62ed6d14.36c5a26f 0x7f3a7ffff700 put_filter: "(|(uid=john.doe)(givenName=John)(sn=Doe)(cn=John Doe)(mail=john.doe@example.com)(userPassword=changeit)(objectClass=inetOrgPerson))" 62ed6d14.36c5aa0d 0x7f3a7ffff700 put_filter: OR 62ed6d14.36c5b791 0x7f3a7ffff700 put_filter_list "(uid=john.doe)(givenName=John)(sn=Doe)(cn=John Doe)(mail=john.doe@example.com)(userPassword=changeit)(objectClass=inetOrgPerson)" 62ed6d14.36c5bfe3 0x7f3a7ffff700 put_filter: "(uid=john.doe)" 62ed6d14.36c5c6ff 0x7f3a7ffff700 put_filter: simple 62ed6d14.36c5ce9d 0x7f3a7ffff700 put_simple_filter: "uid=john.doe" 62ed6d14.36c5de5c 0x7f3a7ffff700 put_filter: "(givenName=John)" 62ed6d14.36c5e55a 0x7f3a7ffff700 put_filter: simple 62ed6d14.36c5edfc 0x7f3a7ffff700 put_simple_filter: "givenName=John" 62ed6d14.36c5f8b0 0x7f3a7ffff700 put_filter: "(sn=Doe)" 62ed6d14.36c6009e 0x7f3a7ffff700 put_filter: simple 62ed6d14.36c607ce 0x7f3a7ffff700 put_simple_filter: "sn=Doe" 62ed6d14.36c611ba 0x7f3a7ffff700 put_filter: "(cn=John Doe)" 62ed6d14.36c61854 0x7f3a7ffff700 put_filter: simple 62ed6d14.36c61ffc 0x7f3a7ffff700 put_simple_filter: "cn=John Doe" 62ed6d14.36c6298e 0x7f3a7ffff700 put_filter: "(mail=john.doe@example.com)" 62ed6d14.36c630be 0x7f3a7ffff700 put_filter: simple 62ed6d14.36c63802 0x7f3a7ffff700 put_simple_filter: "mail=john.doe@example.com" 62ed6d14.36c642a2 0x7f3a7ffff700 put_filter: "(userPassword=changeit)" 62ed6d14.36c649c8 0x7f3a7ffff700 put_filter: simple 62ed6d14.36c668b8 0x7f3a7ffff700 put_simple_filter: "userPassword=changeit" 62ed6d14.36c6731c 0x7f3a7ffff700 put_filter: "(objectClass=inetOrgPerson)" 62ed6d14.36c679f2 0x7f3a7ffff700 put_filter: simple 62ed6d14.36c680dc 0x7f3a7ffff700 put_simple_filter: "objectClass=inetOrgPerson" .... whole bunch of filter stuff ... 62ed6d14.3706f55f 0x7f3a7ffff700 send_ldap_result: conn=1002 op=2 p=3 62ed6d14.3707097d 0x7f3a7ffff700 => unique_search found 13 records 62ed6d14.37071341 0x7f3a7ffff700 send_ldap_result: conn=1002 op=2 p=3 62ed6d14.37071f67 0x7f3a7ffff700 send_ldap_response: msgid=3 tag=105 err=19 62ed6d14.370736eb 0x7f3a7ffff700 ber_flush2: 181 bytes to sd 12 62ed6d14.37073f33 0x7f3a7ffff700 0000: 30 81 b2 02 01 03 69 81 ac 0a 01 13 04 00 04 81 0.....i......... 62ed6d14.37074519 0x7f3a7ffff700 0010: a4 6e 6f 6e 2d 75 6e 69 71 75 65 20 61 74 74 72 .non-unique attr 62ed6d14.37074a4b 0x7f3a7ffff700 0020: 69 62 75 74 65 73 20 66 6f 75 6e 64 20 77 69 74 ibutes found wit 62ed6d14.37074ee7 0x7f3a7ffff700 0030: 68 20 28 7c 28 75 69 64 3d 6a 6f 68 6e 2e 64 6f h (|(uid=john.do 62ed6d14.3707538d 0x7f3a7ffff700 0040: 65 29 28 67 69 76 65 6e 4e 61 6d 65 3d 4a 6f 68 e)(givenName=Joh 62ed6d14.37075e5f 0x7f3a7ffff700 0050: 6e 29 28 73 6e 3d 44 6f 65 29 28 63 6e 3d 4a 6f n)(sn=Doe)(cn=Jo 62ed6d14.370764e5 0x7f3a7ffff700 0060: 68 6e 20 44 6f 65 29 28 6d 61 69 6c 3d 6a 6f 68 hn Doe)(mail=joh 62ed6d14.37076b6b 0x7f3a7ffff700 0070: 6e 2e 64 6f 65 40 65 78 61 6d 70 6c 65 2e 63 6f n.doe@example.co 62ed6d14.37077115 0x7f3a7ffff700 0080: 6d 29 28 75 73 65 72 50 61 73 73 77 6f 72 64 3d m)(userPassword= 62ed6d14.370776a1 0x7f3a7ffff700 0090: 63 68 61 6e 67 65 69 74 29 28 6f 62 6a 65 63 74 changeit)(object 62ed6d14.37077c41 0x7f3a7ffff700 00a0: 43 6c 61 73 73 3d 69 6e 65 74 4f 72 67 50 65 72 Class=inetOrgPer 62ed6d14.370781eb 0x7f3a7ffff700 00b0: 73 6f 6e 29 29 son)) 62ed6d14.3708faeb 0x7f3a7ffff700 ldap_write: want=181, written=181 62ed6d14.37090a3b 0x7f3a7ffff700 0000: 30 81 b2 02 01 03 69 81 ac 0a 01 13 04 00 04 81 0.....i......... 62ed6d14.37091071 0x7f3a7ffff700 0010: a4 6e 6f 6e 2d 75 6e 69 71 75 65 20 61 74 74 72 .non-unique attr 62ed6d14.37091693 0x7f3a7ffff700 0020: 69 62 75 74 65 73 20 66 6f 75 6e 64 20 77 69 74 ibutes found wit 62ed6d14.37091cfb 0x7f3a7ffff700 0030: 68 20 28 7c 28 75 69 64 3d 6a 6f 68 6e 2e 64 6f h (|(uid=john.do 62ed6d14.37092377 0x7f3a7ffff700 0040: 65 29 28 67 69 76 65 6e 4e 61 6d 65 3d 4a 6f 68 e)(givenName=Joh 62ed6d14.37092967 0x7f3a7ffff700 0050: 6e 29 28 73 6e 3d 44 6f 65 29 28 63 6e 3d 4a 6f n)(sn=Doe)(cn=Jo 62ed6d14.37092f89 0x7f3a7ffff700 0060: 68 6e 20 44 6f 65 29 28 6d 61 69 6c 3d 6a 6f 68 hn Doe)(mail=joh 62ed6d14.370936d7 0x7f3a7ffff700 0070: 6e 2e 64 6f 65 40 65 78 61 6d 70 6c 65 2e 63 6f n.doe@example.co 62ed6d14.37093c27 0x7f3a7ffff700 0080: 6d 29 28 75 73 65 72 50 61 73 73 77 6f 72 64 3d m)(userPassword= 62ed6d14.3709434d 0x7f3a7ffff700 0090: 63 68 61 6e 67 65 69 74 29 28 6f 62 6a 65 63 74 changeit)(object 62ed6d14.37094933 0x7f3a7ffff700 00a0: 43 6c 61 73 73 3d 69 6e 65 74 4f 72 67 50 65 72 Class=inetOrgPer 62ed6d14.37094ea1 0x7f3a7ffff700 00b0: 73 6f 6e 29 29 son)) 62ed6d14.37096b57 0x7f3a7ffff700 conn=1002 op=2 RESULT tag=105 err=19 qtime=0.000022 etime=0.004780 text=non-unique attributes found with (|(uid=john.doe)(givenName=John)(sn=Doe)(cn=John Doe)(mail=john.doe@example.com)(userPassword=changeit)(objectClass=inetOrgPerson))
https://bugs.openldap.org/show_bug.cgi?id=9893
--- Comment #6 from Quanah Gibson-Mount quanah@openldap.org --- (In reply to curtis.ruck+github from comment #5)
If i turn on filter/ber debug levels I see this:
You should provide the information requested in comment #2
https://bugs.openldap.org/show_bug.cgi?id=9893
--- Comment #7 from curtis.ruck+github@gmail.com --- If i search with the given filter, it matches all the other users due to the (objectclass=inetorgperson) being in the OR filter.
I don't know why the unique overlay is generating filters like this, only after deleting a user.
https://bugs.openldap.org/show_bug.cgi?id=9893
--- Comment #8 from Howard Chu hyc@openldap.org --- (In reply to curtis.ruck+github from comment #7)
If i search with the given filter, it matches all the other users due to the (objectclass=inetorgperson) being in the OR filter.
I don't know why the unique overlay is generating filters like this, only after deleting a user.
Looks like your config is invalid. The URIs are missing a '/' and you probably should have only a single URI configured:
ldap:///?mail,uid?sub
https://bugs.openldap.org/show_bug.cgi?id=9893
Howard Chu hyc@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |INVALID Status|UNCONFIRMED |RESOLVED
https://bugs.openldap.org/show_bug.cgi?id=9893
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords|needs_review | Status|RESOLVED |VERIFIED
-
openldap-its@openldap.org