Re: (ITS#5172) slash in dn - openldap-bugs

7 Oct 2007


      reinhold.may@gmx.de wrote:
...
I'm fairly new to OpenLDAP and hope I've not misunderstood things... in that
case: sorry.
I've been trying to import the following .ldif:
dn: dc=somedomain,dc=org
objectclass: top
objectclass: dcObject
objectclass: organization
o: somedomain LDAP
dc: somedomain
dn: ou=My address book,dc=somedomain,dc=org
objectclass: top
objectclass: organizationalUnit
ou: My address book
dn: ou=With/Slash,ou=My address book,dc=somedomain,dc=org
objectclass: top
objectclass: organizationalUnit
ou: Medical
dn: cn=With/Slash,ou=My address book,dc=somedomain,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
objectclass: mozillaAbPersonAlpha
cn: With/Slash
sn: With/Slash
The above LDIF is inconsistent: the "cn=With/Slash,ou=My address
book,dc=somedomain,dc=org" entry is repeated, and in the first
occurrence it is inconsistent: the distinguished value "With/Slash" is
not present in the entry, there's a "Medical" instead.  I suspect you
messed things up when sanitizing your data.
...
The "/" results into the following error message:
ldap_add: No such object (32)
        additional info: Parent does not exist
This error means that the parent of the entry you're trying to add does
not exist.  Here "parent" means the entry immediately below the one
you're trying to add, so assuming you're trying to add
"cn=With/Slash,ou=My address book,dc=somedomain,dc=org", what appears to
be missing is "ou=My address book,dc=somedomain,dc=org".  Are you sure
it exists?  By looking at the server's logs at "stats,trace" level, can
you tell what DN is being looked up for the parent?
...
If my last entry reads:
dn: cn=WithoutSlash,ou=My address book,dc=somedomain,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
objectclass: mozillaAbPersonAlpha
cn: WithoutSlash
sn: WithoutSlash
slapd accepts the entry and adds it to its directory.
I've read RFCs 2849 (about LDIF) and 2253 (about DNs) and can't even find "/" to
be a special character.  But just in case it was forgotten, I tried to represent
it as "/" and "\2f" but neither solution helped.
Yes, it's not.
Using OpenLDAP 2.3 code, I can correctly parse the DN you suspect to
trigger the unexpected behavior you reported:
$ slapdn 'cn=With/Slash,ou=My address book,dc=somedomain,dc=org'
DN: <cn=With/Slash,ou=My address book,dc=somedomain,dc=org> check succeeded
normalized: <cn=with/slash,ou=my address book,dc=somedomain,dc=org>
pretty:     <cn=With/Slash,ou=My address book,dc=somedomain,dc=org>
$ ./libraries/libldap/dntest 'cn=With/Slash,ou=My address
book,dc=somedomain,dc=org'
        ldap_rdn2str() = "cn=With/Slash"
        ldap_rdn2str() = "ou=My address book"
        ldap_rdn2str() = "dc=somedomain"
        ldap_rdn2str() = "dc=org"
ldap_dn2str(ldap_str2dn("cn=With/Slash,ou=My address
book,dc=somedomain,dc=org"))
        = "cn=With/Slash,ou=My address book,dc=somedomain,dc=org"
ldap_dn2domain("cn=With/Slash,ou=My address book,dc=somedomain,dc=org")
        = "somedomain.org"
ldap_dn2ufn("cn=With/Slash,ou=My address book,dc=somedomain,dc=org")
        = "With/Slash, My address book, somedomain.org"
ldap_dn2dcedn("cn=With/Slash,ou=My address book,dc=somedomain,dc=org")
        = "/dc=org/dc=somedomain/ou=My address book/cn=With/Slash"
ldap_dcedn2dn("/dc=org/dc=somedomain/ou=My address book/cn=With/Slash")
        = "cn=With/Slash,ou=My address book,dc=somedomain,dc=org"
ldap_dn2ad_canonical("cn=With/Slash,ou=My address
book,dc=somedomain,dc=org")
        = "somedomain.org/My address book/With/Slash"
ldap_explode_dn("cn=With/Slash,ou=My address book,dc=somedomain,dc=org"):
        "cn=With/Slash"
        ldap_explode_rdn("cn=With/Slash")
                'cn=With/Slash'
        ldap_explode_rdn("cn=With/Slash") (no types)
                        "With/Slash"
        "ou=My address book"
        ldap_explode_rdn("ou=My address book")
                'ou=My address book'
        ldap_explode_rdn("ou=My address book") (no types)
                        "My address book"
        "dc=somedomain"
        ldap_explode_rdn("dc=somedomain")
                'dc=somedomain'
        ldap_explode_rdn("dc=somedomain") (no types)
                        "somedomain"
        "dc=org"
        ldap_explode_rdn("dc=org")
                'dc=org'
        ldap_explode_rdn("dc=org") (no types)
                        "org"
ldap_explode_dn("cn=With/Slash,ou=My address book,dc=somedomain,dc=org")
(no types):
        "With/Slash"
        "My address book"
        "somedomain"
        "org"
"cn=With/Slash,ou=My address book,dc=somedomain,dc=org"
         == "cn=With/Slash,ou=My address book,dc=somedomain,dc=org" ? yes
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it
---------------------------------------