Well, i've sorted out this problem. Rich has pointed out that it's an html/xml escape. He was right. Since i was working on our production servers there were some requests constantly coming in. I've searched through the access logs and found that the source of the problem is a broken web application that requests an incorrect DN : [25/Aug/2010:21:25:21 +0200] conn=4201 op=1 SRCH base="cn=cadre d',astreinte,ou=objets,dc=id,dc=polytechnique,dc=edu" scope=0 filter="(&(&(objectClass=X-Object)(ou=*)))" attrs="* modifyTimestamp" [25/Aug/2010:21:25:21 +0200] conn=4201 op=1 RESULT err=32 tag=101 nentries=0 etime=0.002000 These requests generate the messages i've seen in error log : [25/Aug/2010:21:25:21 +0200] entryrdn-index - entryrdn_index_read: Param error: Failed to convert cn=cadre d',astreinte,ou=objets,dc=id,dc=polytechnique,dc=edu to Slapi_RDN [25/Aug/2010:21:25:21 +0200] - dn2entry: Failed to get id for cn=cadre d',astreinte,ou=objets,dc=id,dc=polytechnique,dc=edu from entryrdn index (34) [25/Aug/2010:21:25:21 +0200] entryrdn-index - entryrdn_index_read: Param error: Failed to convert astreinte,ou=objets,dc=id,dc=polytechnique,dc=edu to Slapi_RDN So there is no problem in the server code, it's a broken application. It applies to both 6rc7 and 7rc1 versions of course. The reason why i thought there was no problem in rc7 case is that i've made the tests with rc7 at 21h00, at this time there were no users and so no requests from the above-mentioned application :)) I was alarmed because on our servers there are very few error messages in error logs and i know them all. This sort of error message (incorrect DN or filter in ldap search requests) was not logged in previous 389 versions, it's a behavour change... So the only thing that i should look into is the server crash during SSL incremental replication in the current git version. 2010/8/25 Noriko Hosoi <nhosoi at redhat.com> > > On 08/25/2010 10:44 AM, Rich Megginson wrote: >> >> Noriko Hosoi wrote: >>> >>> Hi Andrey, >>> >>> Looking at this line,', is not a UTF-8 representation of >>> apostrophe. Rather a Latin-1 representation? Also, it contains ',' >>> in the rdn value without an escape. It's considered a separator >>> between rdns. I wonder who created the input DN...? >>> >>> entryrdn-index - entryrdn_index_read: Param error: Failed to convert >>> cn=salon d',honneur,ou=objets,dc=id,dc=polytechnique,dc=edu to >>> Slapi_RDN >>> >> ', looks like some sort of html/xml escape? >> http://www.theukwebdesigncompany.com/articles/entity-escape-characters.php > > Thanks, Rich! You are right! And I don't think our DN normalizer supports it. > > Andrey, what you observe is ... > 389 v1.2.6.rc7 has no problem to handle cn=salon d',honneur, but 1.2.7.a1 does? > > We haven't touched the normalizer between 1.2.6.rc7 and 1.2.7.a1, I think... > --noriko >>> >>> Thanks, >>> --noriko >>> >>> On 08/25/2010 08:35 AM, Andrey Ivanov wrote: >>>> >>>> Hi, >>>> >>>> i'm continuing to test the latest version of 389. Here are the error >>>> messages that i've seen (it happened only once for now) in error log : >>>> >>>> [25/Aug/2010:17:21:10 +0200] entryrdn-index - entryrdn_index_read: >>>> Param error: Failed to convert cn=salon >>>> d',honneur,ou=objets,dc=id,dc=polytechnique,dc=edu to Slapi_RDN >>>> [25/Aug/2010:17:21:10 +0200] - dn2entry: Failed to get id for >>>> cn=salon d',honneur,ou=objets,dc=id,dc=polytechnique,dc=edu from >>>> entryrdn index (34) >>>> [25/Aug/2010:17:21:10 +0200] entryrdn-index - entryrdn_index_read: >>>> Param error: Failed to convert >>>> honneur,ou=objets,dc=id,dc=polytechnique,dc=edu to Slapi_RDN >>>> [25/Aug/2010:17:21:10 +0200] - dn2entry: Failed to get id for >>>> honneur,ou=objets,dc=id,dc=polytechnique,dc=edu from entryrdn index (34) >>>> >>>> >>>> The object in question is >>>> cn=SALON D'HONNEUR,ou=Objets,dc=id,dc=polytechnique,dc=edu >>>> departmentNumber: DG/SG/MG/REST >>>> objectClass: top >>>> cn: SALON D'HONNEUR >>>> >>>> What is the problem with this entry, conversion to Slapi_DN and >>>> entryrdn index? Here are the >>>> corresponding entries extracted with dbscan : >>>> >>>> 5370:cn=salon d'honneur >>>> ID: 5370; RDN: "cn=SALON D'HONNEUR"; NRDN: "cn=salon d'honneur" >>>> >>>> C3106:ou=objets >>>> ID: 5370; RDN: "cn=SALON D'HONNEUR"; NRDN: "cn=salon d'honneur" >>>> >>>> P5370:cn=salon d'honneur >>>> ID: 3106; RDN: "ou=Objets"; NRDN: "ou=objets" >>>> >>>> >>>> >>>> I have not made any upgrades of the existing server. Instead, i have >>>> exported the ldif by db2ldif and then imported it into the new server, >>>> so there was no conversion phase. >>>> >>>> >>>> Andrey Ivanov >>>> tel +33-(0)1-69-33-99-24 >>>> fax +33-(0)1-69-33-99-55 >>>> >>>> Direction des Systemes d'Information >>>> Ecole Polytechnique >>>> 91128 Palaiseau CEDEX >>>> France >>>> >>>> -- >>>> 389 users mailing list >>>> 389-users at lists.fedoraproject.org >>>> https://admin.fedoraproject.org/mailman/listinfo/389-users >>> >>> ------------------------------------------------------------------------ >>> >>> -- >>> 389 users mailing list >>> 389-users at lists.fedoraproject.org >>> https://admin.fedoraproject.org/mailman/listinfo/389-users >> >> -- >> 389 users mailing list >> 389-users at lists.fedoraproject.org >> https://admin.fedoraproject.org/mailman/listinfo/389-users > > > > -- > 389 users mailing list > 389-users at lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20100825/c89b73b0/attachment.html
