Re: [389-users] stuck on a single entry

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Christopher Wood wrote:
> On Thu, Mar 25, 2010 at 11:59:31AM -0600, Rich Megginson wrote:
>   
>> Christopher Wood wrote:
>>     
>>> I'm having another issue that I'm not making headway on. This time, I can't import a single value into one attribute in my directory. The attribute in question is a DirectoryString . (Previously it was an IA5String and I had issues with many values, but I changed it to DirectoryString and now only this entry is giving me trouble.)
>>>
>>>
>>> Question:
>>>
>>> What troubleshooting steps can I use to identify the portion of the user-supplied string that is causing the "value #0 invalid per syntax" error?
>>>
>>>
>>> Here's the error I get from ldapmodify:
>>>
>>> modifying entry "ldapAuthControlCode=1234567, ou=UsersByControlCode, o=mycompany"
>>> ldap_modify: Invalid syntax (21)
>>>         additional info: ldapAuthSieve: value #0 invalid per syntax
>>>
>>>
>>> Here's the schema for ldapAuthSieve from /opt/dirsrv/etc/dirsrv/slapd-cwlab-02/schema/99user.ldif:
>>>
>>> attributeTypes: ( 1.3.6.1.4.1.2805.1.1.1.1.36 NAME 'ldapAuthSieve' DESC 'The v
>>>  acation message subject line' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VA
>>>  LUE X-ORIGIN 'user defined' )
>>>
>>>
>>> Points:
>>>
>>> The value I'm having trouble with is base64 encoded.
>>>
>>> The text inside the base64 encoding is bilingual English/French. It at least displays fine in my xterm.
>>>   
>>>       
>> value #0 invalid per syntax with DirectoryString syntax values usually 
>> means the value is not a valid utf-8 encoded string.
>>     
>>> I can ldapmodify this attribute in this entry with other base64-encoded strings.
>>>   
>>>       
>> Can you give an example of an LDIF that works with ldapmodify and one 
>> that fails with ldapmodify?
>>     
>
> I've narrowed it down to three characters (àôç), where if I include those in my base64 encoded string I get "#0 invalid per syntax". If I use each individually as the only value in my base64-encoded string, I get the same error.
>   
Right.  They are not utf-8 encoded, probably latin-1.
python
 >>> foo = 'àôç'
 >>> foo
'\xc3\xa0\xc3\xb4\xc3\xa7'
 >>> bar = u'àôç'
 >>> bar
u'\xe0\xf4\xe7'

> By contrast, if I use [A-Za-z0-9] characters only (base64-encoded) in my value then the ldap value is modified without any difficulties. I haven't tested with every single other character, so there may be more that cause this error.
>   
The 7-bit ascii character set is essentially utf-8, so 7-bit ascii 
characters always validate as valid utf-8 characters.
> I'm a bit confused as to why this happens. I thought the point of base64-encoding was that we could stuff arbitrary strings in?
No, you can't get around syntax validation by base64 encoding.

However, many LDAP clients are capable of converting latin-1 characters 
to utf-8.  It could be that because it is base64 encoded, your LDAP 
client cannot automatically convert the values to utf-8.
>  Or does the fact that they're not UTF8 affect the encoding?
>   
Yes.
> Is there a way to ensure that these values will be translated to an appropriate encoding in the initialization and replication process?
>   
You have to convert them to utf-8 before storing in LDAP.  Once in LDAP, 
LDAP will just pass around the values as utf-8.  It is up to the clients 
to convert the utf-8 to something "human readable".
>   
>>> I can ldapmodify this attribute in this entry with a much longer base64-encoded string, so I'm fairly sure I haven't hit a limit on the number of characters.
>>>   
>>>       
>> I don't think it is a limit on the number of characters that is causing 
>> the problem.
>>     
>>> Error log output with debug level of 1 when I was running ldapmodify:
>>>
>>>
>>> [25/Mar/2010:13:23:04 -0400] - reslimit_update_from_entry(): setting limit for handle 1 (based on nsSizeLimit)
>>> [25/Mar/2010:13:23:04 -0400] - reslimit_update_from_entry(): setting limit for handle 2 (based on nsTimeLimit)
>>> [25/Mar/2010:13:23:04 -0400] - reslimit_update_from_entry(): setting limit for handle 3 (based on nsIdleTimeout)
>>> [25/Mar/2010:13:23:04 -0400] - <= reslimit_update_from_entry() returning status 0
>>> [25/Mar/2010:13:23:08 -0400] - ldbm backend flushing
>>> [25/Mar/2010:13:23:08 -0400] - ldbm backend done flushing
>>> [25/Mar/2010:13:23:08 -0400] - ldbm backend flushing
>>> [25/Mar/2010:13:23:08 -0400] - ldbm backend done flushing
>>> [25/Mar/2010:13:23:08 -0400] - ldbm backend flushing
>>> [25/Mar/2010:13:23:08 -0400] - ldbm backend done flushing
>>> [25/Mar/2010:13:23:35 -0400] - => ids_sasl_server_new (cwlab-02.pvt.primus.ca)
>>> [25/Mar/2010:13:23:35 -0400] - ids_sasl_getopt: plugin= option=log_level
>>> [25/Mar/2010:13:23:35 -0400] - ids_sasl_getopt: plugin= option=auto_transition
>>> [25/Mar/2010:13:23:35 -0400] - <= ids_sasl_server_new
>>> [25/Mar/2010:13:23:35 -0400] - => slapi_reslimit_get_integer_limit() conn=0xb01e7248, handle=3
>>> [25/Mar/2010:13:23:35 -0400] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
>>> [25/Mar/2010:13:23:35 -0400] - => slapi_reslimit_get_integer_limit() conn=0xb01e7188, handle=3
>>> [25/Mar/2010:13:23:35 -0400] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
>>> [25/Mar/2010:13:23:35 -0400] - => slapi_reslimit_get_integer_limit() conn=0xb01e7008, handle=3
>>> [25/Mar/2010:13:23:35 -0400] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
>>> [25/Mar/2010:13:23:35 -0400] - => slapi_reslimit_get_integer_limit() conn=0xb01e70c8, handle=3
>>> [25/Mar/2010:13:23:35 -0400] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
>>> [25/Mar/2010:13:23:35 -0400] - add_pb 
>>> [25/Mar/2010:13:23:35 -0400] - => slapi_reslimit_get_integer_limit() conn=0xb01e7188, handle=3
>>> [25/Mar/2010:13:23:35 -0400] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
>>> [25/Mar/2010:13:23:35 -0400] - => slapi_reslimit_get_integer_limit() conn=0xb01e7008, handle=3
>>> [25/Mar/2010:13:23:35 -0400] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
>>> [25/Mar/2010:13:23:35 -0400] - => slapi_reslimit_get_integer_limit() conn=0xb01e70c8, handle=3
>>> [25/Mar/2010:13:23:35 -0400] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
>>> [25/Mar/2010:13:23:35 -0400] - get_pb 
>>> [25/Mar/2010:13:23:35 -0400] - do_bind
>>> [25/Mar/2010:13:23:35 -0400] - BIND dn="cn=Directory Manager" method=128 version=3
>>> [25/Mar/2010:13:23:35 -0400] - => get_ldapmessage_controls
>>> [25/Mar/2010:13:23:35 -0400] - <= get_ldapmessage_controls no controls
>>> [25/Mar/2010:13:23:35 -0400] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.16)
>>> [25/Mar/2010:13:23:35 -0400] - <= slapi_control_present 0 (NO CONTROLS)
>>> [25/Mar/2010:13:23:35 -0400] - => slapi_reslimit_get_integer_limit() conn=0xb01e7248, handle=3
>>> [25/Mar/2010:13:23:35 -0400] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
>>> [25/Mar/2010:13:23:35 -0400] - => slapi_reslimit_get_integer_limit() conn=0xb01e7188, handle=3
>>> [25/Mar/2010:13:23:35 -0400] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
>>> [25/Mar/2010:13:23:35 -0400] - => slapi_reslimit_get_integer_limit() conn=0xb01e7008, handle=3
>>> [25/Mar/2010:13:23:35 -0400] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
>>> [25/Mar/2010:13:23:35 -0400] - => slapi_reslimit_get_integer_limit() conn=0xb01e70c8, handle=3
>>> [25/Mar/2010:13:23:35 -0400] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
>>> [25/Mar/2010:13:23:35 -0400] - do_bind: version 3 method 0x80 dn cn=Directory Manager
>>> [25/Mar/2010:13:23:35 -0400] - => slapi_pw_find value: "password"
>>> [25/Mar/2010:13:23:35 -0400] - <= slapi_pw_find matched "cGFzc3dvcmQK" using scheme "SSHA"
>>> [25/Mar/2010:13:23:35 -0400] - => send_ldap_result 0::
>>> [25/Mar/2010:13:23:35 -0400] - <= send_ldap_result
>>> [25/Mar/2010:13:23:38 -0400] - ldbm backend flushing
>>> [25/Mar/2010:13:23:38 -0400] - ldbm backend done flushing
>>> [25/Mar/2010:13:23:38 -0400] - ldbm backend flushing
>>> [25/Mar/2010:13:23:38 -0400] - ldbm backend done flushing
>>> [25/Mar/2010:13:23:38 -0400] - ldbm backend flushing
>>> [25/Mar/2010:13:23:38 -0400] - ldbm backend done flushing
>>> [25/Mar/2010:13:23:48 -0400] - add_pb 
>>> [25/Mar/2010:13:23:48 -0400] - get_pb 
>>> [25/Mar/2010:13:23:48 -0400] - => slapi_reslimit_get_integer_limit() conn=0xb01e7188, handle=3
>>> [25/Mar/2010:13:23:48 -0400] - do_modify
>>> [25/Mar/2010:13:23:48 -0400] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
>>> [25/Mar/2010:13:23:48 -0400] - => get_ldapmessage_controls
>>> [25/Mar/2010:13:23:48 -0400] - => slapi_reslimit_get_integer_limit() conn=0xb01e7008, handle=3
>>> [25/Mar/2010:13:23:48 -0400] - <= get_ldapmessage_controls no controls
>>> [25/Mar/2010:13:23:48 -0400] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
>>> [25/Mar/2010:13:23:48 -0400] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=2
>>> [25/Mar/2010:13:23:48 -0400] - => slapi_reslimit_get_integer_limit() conn=0xb01e70c8, handle=3
>>> [25/Mar/2010:13:23:48 -0400] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
>>> [25/Mar/2010:13:23:48 -0400] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
>>> [25/Mar/2010:13:23:48 -0400] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=1
>>> [25/Mar/2010:13:23:48 -0400] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
>>> [25/Mar/2010:13:23:48 -0400] - => compute_limits: sizelimit=-1, timelimit=-1
>>> [25/Mar/2010:13:23:48 -0400] - Calling plugin 'ACL preoperation' #1 type 403
>>> [25/Mar/2010:13:23:48 -0400] - Calling plugin 'deref' #2 type 403
>>> [25/Mar/2010:13:23:48 -0400] deref-plugin - --> deref_pre_search
>>> [25/Mar/2010:13:23:48 -0400] deref-plugin - <-- deref_pre_op
>>> [25/Mar/2010:13:23:48 -0400] - Calling plugin 'Legacy replication preoperation plugin' #4 type 403
>>> [25/Mar/2010:13:23:48 -0400] - Calling plugin 'Multimaster replication preoperation plugin' #6 type 403
>>> [25/Mar/2010:13:23:48 -0400] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=0
>>> [25/Mar/2010:13:23:48 -0400] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
>>> [25/Mar/2010:13:23:48 -0400] - => find_entry_internal (dn=ldapauthcontrolcode=1234567,ou=usersbycontrolcode,o=mycompany) lock 0
>>> [25/Mar/2010:13:23:48 -0400] - => dn2entry "ldapauthcontrolcode=1234567,ou=usersbycontrolcode,o=mycompany"
>>> [25/Mar/2010:13:23:48 -0400] - <= dn2entry 9b6fd490
>>> [25/Mar/2010:13:23:48 -0400] - <= find_entry_internal_dn found (ldapauthcontrolcode=1234567,ou=usersbycontrolcode,o=mycompany)
>>> [25/Mar/2010:13:23:48 -0400] - candidate list has 1 ids
>>> [25/Mar/2010:13:23:48 -0400] id2entry - => id2entry(633364)
>>> [25/Mar/2010:13:23:48 -0400] id2entry - <= id2entry 9b6fd490, dn "ldapauthcontrolcode=1234567,ou=usersbycontrolcode,o=mycompany" (cache)
>>> [25/Mar/2010:13:23:48 -0400] - => send_ldap_search_entry (ldapAuthControlCode=1234567, ou=UsersByControlCode, o=mycompany)
>>> [25/Mar/2010:13:23:48 -0400] - Calling plugin 'deref' #2 type 410
>>> [25/Mar/2010:13:23:48 -0400] - Calling plugin 'Legacy replication preoperation plugin' #4 type 410
>>> [25/Mar/2010:13:23:48 -0400] - <= send_ldap_search_entry
>>> [25/Mar/2010:13:23:48 -0400] - => send_ldap_result 0::
>>> [25/Mar/2010:13:23:48 -0400] - <= send_ldap_result
>>> [25/Mar/2010:13:23:48 -0400] - modify_update_last_modified_attr
>>> [25/Mar/2010:13:23:48 -0400] - Calling plugin '7-bit check' #0 type 405
>>> [25/Mar/2010:13:23:48 -0400] - Calling plugin 'ACL preoperation' #1 type 405
>>> [25/Mar/2010:13:23:48 -0400] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.12)
>>> [25/Mar/2010:13:23:48 -0400] - <= slapi_control_present 0 (NO CONTROLS)
>>> [25/Mar/2010:13:23:48 -0400] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.18)
>>> [25/Mar/2010:13:23:48 -0400] - <= slapi_control_present 0 (NO CONTROLS)
>>> [25/Mar/2010:13:23:48 -0400] - Calling plugin 'Legacy replication preoperation plugin' #4 type 405
>>> [25/Mar/2010:13:23:48 -0400] - Calling plugin 'Linked Attributes' #5 type 405
>>> [25/Mar/2010:13:23:48 -0400] linkedattrs-plugin - --> linked_attrs_pre_op
>>> [25/Mar/2010:13:23:48 -0400] linkedattrs-plugin - --> linked_attrs_get_dn
>>> [25/Mar/2010:13:23:48 -0400] linkedattrs-plugin - <-- linked_attrs_get_dn
>>> [25/Mar/2010:13:23:48 -0400] linkedattrs-plugin - --> linked_attrs_dn_is_config
>>> [25/Mar/2010:13:23:48 -0400] linkedattrs-plugin - <-- linked_attrs_dn_is_config
>>> [25/Mar/2010:13:23:48 -0400] linkedattrs-plugin - <-- linked_attrs_pre_op
>>> [25/Mar/2010:13:23:48 -0400] - Calling plugin 'Multimaster replication preoperation plugin' #6 type 405
>>> [25/Mar/2010:13:23:48 -0400] - => find_entry_internal (dn=ldapauthcontrolcode=1234567,ou=usersbycontrolcode,o=mycompany) lock 1
>>> [25/Mar/2010:13:23:48 -0400] - => dn2entry "ldapauthcontrolcode=1234567,ou=usersbycontrolcode,o=mycompany"
>>> [25/Mar/2010:13:23:48 -0400] - <= dn2entry 9b6fd490
>>> [25/Mar/2010:13:23:48 -0400] - <= find_entry_internal_dn found (ldapauthcontrolcode=1234567,ou=usersbycontrolcode,o=mycompany)
>>> [25/Mar/2010:13:23:48 -0400] - Calling plugin 'Multimaster replication bepreoperation plugin' #0 type 451
>>> [25/Mar/2010:13:23:48 -0400] - => entry_apply_mods_wsi
>>> [25/Mar/2010:13:23:48 -0400] - <= entry_apply_mods_wsi 0
>>> [25/Mar/2010:13:23:48 -0400] - => send_ldap_result 21::ldapAuthSieve: value #0 invalid per syntax
>>>
>>> [25/Mar/2010:13:23:48 -0400] - <= send_ldap_result
>>> [25/Mar/2010:13:23:48 -0400] - Calling plugin 'Retrocl postoperation plugin' #0 type 505
>>> [25/Mar/2010:13:23:48 -0400] - Calling plugin 'Class of Service postoperation plugin' #1 type 505
>>> [25/Mar/2010:13:23:48 -0400] - --> cos_post_op
>>> [25/Mar/2010:13:23:48 -0400] - --> cos_cache_change_notify
>>> [25/Mar/2010:13:23:48 -0400] - <-- cos_cache_change_notify
>>> [25/Mar/2010:13:23:48 -0400] - <-- cos_post_op
>>> [25/Mar/2010:13:23:48 -0400] - Calling plugin 'Distributed Numeric Assignment postop plugin' #2 type 505
>>> [25/Mar/2010:13:23:48 -0400] dna-plugin - --> dna_config_check_post_op
>>> [25/Mar/2010:13:23:48 -0400] dna-plugin - --> dna_get_dn
>>> [25/Mar/2010:13:23:48 -0400] dna-plugin - <-- dna_get_dn
>>> [25/Mar/2010:13:23:48 -0400] dna-plugin - --> dna_is_config
>>> [25/Mar/2010:13:23:48 -0400] dna-plugin - <-- dna_is_config
>>> [25/Mar/2010:13:23:48 -0400] dna-plugin - <-- dna_config_check_post_op
>>> [25/Mar/2010:13:23:48 -0400] - Calling plugin 'Legacy replication postoperation plugin' #3 type 505
>>> [25/Mar/2010:13:23:48 -0400] - Calling plugin 'Linked Attributes postop plugin' #4 type 505
>>> [25/Mar/2010:13:23:48 -0400] linkedattrs-plugin - --> linked_attrs_mod_post_op
>>> [25/Mar/2010:13:23:48 -0400] linkedattrs-plugin - --> linked_attrs_oktodo
>>> [25/Mar/2010:13:23:48 -0400] linkedattrs-plugin - <-- linked_attrs_oktodo
>>> [25/Mar/2010:13:23:48 -0400] linkedattrs-plugin - <-- linked_attrs_mod_post_op
>>> [25/Mar/2010:13:23:48 -0400] - Calling plugin 'Multimaster replication postoperation plugin' #5 type 505
>>> [25/Mar/2010:13:23:48 -0400] - Calling plugin 'Roles postoperation plugin' #6 type 505
>>> [25/Mar/2010:13:23:48 -0400] - Calling plugin 'State Change Plugin' #7 type 505
>>> [25/Mar/2010:13:23:48 -0400] statechange-plugin - --> statechange_post_op
>>> [25/Mar/2010:13:23:48 -0400] statechange-plugin - <-- statechange_post_op
>>> [25/Mar/2010:13:23:48 -0400] - do_unbind
>>> [25/Mar/2010:13:23:48 -0400] - => get_ldapmessage_controls
>>> [25/Mar/2010:13:23:48 -0400] - <= get_ldapmessage_controls no controls
>>> [25/Mar/2010:13:23:48 -0400] - defbackend_noop
>>> [25/Mar/2010:13:23:48 -0400] - => slapi_reslimit_get_integer_limit() conn=0xb01e7188, handle=3
>>> [25/Mar/2010:13:23:48 -0400] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
>>> [25/Mar/2010:13:23:48 -0400] - => slapi_reslimit_get_integer_limit() conn=0xb01e7008, handle=3
>>> [25/Mar/2010:13:23:48 -0400] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
>>> [25/Mar/2010:13:23:48 -0400] - => slapi_reslimit_get_integer_limit() conn=0xb01e70c8, handle=3
>>> [25/Mar/2010:13:23:48 -0400] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
>>> [25/Mar/2010:13:23:48 -0400] - => reslimit_update_from_entry() conn=0xb01e7248, entry=0x0
>>> [25/Mar/2010:13:23:48 -0400] - reslimit_update_from_entry(): setting limit for handle 0 (based on nsLookThroughLimit)
>>> [25/Mar/2010:13:23:48 -0400] - reslimit_update_from_entry(): setting limit for handle 1 (based on nsSizeLimit)
>>> [25/Mar/2010:13:23:48 -0400] - reslimit_update_from_entry(): setting limit for handle 2 (based on nsTimeLimit)
>>> [25/Mar/2010:13:23:48 -0400] - reslimit_update_from_entry(): setting limit for handle 3 (based on nsIdleTimeout)
>>> [25/Mar/2010:13:23:48 -0400] - <= reslimit_update_from_entry() returning status 0
>>> --
>>> 389 users mailing list
>>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>   
>>>       
>> --
>> 389 users mailing list
>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>     
> --
> 389 users mailing list
> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>   

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux