Re: [389-users] stuck on a single entry

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Mar 25, 2010 at 02:04:57PM -0600, Rich Megginson wrote:
> Christopher Wood wrote:
> > On Thu, Mar 25, 2010 at 11:59:31AM -0600, Rich Megginson wrote:
> >   
> >> Christopher Wood wrote:
> >>     
> >>> I'm having another issue that I'm not making headway on. This time, I can't import a single value into one attribute in my directory. The attribute in question is a DirectoryString . (Previously it was an IA5String and I had issues with many values, but I changed it to DirectoryString and now only this entry is giving me trouble.)
> >>>
> >>>
> >>> Question:
> >>>
> >>> What troubleshooting steps can I use to identify the portion of the user-supplied string that is causing the "value #0 invalid per syntax" error?
> >>>
> >>>
> >>> Here's the error I get from ldapmodify:
> >>>
> >>> modifying entry "ldapAuthControlCode=1234567, ou=UsersByControlCode, o=mycompany"
> >>> ldap_modify: Invalid syntax (21)
> >>>         additional info: ldapAuthSieve: value #0 invalid per syntax
> >>>
> >>>
> >>> Here's the schema for ldapAuthSieve from /opt/dirsrv/etc/dirsrv/slapd-cwlab-02/schema/99user.ldif:
> >>>
> >>> attributeTypes: ( 1.3.6.1.4.1.2805.1.1.1.1.36 NAME 'ldapAuthSieve' DESC 'The v
> >>>  acation message subject line' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VA
> >>>  LUE X-ORIGIN 'user defined' )
> >>>
> >>>
> >>> Points:
> >>>
> >>> The value I'm having trouble with is base64 encoded.
> >>>
> >>> The text inside the base64 encoding is bilingual English/French. It at least displays fine in my xterm.
> >>>   
> >>>       
> >> value #0 invalid per syntax with DirectoryString syntax values usually 
> >> means the value is not a valid utf-8 encoded string.
> >>     
> >>> I can ldapmodify this attribute in this entry with other base64-encoded strings.
> >>>   
> >>>       
> >> Can you give an example of an LDIF that works with ldapmodify and one 
> >> that fails with ldapmodify?
> >>     
> >
> > I've narrowed it down to three characters (àôç), where if I include those in my base64 encoded string I get "#0 invalid per syntax". If I use each individually as the only value in my base64-encoded string, I get the same error.
> >   
> Right.  They are not utf-8 encoded, probably latin-1.
> python
>  >>> foo = 'àôç'
>  >>> foo
> '\xc3\xa0\xc3\xb4\xc3\xa7'
>  >>> bar = u'àôç'
>  >>> bar
> u'\xe0\xf4\xe7'

Yes, they're Latin-1. Thank you, that's my lightbulb-goes-off moment. Turns out that in another way this is another NDS6.2-doesn't-check-syntax moment too.
 
> > By contrast, if I use [A-Za-z0-9] characters only (base64-encoded) in my value then the ldap value is modified without any difficulties. I haven't tested with every single other character, so there may be more that cause this error.
> >   
> The 7-bit ascii character set is essentially utf-8, so 7-bit ascii 
> characters always validate as valid utf-8 characters.
> > I'm a bit confused as to why this happens. I thought the point of base64-encoding was that we could stuff arbitrary strings in?
> No, you can't get around syntax validation by base64 encoding.
> 
> However, many LDAP clients are capable of converting latin-1 characters 
> to utf-8.  It could be that because it is base64 encoded, your LDAP 
> client cannot automatically convert the values to utf-8.
> >  Or does the fact that they're not UTF8 affect the encoding?
> >   
> Yes.
> > Is there a way to ensure that these values will be translated to an appropriate encoding in the initialization and replication process?
> >   
> You have to convert them to utf-8 before storing in LDAP.  Once in LDAP, 
> LDAP will just pass around the values as utf-8.  It is up to the clients 
> to convert the utf-8 to something "human readable".
> >   
> >>> I can ldapmodify this attribute in this entry with a much longer base64-encoded string, so I'm fairly sure I haven't hit a limit on the number of characters.
> >>>   
> >>>       
> >> I don't think it is a limit on the number of characters that is causing 
> >> the problem.
> >>     
> >>> Error log output with debug level of 1 when I was running ldapmodify:
> >>>
> >>>
> >>> [25/Mar/2010:13:23:04 -0400] - reslimit_update_from_entry(): setting limit for handle 1 (based on nsSizeLimit)
> >>> [25/Mar/2010:13:23:04 -0400] - reslimit_update_from_entry(): setting limit for handle 2 (based on nsTimeLimit)
> >>> [25/Mar/2010:13:23:04 -0400] - reslimit_update_from_entry(): setting limit for handle 3 (based on nsIdleTimeout)
> >>> [25/Mar/2010:13:23:04 -0400] - <= reslimit_update_from_entry() returning status 0
> >>> [25/Mar/2010:13:23:08 -0400] - ldbm backend flushing
> >>> [25/Mar/2010:13:23:08 -0400] - ldbm backend done flushing
> >>> [25/Mar/2010:13:23:08 -0400] - ldbm backend flushing
> >>> [25/Mar/2010:13:23:08 -0400] - ldbm backend done flushing
> >>> [25/Mar/2010:13:23:08 -0400] - ldbm backend flushing
> >>> [25/Mar/2010:13:23:08 -0400] - ldbm backend done flushing
> >>> [25/Mar/2010:13:23:35 -0400] - => ids_sasl_server_new (cwlab-02.pvt.primus.ca)
> >>> [25/Mar/2010:13:23:35 -0400] - ids_sasl_getopt: plugin= option=log_level
> >>> [25/Mar/2010:13:23:35 -0400] - ids_sasl_getopt: plugin= option=auto_transition
> >>> [25/Mar/2010:13:23:35 -0400] - <= ids_sasl_server_new
> >>> [25/Mar/2010:13:23:35 -0400] - => slapi_reslimit_get_integer_limit() conn=0xb01e7248, handle=3
> >>> [25/Mar/2010:13:23:35 -0400] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
> >>> [25/Mar/2010:13:23:35 -0400] - => slapi_reslimit_get_integer_limit() conn=0xb01e7188, handle=3
> >>> [25/Mar/2010:13:23:35 -0400] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
> >>> [25/Mar/2010:13:23:35 -0400] - => slapi_reslimit_get_integer_limit() conn=0xb01e7008, handle=3
> >>> [25/Mar/2010:13:23:35 -0400] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
> >>> [25/Mar/2010:13:23:35 -0400] - => slapi_reslimit_get_integer_limit() conn=0xb01e70c8, handle=3
> >>> [25/Mar/2010:13:23:35 -0400] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
> >>> [25/Mar/2010:13:23:35 -0400] - add_pb 
> >>> [25/Mar/2010:13:23:35 -0400] - => slapi_reslimit_get_integer_limit() conn=0xb01e7188, handle=3
> >>> [25/Mar/2010:13:23:35 -0400] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
> >>> [25/Mar/2010:13:23:35 -0400] - => slapi_reslimit_get_integer_limit() conn=0xb01e7008, handle=3
> >>> [25/Mar/2010:13:23:35 -0400] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
> >>> [25/Mar/2010:13:23:35 -0400] - => slapi_reslimit_get_integer_limit() conn=0xb01e70c8, handle=3
> >>> [25/Mar/2010:13:23:35 -0400] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
> >>> [25/Mar/2010:13:23:35 -0400] - get_pb 
> >>> [25/Mar/2010:13:23:35 -0400] - do_bind
> >>> [25/Mar/2010:13:23:35 -0400] - BIND dn="cn=Directory Manager" method=128 version=3
> >>> [25/Mar/2010:13:23:35 -0400] - => get_ldapmessage_controls
> >>> [25/Mar/2010:13:23:35 -0400] - <= get_ldapmessage_controls no controls
> >>> [25/Mar/2010:13:23:35 -0400] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.16)
> >>> [25/Mar/2010:13:23:35 -0400] - <= slapi_control_present 0 (NO CONTROLS)
> >>> [25/Mar/2010:13:23:35 -0400] - => slapi_reslimit_get_integer_limit() conn=0xb01e7248, handle=3
> >>> [25/Mar/2010:13:23:35 -0400] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
> >>> [25/Mar/2010:13:23:35 -0400] - => slapi_reslimit_get_integer_limit() conn=0xb01e7188, handle=3
> >>> [25/Mar/2010:13:23:35 -0400] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
> >>> [25/Mar/2010:13:23:35 -0400] - => slapi_reslimit_get_integer_limit() conn=0xb01e7008, handle=3
> >>> [25/Mar/2010:13:23:35 -0400] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
> >>> [25/Mar/2010:13:23:35 -0400] - => slapi_reslimit_get_integer_limit() conn=0xb01e70c8, handle=3
> >>> [25/Mar/2010:13:23:35 -0400] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
> >>> [25/Mar/2010:13:23:35 -0400] - do_bind: version 3 method 0x80 dn cn=Directory Manager
> >>> [25/Mar/2010:13:23:35 -0400] - => slapi_pw_find value: "password"
> >>> [25/Mar/2010:13:23:35 -0400] - <= slapi_pw_find matched "cGFzc3dvcmQK" using scheme "SSHA"
> >>> [25/Mar/2010:13:23:35 -0400] - => send_ldap_result 0::
> >>> [25/Mar/2010:13:23:35 -0400] - <= send_ldap_result
> >>> [25/Mar/2010:13:23:38 -0400] - ldbm backend flushing
> >>> [25/Mar/2010:13:23:38 -0400] - ldbm backend done flushing
> >>> [25/Mar/2010:13:23:38 -0400] - ldbm backend flushing
> >>> [25/Mar/2010:13:23:38 -0400] - ldbm backend done flushing
> >>> [25/Mar/2010:13:23:38 -0400] - ldbm backend flushing
> >>> [25/Mar/2010:13:23:38 -0400] - ldbm backend done flushing
> >>> [25/Mar/2010:13:23:48 -0400] - add_pb 
> >>> [25/Mar/2010:13:23:48 -0400] - get_pb 
> >>> [25/Mar/2010:13:23:48 -0400] - => slapi_reslimit_get_integer_limit() conn=0xb01e7188, handle=3
> >>> [25/Mar/2010:13:23:48 -0400] - do_modify
> >>> [25/Mar/2010:13:23:48 -0400] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
> >>> [25/Mar/2010:13:23:48 -0400] - => get_ldapmessage_controls
> >>> [25/Mar/2010:13:23:48 -0400] - => slapi_reslimit_get_integer_limit() conn=0xb01e7008, handle=3
> >>> [25/Mar/2010:13:23:48 -0400] - <= get_ldapmessage_controls no controls
> >>> [25/Mar/2010:13:23:48 -0400] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
> >>> [25/Mar/2010:13:23:48 -0400] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=2
> >>> [25/Mar/2010:13:23:48 -0400] - => slapi_reslimit_get_integer_limit() conn=0xb01e70c8, handle=3
> >>> [25/Mar/2010:13:23:48 -0400] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
> >>> [25/Mar/2010:13:23:48 -0400] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
> >>> [25/Mar/2010:13:23:48 -0400] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=1
> >>> [25/Mar/2010:13:23:48 -0400] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
> >>> [25/Mar/2010:13:23:48 -0400] - => compute_limits: sizelimit=-1, timelimit=-1
> >>> [25/Mar/2010:13:23:48 -0400] - Calling plugin 'ACL preoperation' #1 type 403
> >>> [25/Mar/2010:13:23:48 -0400] - Calling plugin 'deref' #2 type 403
> >>> [25/Mar/2010:13:23:48 -0400] deref-plugin - --> deref_pre_search
> >>> [25/Mar/2010:13:23:48 -0400] deref-plugin - <-- deref_pre_op
> >>> [25/Mar/2010:13:23:48 -0400] - Calling plugin 'Legacy replication preoperation plugin' #4 type 403
> >>> [25/Mar/2010:13:23:48 -0400] - Calling plugin 'Multimaster replication preoperation plugin' #6 type 403
> >>> [25/Mar/2010:13:23:48 -0400] - => slapi_reslimit_get_integer_limit() conn=0x0, handle=0
> >>> [25/Mar/2010:13:23:48 -0400] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
> >>> [25/Mar/2010:13:23:48 -0400] - => find_entry_internal (dn=ldapauthcontrolcode=1234567,ou=usersbycontrolcode,o=mycompany) lock 0
> >>> [25/Mar/2010:13:23:48 -0400] - => dn2entry "ldapauthcontrolcode=1234567,ou=usersbycontrolcode,o=mycompany"
> >>> [25/Mar/2010:13:23:48 -0400] - <= dn2entry 9b6fd490
> >>> [25/Mar/2010:13:23:48 -0400] - <= find_entry_internal_dn found (ldapauthcontrolcode=1234567,ou=usersbycontrolcode,o=mycompany)
> >>> [25/Mar/2010:13:23:48 -0400] - candidate list has 1 ids
> >>> [25/Mar/2010:13:23:48 -0400] id2entry - => id2entry(633364)
> >>> [25/Mar/2010:13:23:48 -0400] id2entry - <= id2entry 9b6fd490, dn "ldapauthcontrolcode=1234567,ou=usersbycontrolcode,o=mycompany" (cache)
> >>> [25/Mar/2010:13:23:48 -0400] - => send_ldap_search_entry (ldapAuthControlCode=1234567, ou=UsersByControlCode, o=mycompany)
> >>> [25/Mar/2010:13:23:48 -0400] - Calling plugin 'deref' #2 type 410
> >>> [25/Mar/2010:13:23:48 -0400] - Calling plugin 'Legacy replication preoperation plugin' #4 type 410
> >>> [25/Mar/2010:13:23:48 -0400] - <= send_ldap_search_entry
> >>> [25/Mar/2010:13:23:48 -0400] - => send_ldap_result 0::
> >>> [25/Mar/2010:13:23:48 -0400] - <= send_ldap_result
> >>> [25/Mar/2010:13:23:48 -0400] - modify_update_last_modified_attr
> >>> [25/Mar/2010:13:23:48 -0400] - Calling plugin '7-bit check' #0 type 405
> >>> [25/Mar/2010:13:23:48 -0400] - Calling plugin 'ACL preoperation' #1 type 405
> >>> [25/Mar/2010:13:23:48 -0400] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.12)
> >>> [25/Mar/2010:13:23:48 -0400] - <= slapi_control_present 0 (NO CONTROLS)
> >>> [25/Mar/2010:13:23:48 -0400] - => slapi_control_present (looking for 2.16.840.1.113730.3.4.18)
> >>> [25/Mar/2010:13:23:48 -0400] - <= slapi_control_present 0 (NO CONTROLS)
> >>> [25/Mar/2010:13:23:48 -0400] - Calling plugin 'Legacy replication preoperation plugin' #4 type 405
> >>> [25/Mar/2010:13:23:48 -0400] - Calling plugin 'Linked Attributes' #5 type 405
> >>> [25/Mar/2010:13:23:48 -0400] linkedattrs-plugin - --> linked_attrs_pre_op
> >>> [25/Mar/2010:13:23:48 -0400] linkedattrs-plugin - --> linked_attrs_get_dn
> >>> [25/Mar/2010:13:23:48 -0400] linkedattrs-plugin - <-- linked_attrs_get_dn
> >>> [25/Mar/2010:13:23:48 -0400] linkedattrs-plugin - --> linked_attrs_dn_is_config
> >>> [25/Mar/2010:13:23:48 -0400] linkedattrs-plugin - <-- linked_attrs_dn_is_config
> >>> [25/Mar/2010:13:23:48 -0400] linkedattrs-plugin - <-- linked_attrs_pre_op
> >>> [25/Mar/2010:13:23:48 -0400] - Calling plugin 'Multimaster replication preoperation plugin' #6 type 405
> >>> [25/Mar/2010:13:23:48 -0400] - => find_entry_internal (dn=ldapauthcontrolcode=1234567,ou=usersbycontrolcode,o=mycompany) lock 1
> >>> [25/Mar/2010:13:23:48 -0400] - => dn2entry "ldapauthcontrolcode=1234567,ou=usersbycontrolcode,o=mycompany"
> >>> [25/Mar/2010:13:23:48 -0400] - <= dn2entry 9b6fd490
> >>> [25/Mar/2010:13:23:48 -0400] - <= find_entry_internal_dn found (ldapauthcontrolcode=1234567,ou=usersbycontrolcode,o=mycompany)
> >>> [25/Mar/2010:13:23:48 -0400] - Calling plugin 'Multimaster replication bepreoperation plugin' #0 type 451
> >>> [25/Mar/2010:13:23:48 -0400] - => entry_apply_mods_wsi
> >>> [25/Mar/2010:13:23:48 -0400] - <= entry_apply_mods_wsi 0
> >>> [25/Mar/2010:13:23:48 -0400] - => send_ldap_result 21::ldapAuthSieve: value #0 invalid per syntax
> >>>
> >>> [25/Mar/2010:13:23:48 -0400] - <= send_ldap_result
> >>> [25/Mar/2010:13:23:48 -0400] - Calling plugin 'Retrocl postoperation plugin' #0 type 505
> >>> [25/Mar/2010:13:23:48 -0400] - Calling plugin 'Class of Service postoperation plugin' #1 type 505
> >>> [25/Mar/2010:13:23:48 -0400] - --> cos_post_op
> >>> [25/Mar/2010:13:23:48 -0400] - --> cos_cache_change_notify
> >>> [25/Mar/2010:13:23:48 -0400] - <-- cos_cache_change_notify
> >>> [25/Mar/2010:13:23:48 -0400] - <-- cos_post_op
> >>> [25/Mar/2010:13:23:48 -0400] - Calling plugin 'Distributed Numeric Assignment postop plugin' #2 type 505
> >>> [25/Mar/2010:13:23:48 -0400] dna-plugin - --> dna_config_check_post_op
> >>> [25/Mar/2010:13:23:48 -0400] dna-plugin - --> dna_get_dn
> >>> [25/Mar/2010:13:23:48 -0400] dna-plugin - <-- dna_get_dn
> >>> [25/Mar/2010:13:23:48 -0400] dna-plugin - --> dna_is_config
> >>> [25/Mar/2010:13:23:48 -0400] dna-plugin - <-- dna_is_config
> >>> [25/Mar/2010:13:23:48 -0400] dna-plugin - <-- dna_config_check_post_op
> >>> [25/Mar/2010:13:23:48 -0400] - Calling plugin 'Legacy replication postoperation plugin' #3 type 505
> >>> [25/Mar/2010:13:23:48 -0400] - Calling plugin 'Linked Attributes postop plugin' #4 type 505
> >>> [25/Mar/2010:13:23:48 -0400] linkedattrs-plugin - --> linked_attrs_mod_post_op
> >>> [25/Mar/2010:13:23:48 -0400] linkedattrs-plugin - --> linked_attrs_oktodo
> >>> [25/Mar/2010:13:23:48 -0400] linkedattrs-plugin - <-- linked_attrs_oktodo
> >>> [25/Mar/2010:13:23:48 -0400] linkedattrs-plugin - <-- linked_attrs_mod_post_op
> >>> [25/Mar/2010:13:23:48 -0400] - Calling plugin 'Multimaster replication postoperation plugin' #5 type 505
> >>> [25/Mar/2010:13:23:48 -0400] - Calling plugin 'Roles postoperation plugin' #6 type 505
> >>> [25/Mar/2010:13:23:48 -0400] - Calling plugin 'State Change Plugin' #7 type 505
> >>> [25/Mar/2010:13:23:48 -0400] statechange-plugin - --> statechange_post_op
> >>> [25/Mar/2010:13:23:48 -0400] statechange-plugin - <-- statechange_post_op
> >>> [25/Mar/2010:13:23:48 -0400] - do_unbind
> >>> [25/Mar/2010:13:23:48 -0400] - => get_ldapmessage_controls
> >>> [25/Mar/2010:13:23:48 -0400] - <= get_ldapmessage_controls no controls
> >>> [25/Mar/2010:13:23:48 -0400] - defbackend_noop
> >>> [25/Mar/2010:13:23:48 -0400] - => slapi_reslimit_get_integer_limit() conn=0xb01e7188, handle=3
> >>> [25/Mar/2010:13:23:48 -0400] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
> >>> [25/Mar/2010:13:23:48 -0400] - => slapi_reslimit_get_integer_limit() conn=0xb01e7008, handle=3
> >>> [25/Mar/2010:13:23:48 -0400] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
> >>> [25/Mar/2010:13:23:48 -0400] - => slapi_reslimit_get_integer_limit() conn=0xb01e70c8, handle=3
> >>> [25/Mar/2010:13:23:48 -0400] - <= slapi_reslimit_get_integer_limit() returning NO VALUE
> >>> [25/Mar/2010:13:23:48 -0400] - => reslimit_update_from_entry() conn=0xb01e7248, entry=0x0
> >>> [25/Mar/2010:13:23:48 -0400] - reslimit_update_from_entry(): setting limit for handle 0 (based on nsLookThroughLimit)
> >>> [25/Mar/2010:13:23:48 -0400] - reslimit_update_from_entry(): setting limit for handle 1 (based on nsSizeLimit)
> >>> [25/Mar/2010:13:23:48 -0400] - reslimit_update_from_entry(): setting limit for handle 2 (based on nsTimeLimit)
> >>> [25/Mar/2010:13:23:48 -0400] - reslimit_update_from_entry(): setting limit for handle 3 (based on nsIdleTimeout)
> >>> [25/Mar/2010:13:23:48 -0400] - <= reslimit_update_from_entry() returning status 0
> >>> --
> >>> 389 users mailing list
> >>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> >>> https://admin.fedoraproject.org/mailman/listinfo/389-users
> >>>   
> >>>       
> >> --
> >> 389 users mailing list
> >> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> >> https://admin.fedoraproject.org/mailman/listinfo/389-users
> >>     
> > --
> > 389 users mailing list
> > 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
> >   
> 
> --
> 389 users mailing list
> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux