this search return no entries. ldapsearch -x -D "uid=User01,cn=users,dc=XXX,dc=XXX" -w XXX -s base -b "uid=user01,cn=users,dc=XXX,dc=XXX" ldap_bind: No such object (32) matched DN: cn=users,dc=XXX,dc=XXX
but this return one entry ldapsearch -x -D "uid=user01,cn=users,dc=XXX,dc=XXX" -w XXX -s base -b "uid=user01,cn=users,dc=XXX,dc=XXX" ...
error log ... [13/Oct/2015:12:42:49 +0200] - => send_ldap_search_entry (uid=user01,cn=users,dc=XXX,dc=XXX) ... [13/Oct/2015:12:42:49 +0200] - mapping tree release backend : backend-users-2 ... [13/Oct/2015:12:42:49 +0200] - => find_entry_internal (dn=uid=User01,cn=users,dc=XXX,dc=XXX) lock 0 [13/Oct/2015:12:42:49 +0200] - => dn2entry_ext "uid=User01,cn=users,dc=XXX,dc=XXX" ... [13/Oct/2015:12:42:49 +0200] - => dn2ancestor "uid=User01,cn=users,dc=XXX,dc=XXX" [13/Oct/2015:12:42:49 +0200] - <= dn2ancestor 0 [13/Oct/2015:12:42:49 +0200] - => send_ldap_result 32:cn=users,dc=XXX,dc=XXX: [13/Oct/2015:12:42:49 +0200] - flush_ber() wrote 37 bytes to socket 317 [13/Oct/2015:12:42:49 +0200] - <= send_ldap_result [13/Oct/2015:12:42:49 +0200] - <= find_entry_internal_dn not found (uid=User01,cn=users,dc=XXX,dc=XXX)
I cannot reproduce the problem.
$ ldapsearch -LLLx -D 'uid=tuser0,ou=people,dc=example,dc=com' -w tuser00 -b "uid=tuser0,ou=people,dc=example,dc=com" dn dn: uid=tuser0,ou=People,dc=example,dc=com
$ ldapsearch -LLLx -D 'uid=TuSeR0,ou=people,dc=example,dc=com' -w tuser00 -b "uid=tuser0,ou=people,dc=example,dc=com" dn dn: uid=tuser0,ou=People,dc=example,dc=com
What version of 389-ds-base you are running? $ rpm -q 389-ds-base
What does this return? $ ldapsearch -LLLx -D 'cn=directory manager' -W -b "cn=schema" -o "ldif-wrap=no" attributetypes | egrep "\<uid>"
Check the DB - perhaps it makes a difference with what case the uid or unnormalized DN value was stored in the id2entry, entryrdn, or uid indexes.
dn: uid=tuser01,cn=users,dc=XXX,dc=XXX
ldap_bind: No such object (32) matched DN: cn=users,dc=XXX,dc=XXX
389-ds-base-1.3.3.1-20.el7_1.x86_64
Enter LDAP Password: attributetypes: ( 1.3.6.1.4.1.6981.11.3.9 NAME 'FTPgid' DESC 'System uid (overrides gidNumber if present)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' ) attributetypes: ( 1.3.6.1.4.1.6981.11.3.8 NAME 'FTPuid' DESC 'System uid (overrides uidNumber if present)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' ) attributetypes: ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' ) EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4519' X-DEPRECATED 'userid' )
dn: cn=cn\3Dusers\2Cdc\3DXXX\2Cdc\3DXXX,cn=mapping tree,cn=config objectClass: top objectClass: extensibleObject objectClass: nsMappingTree cn: cn=users,dc=XXX,dc=XXX cn: "cn=users,dc=XXXX,dc=XXX" nsslapd-state: backend nsslapd-parent-suffix: dc=XXX,dc=XXX nsslapd-backend: XXX-users-20 nsslapd-backend: XXX-users-1 nsslapd-backend: XXX-users-2 nsslapd-backend: XXX-users-3 nsslapd-backend: XXX-users-4 nsslapd-backend: XXX-users-5 nsslapd-backend: XXX-users-6 nsslapd-backend: XXX-users-7 nsslapd-backend: XXX-users-8 nsslapd-backend: XXX-users-9 nsslapd-backend: XXX-users-10 nsslapd-backend: XXX-users-11 nsslapd-backend: XXX-users-12 nsslapd-backend: XXX-users-13 nsslapd-backend: XXX-users-14 nsslapd-backend: XXX-users-15 nsslapd-backend: XXX-users-16 nsslapd-backend: XXX-users-17 nsslapd-backend: XXX-users-18 nsslapd-backend: XXX-users-19 nsslapd-distribution-plugin: /usr/lib64/dirsrv/plugins/libdistrib-plugin.so nsslapd-distribution-funct: hash_distribution
how can I check the 20 DBs?
Ah! You are using entry distribution. That explains it. The problem is that the hash_distribution function does not normalize the value first. Neither does the alpha_distribution function.
After retrieving the type and value from the RDN, the functions should normalize the value based on the syntax and matching rule of the type, and do the hash or alpha distribution based that normalized value. The alpha might not need it as it already does case insensitive comparisons, but it should be changed to be consistent.
Replying to [comment:4 rmeggins]:
Ah! You are using entry distribution. That explains it. The problem is that the hash_distribution function does not normalize the value first. Neither does the alpha_distribution function. After retrieving the type and value from the RDN, the functions should normalize the value based on the syntax and matching rule of the type, and do the hash or alpha distribution based that normalized value. The alpha might not need it as it already does case insensitive comparisons, but it should be changed to be consistent.
Thanks Rich, so, it is a bug in the entry distribution plug-in?
Replying to [comment:5 nhosoi]:
Replying to [comment:4 rmeggins]: Ah! You are using entry distribution. That explains it. The problem is that the hash_distribution function does not normalize the value first. Neither does the alpha_distribution function. After retrieving the type and value from the RDN, the functions should normalize the value based on the syntax and matching rule of the type, and do the hash or alpha distribution based that normalized value. The alpha might not need it as it already does case insensitive comparisons, but it should be changed to be consistent. Thanks Rich, so, it is a bug in the entry distribution plug-in?
Yes.
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1274420
Per triage, push the target milestone to 1.3.6.
Per triage meeting, set to FUTURE.
Metadata Update from @nhosoi: - Issue set to the milestone: FUTURE
Finally, we have create a patch to solve this issue, patch included in comment.
We hope we can have it available soon in CentOS 7 rpm <img alt="00XX-Ticket-48310-entry-distribution-functions-should-use-normalized-values.patch" src="/389-ds-base/issue/raw/files/6ef7337d81a6d598dfbff5be4785f59fcb4d06823a017ad3b161998a0fbab545-00XX-Ticket-48310-entry-distribution-functions-should-use-normalized-values.patch" />
Metadata Update from @jmoral: - Issue close_status updated to: None
Metadata Update from @firstyear: - Issue assigned to firstyear
@nhosoi @mreynolds I don't know entry distribution very well, but this patch seems sound to me. Do you mind having a look also.
Do you think it's worth writing a lib389 test for this case also?
Metadata Update from @firstyear: - Custom field reviewstatus adjusted to new
Metadata Update from @firstyear: - Custom field reviewstatus adjusted to review (was: new)
Looks good to me, I don't think we need CI testing yet.
Metadata Update from @mreynolds: - Custom field reviewstatus adjusted to ack (was: review)
Metadata Update from @mreynolds: - Issue set to the milestone: 1.3.7.0 (was: FUTURE)
commit 29486e0 To ssh://git@pagure.io/389-ds-base.git cf4ed63..29486e0 master -> master
Thanks for this @jmoral : I'm sorry it took so long to resolve.
Metadata Update from @firstyear: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/1641
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: fixed)
Log in to comment on this ticket.