freeipa

Clone
Source Code
GIT

#2555 DS Migration :: Internal Server Error specifying invalid RDN for container
Closed: Fixed None Opened 12 years ago by mkosek.

Closed: Fixed
Reopen Issue

https://bugzilla.redhat.com/show_bug.cgi?id=804807 (Red Hat Enterprise Linux 6)

Description of problem:

Specifying a basedn starting at sublevel ou

ipa migrate-ds --user-container="BostonUsers"
--base-dn="ou=People,dc=example,dc=com" --with-compat
ldap://dhcp-187-227.bos.redhat.com:389
ipa: ERROR: cannot connect to u'http://dhcp-186-147.testrelm.com/ipa/xml':
Internal Server Error

Attempting a migration for users in a sub OU of ou=People

httpd error log:

[Mon Mar 19 15:50:48 2012] [error] ipa: INFO: admin@TESTRELM.COM:
migrate_ds(u'ldap://dhcp-187-227.bos.redhat.com:389', u'********',
binddn=u'cn=directory manager', usercontainer=u'ou=people',
groupcontainer=u'ou=groups', userobjectclass=(u'person',),
groupobjectclass=(u'groupOfUniqueNames', u'groupOfNames'),
userignoreobjectclass=None, userignoreattribute=None,
groupignoreobjectclass=None, groupignoreattribute=None,
groupoverwritegid=False, schema=u'RFC2307bis', continue=False,
basedn=u'ou=People,dc=example,dc=com', compat=True, exclude_groups=None,
exclude_users=None): NotFound
[Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147] mod_wsgi (pid=10480):
Exception occurred processing WSGI script '/usr/share/ipa/wsgi.py'.
[Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147] Traceback (most
recent call last):
[Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147]   File
"/usr/share/ipa/wsgi.py", line 49, in application
[Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147]     return
api.Backend.wsgi_dispatch(environ, start_response)
[Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147]   File
"/usr/lib/python2.6/site-packages/ipaserver/rpcserver.py", line 229, in
__call__
[Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147]     return
self.route(environ, start_response)
[Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147]   File
"/usr/lib/python2.6/site-packages/ipaserver/rpcserver.py", line 241, in route
[Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147]     return
app(environ, start_response)
[Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147]   File
"/usr/lib/python2.6/site-packages/ipaserver/rpcserver.py", line 411, in
__call__
[Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147]     response =
super(xmlserver, self).__call__(environ, start_response)
[Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147]   File
"/usr/lib/python2.6/site-packages/ipaserver/rpcserver.py", line 356, in
__call__
[Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147]     response =
self.wsgi_execute(environ)
[Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147]   File
"/usr/lib/python2.6/site-packages/ipaserver/rpcserver.py", line 315, in
wsgi_execute
[Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147]     result =
self.Command[name](*args, **options)
[Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147]   File
"/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 438, in __call__
[Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147]     ret =
self.run(*args, **options)
[Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147]   File
"/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 696, in run
[Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147]     return
self.execute(*args, **options)
[Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147]   File
"/usr/lib/python2.6/site-packages/ipalib/plugins/migration.py", line 697, in
execute
[Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147]     ldap, config,
ds_ldap, ds_base_dn, options
[Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147]   File
"/usr/lib/python2.6/site-packages/ipalib/plugins/migration.py", line 562, in
migrate
[Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147]     search_refs=True
# migrated DS may contain search references
[Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147]   File
"/usr/lib/python2.6/site-packages/ipalib/encoder.py", line 190, in new_f
[Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147]     return
f(*new_args, **kwargs)
[Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147]   File
"/usr/lib/python2.6/site-packages/ipalib/encoder.py", line 201, in new_f
[Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147]     return
args[0].decode(f(*args, **kwargs))
[Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147]   File
"/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", line 701, in
find_entries
[Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147]     base_dn =
self.normalize_dn(base_dn)
[Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147]   File
"/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", line 503, in
normalize_dn
[Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147]     rdns =
explode_dn(dn)
[Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147]   File
"/usr/lib64/python2.6/site-packages/ldap/dn.py", line 79, in explode_dn
[Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147]     dn_decomp =
str2dn(dn,flags)
[Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147]   File
"/usr/lib64/python2.6/site-packages/ldap/dn.py", line 53, in str2dn
[Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147]     return
ldap.functions._ldap_function_call(_ldap.str2dn,dn,flags)
[Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147]   File
"/usr/lib64/python2.6/site-packages/ldap/functions.py", line 57, in
_ldap_function_call
[Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147]     result =
func(*args,**kwargs)
[Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147] DECODING_ERROR



Version-Release number of selected component (if applicable):
ipa-server-2.2.0-4.el6.x86_64

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Moving to next month iteration.

The internal fault occurs because of invalid user input, the user-container RDN is malformed (there is no type, i.e. the LHS of type=value).

We should validate all user input, including DN's and RDN's, prior to it ever reaching our internal code.

Fortunately the dn module I added last fall is capable of validating DN's and RDN's. I believe all we need to do is add a validation function to the parameters taking a DN or RDN for the command.

Actually the validation is nothing more than creating a RDN object from the string the user supplied. Too bad we'll throw this away because at some point soon we'll be passing DN and RDN objects around instead of simple strings, but that's a fix for another day.

after adding the validator function and executing the above ipa command you now get this:

ipa: ERROR: invalid 'user_container': malformed RDN string = "BostonUsers"

patch submitted

[PATCH 72] Validate DN & RDN parameters for migrate command

master: d317c2a[[BR]]
ipa-2-2: 46391e9

Metadata Update from @mkosek:
- Issue assigned to jdennis
- Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/04
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
defect
None
None
Migration
None
1
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=804807
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.