[Kolab-devel] Search: Invalid DN syntax function.ldap-search

ComCept Soliva soliva at comcept.ch
Wed Feb 24 05:43:04 CET 2010


Hi Gunnar

This works meaning created a new user using a "," or "=" in the First Name
for test:

Type    Name                        E-mail               uid
U       Test User, Andrea,Soliva    test1 at comcept-net.ch
test1 at comcept-net.ch
U       Test User, Andrea=Soliva    test2 at comcept-net.ch
test2 at comcept-net.ch

This works also meaning created a new user using a "," or "=" in the Last
Name for test:

Type    Name                        E-mail               uid
U       Test,User, Andrea Soliva    test3 at comcept-net.ch
test3 at comcept-net.ch
U       Test=User, Andrea Soliva    test4 at comcept-net.ch
test4 at comcept-net.ch

I don't think that this should work correct? I thinks this works "probably
only on my system" because the "," or "=" is not really used in the
background because I deleted afterward the test3 at comcept-net.ch as
test4 at comcept-net.ch and it appears on the Webpage a confirmation:

"The user with DN cn=Andrea Soliva Test\2CUser,dc=comcept-net,dc=ch has been
deleted"
"The user with DN cn=Andrea Soliva Test\3DUser,dc=comcept-net,dc=ch has been
deleted"

This means "=" is used as "/3D" and for ";" is used "/2C".

In the log for creating the user nothing specially appears except the normal
entry:

==> /kolab/var/apache/log/apache-access.log <==
192.168.101.11 - - [24/Feb/2010:05:29:43 +0100] "GET /admin/user/ HTTP/1.1"
200 14475
192.168.101.11 - - [24/Feb/2010:05:29:58 +0100] "GET
/admin/user/user.php?action=create HTTP/1.1" 200 10501

If you need mor tell me

Kind regards

Andrea Soliva

Mail: soliva at comcept.ch 

-----Ursprüngliche Nachricht-----
Von: Gunnar Wrobel [mailto:wrobel at pardus.de] Im Auftrag von
kolab-devel-bounces at kolab.org
Gesendet: Sonntag, 21. Februar 2010 21:31
An: kolab-devel at kolab.org
Betreff: [Kolab-devel] Search: Invalid DN syntax function.ldap-search

Hi Andrea,

Quoting ComCept Soliva <soliva at comcept.ch>:

> Hi Gunnar
>
> Man thanks fort he hint and I modified the file as in your patch shown:
>
>         --------------- /kolab/var/kolab/php/admin/include/ldap.class.php
> ---------------
>
>
>            411    // Count the number of occurences of an email address
>            412    // in users' mail and alias attributes and in dist.
lists.
>            413    // This can be used to check for uniqueness etc.
>            412    // in users' mail and alias attributes and in dist.
lists.
>            413    // This can be used to check for uniqueness etc.
>            414    function countMail( $base, $mail , $excludedn=false ) {
>            415          // First count users
>            416          $filter = '(|(|(mail='.$this->escape($mail).')
>            417                         (alias='.$this->escape($mail).')
>            418                       )
>            419                       (uid='.$this->escape($mail).')
>            420                     )';
>            421  //      $res = $this->search( $this->dn_escape($base),
> $filter, array( 'dn' ) );
>            422          $res = $this->search( $base, $filter, array( 'dn'
)
> );
>            423          $count = 0;
>            424
>            425          $entries = ldap_get_entries( $this->connection,
$res
> );
>            426          if( $excludedn ) {
>            427            for ( $i = 0; $i < count( $entries ); $i++ ) {
>            428  //              if( is_null( $entries[$i] ) ) continue;
>            429                  if( !isset($entries[$i]) || is_null(
> $entries[$i] ) ) continue;
>            430                  if(
> KolabLDAP::unescape_dn_value($entries[$i]['dn']) ==
> KolabLDAP::unescape_dn_value($excludedn) ) continue;
>            431                  debug("found ".$entries[$i]['dn'] );
>            432                  $count++;
>
>         --------------- /kolab/var/kolab/php/admin/include/ldap.class.php
> ---------------
>
> After that I created a new user, modified as deleted the user without any
> warnings etc. in the log /kolab/var/apache/log/php/php-errors.log. From
this
> point it seems the warning are gone. I saw somewhere also in the devel
> messages (can not remember anymore) that without this patch it is possible
> to configure a mail alias to two different uid's (users)?
> Right....?

Correct.

> .....after the patch this is not possible meaning a warning is
> shown/poping up that this alias is already set to another uid/user etc.

Nice. Many thanks for the feedback!

>
> As mentioned I did not find anything else after the patch was applied
> meaning warnings, errros etc. even I manipulated the new user I created
for
> the test in different ways. Hope this helps and if you need more tests or
> wathever give me a hint.

If you want, you can check if creating users that contain a "," or a  
"=" in the first or last name works as well.

That was what the original patch was actually about. Breaking the  
countMail() function was an undesired side effect.

Cheers,

Gunnar

>
> Many thnks and kind regards
>
> Andrea Soliva
>
> Mail: soliva at comcept.ch
> -----Ursprüngliche Nachricht-----
> Von: Gunnar Wrobel [mailto:wrobel at pardus.de] Im Auftrag von
> kolab-devel-bounces at kolab.org
> Gesendet: Sonntag, 21. Februar 2010 14:15
> An: kolab-devel at kolab.org
> Betreff: Re: [Kolab-devel] Search: Invalid DN syntax function.ldap-search
>
> Quoting ComCept Soliva <soliva at comcept.ch>:
>
>> Hi Gunnar
>>
>> No problem can give a try...give me a hint as soon as the patch is
>> available....
>
> Here it is: http://kolab.org/pipermail/kolab-commits/2010q1/011956.html
>
> Cheers,
>
> Gunnar
>
>>
>> Kind regards
>>
>> Andrea
>>
>> Mail: soliva at comcept.ch
>>
>> -----Ursprüngliche Nachricht-----
>> Von: Gunnar Wrobel [mailto:wrobel at pardus.de] Im Auftrag von
>> kolab-devel-bounces at kolab.org
>> Gesendet: Montag, 15. Februar 2010 10:00
>> An: kolab-devel at kolab.org
>> Betreff: Re: [Kolab-devel] Search: Invalid DN syntax function.ldap-search
>>
>> Hi Andrea,
>>
>> actually the error you see is probably a side effect of the bug I
>> introduced with the fix for https://issues.kolab.org/issue3499. I'll
>> try to provide a patch for that today. Please add yourself in nosy
>> there. Would be great if you could provide feedback if that works.
>>
>> Cheers,
>>
>> Gunnar
>>
>> Quoting ComCept Soliva <soliva at comcept.ch>:
>>
>>> Hi Gunnar
>>>
>>> Sorry was in holidays for a fiew days :-)
>>>
>>> I tried to include your suggested stuff "var_dump($base);" in the Code
> of:
>>>
>>> /opt/kolab/var/kolab/php/admin/include/ldap.class.php on line 204
>>>
>>> But as a pity without success....I'm not so familar with php :-( can you
>>> please advice how you would include it.
>>>
>>> Regarding your suggstion what the symptomes are if this error occurs
>>> following:
>>>
>>> The error occures "ONLY" if a user is added or modified within the
> manager
>>> interface. It happens also if a Distribution List ist added or modified.
>> For
>>> the manager itself which add's or modifies the users or distribution
list
>> on
>>> the manager interface nothing occured meanining I added over 20 domains
>> with
>>> 50 email address's and aliases but I never was kicked out or saw a blank
>>> white page or a error from php or whatever. I'm using kolab since years
>> and
>>> this never occoured but I have to say what I did this time was to add a
>>> Domain Maintainer which I never used before...could this be the reason?
> If
>> I
>>> looked in as the Domain Maintainer and added a user I had some kick outs
>> and
>>> blank white pages? I have a strange feeling about this function but that
>> we
>>> have no misunderstandig at all as Kolab Manager I had never blank pages
> or
>>> uncontrolled kicke outs.
>>>
>>> If you could advice where to add the code etc. I can follow up on
> this....
>>>
>>> PS: One more thing which you are probably interessted....I did in
rc.conf
>>> template a modification....this means in the past for config the entry
in
>>> this file was:
>>>
>>> openldap_url="ldap:// ldaps://"
>>>
>>> This was working fine without any problems...in the newewst version the
>>> entry is:
>>>
>>> openldap_url="ldap://@@@bind_addr@@@/ ldaps://@@@bind_addr@@@/"
>>>
>>> This was given errors and a lot of problems because the real entry in
the
>>> /kolab/etc/rc.conf was looking:
>>>
>>> openldap_url="ldap://0.0.0.0/ ldaps://0.0.0.0/"
>>>
>>> This does not work and I changed to 127.0.0.1 or back to the old style.
>> Both
>>> is working fine:
>>>
>>> openldap_url="ldap:// ldaps://"
>>>
>>> I do not think so that this has something to do with the issue which we
>> are
>>> discussion here even I do not understand the
>> "openldap_url="ldap://0.0.0.0/
>>> ldaps://0.0.0.0/". Looks for me funny and not usable. My opinion is that
>> the
>>> bind_addr did not work as expected because I'm using Kolab in a Solaris
>> Zone
>>> and the localhost as the 127.0.0.1 is handled in some circumstances in
>>> another way.....this only for your information. I documented the overall
>>> stuff on the Wiki:
>>>
>>> https://wiki.kolab.org/index.php/Solaris
>>>
>>>
>>> Kind regards
>>>
>>> Andrea
>>>
>>> Mail: soliva at comcept.ch
>>>
>>> -----Ursprüngliche Nachricht-----
>>> Von: Gunnar Wrobel [mailto:wrobel at pardus.de] Im Auftrag von
>>> kolab-devel-bounces at kolab.org
>>> Gesendet: Donnerstag, 11. Februar 2010 22:10
>>> An: kolab-devel at kolab.org
>>> Betreff: [Kolab-devel] Search: Invalid DN syntax function.ldap-search
>>>
>>> Hi Andrea,
>>>
>>> Quoting ComCept Soliva <soliva at comcept.ch>:
>>>
>>>> Hi
>>>>
>>>> It is from my point of view clear the search function but even I see
the
>>>> lines I can not identify what is false and why?:
>>>>
>>>> syntax in /opt/kolab/var/kolab/php/admin/include/ldap.class.php on line
>>> 204
>>>>
>>>>
>>>> 201    function search( $base, $filter, $attrs = false ) {
>>>>    202      $this->freeSearchResult();
>>>>    203      if( $attrs ) {
>>>>    204            $this->search_result = ldap_search(
$this->connection,
>>>> $base, $filter, $attrs );
>>>>    205          } else {
>>>>    206            $this->search_result = ldap_search(
$this->connection,
>>>> $base, $filter );
>>>>    207          }
>>>>    208      return $this->search_result;
>>>>    209    }
>>>
>>> The error sounds as if $base contains an invalid value. You could add
>>> a "var_dump($base);" in the code to display the value.
>>>
>>> Both log entries you mentioned are just warnings though. The code
>>> won't stop on a warning. And the code of the web admin is not exactly
>>> clean when it comes to notices and warnings. Quite the contrary. So
>>> what you see might not be a real problem.
>>>
>>> But I did not quite understand what kind of problems you saw in the
>>> actual frontend. Did you see any specific errors that were displayed?
>>> Or did the web admin just show you a blank page (the PHP white screen
>>> of death)?
>>>
>>> Cheers,
>>>
>>> Gunnar
>>>
>>>>
>>>>
>>>> is not a valid ldap result resource in
>>>> /opt/kolab/var/kolab/php/admin/include/ldap.class.php on line 424
>>>>
>>>>    411    // Count the number of occurences of an email address
>>>>    412    // in users' mail and alias attributes and in dist. lists.
>>>>    413    // This can be used to check for uniqueness etc.
>>>>    414    function countMail( $base, $mail , $excludedn=false ) {
>>>>    415          // First count users
>>>>    416          $filter = '(|(|(mail='.$this->escape($mail).')
>>>>    417                         (alias='.$this->escape($mail).')
>>>>    418                       )
>>>>    419                       (uid='.$this->escape($mail).')
>>>>    420                     )';
>>>>    421          $res = $this->search( $this->dn_escape($base), $filter,
>>>> array( 'dn' ) );
>>>>    422          $count = 0;
>>>>    423
>>>>    424          $entries = ldap_get_entries( $this->connection, $res );
>>>>    425          if( $excludedn ) {
>>>>    426            for ( $i = 0; $i < count( $entries ); $i++ ) {
>>>>    427                  if( is_null( $entries[$i] ) ) continue;
>>>>    428                  if(
>>> KolabLDAP::unescape_dn_value($entries[$i]['dn'])
>>>> == KolabLDAP::unescape_dn_value($excludedn) ) continue;
>>>>    429                  debug("found ".$entries[$i]['dn'] );
>>>>    430                  $count++;
>>>>    431            }
>>>>    432          } else $count += $entries['count'];
>>>>
>>>>
>>>> Kind regards
>>>>
>>>> Andrea Soliva
>>>>
>>>> Mail: soliva at comcept.ch
>>>> -----Ursprüngliche Nachricht-----
>>>> Von: Bernhard Reiter [mailto:bernhard at intevation.de] Im Auftrag von
>>>> kolab-devel-bounces at kolab.org
>>>> Gesendet: Montag, 25. Januar 2010 14:37
>>>> An: kolab-devel at kolab.org
>>>> Betreff: Re: [Kolab-devel] Search: Invalid DN syntax
> function.ldap-search
>>>>
>>>> Am Sonntag, 24. Januar 2010 11:31:48 schrieb ComCept Soliva:
>>>>> [23-Jan-2010 14:59:36] PHP Warning:  ldap_search() [<a
>>>>> href='function.ldap-search'>function.ldap-search</a>]: Search: Invalid
>> DN
>>>>> syntax in /opt/kolab/var/kolab/php/admin/include/ldap.class.php on
line
>>>> 204
>>>>> [23-Jan-2010 14:59:36] PHP Warning:  ldap_get_entries(): supplied
>>> argument
>>>>> is not a valid ldap result resource in
>>>>> /opt/kolab/var/kolab/php/admin/include/ldap.class.php on line 424
>>>>>
>>>>> Is this already recognized? Is it not known....I tried to figure out
>> what
>>>>> is wrong but actually I could not?!
>>>>>
>>>>> Any suggestion?
>>>>
>>>> My suggestion is to check the given line 204 and see which argument
>>>> is used there (maybe add a statement to print it out).
>>>>
>>>>> By the way is there a documentation about Master/Slave configuration
>>>>> meaning how this works etc. I could not find anything. Any hints would
>> be
>>>>> appriciated.
>>>>
>>>> I think the documentation is in the architecture documents.
>>>> The idea is pretty simple: Replicate the directory server on the slave
>>>> (for which there is a bootstrap) have all read access on the slave
>>> accounts
>>>> go
>>>> to the slave LDAP server and all write access (only by webadmin) to the
>>>> master.
>>>>
>>>> Bernhard
>>>>
>>>> --
>>>> Managing Director - Owner: www.intevation.net       (Free Software
>>> Company)
>>>> Germany Coordinator: fsfeurope.org. Coordinator:
>> www.Kolab-Konsortium.com.
>>>> Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
>>>> Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
>>>>
>>>> _______________________________________________
>>>> Kolab-devel mailing list
>>>> Kolab-devel at kolab.org
>>>> https://kolab.org/mailman/listinfo/kolab-devel
>>>>
>>>
>>>
>>>
>>> --
>>> ____ http://www.pardus.de _________________ http://gunnarwrobel.de _
>>>
>>> E-mail : p at rdus.de                                 Dr. Gunnar Wrobel
>>> Tel.   : +49 700 6245 0000                         Bundesstrasse 29
>>> Fax    : +49 721 1513 52322                        D-20146 Hamburg
>>> --------------------------------------------------------------------
>>>     >> Mail at ease - Rent a kolab groupware server at p at rdus <<
>>> --------------------------------------------------------------------
>>>
>>>
>>> _______________________________________________
>>> Kolab-devel mailing list
>>> Kolab-devel at kolab.org
>>> https://kolab.org/mailman/listinfo/kolab-devel
>>>
>>> _______________________________________________
>>> Kolab-devel mailing list
>>> Kolab-devel at kolab.org
>>> https://kolab.org/mailman/listinfo/kolab-devel
>>>
>>
>>
>>
>> --
>> ______ http://kdab.com _______________ http://kolab-konsortium.com _
>>
>> p at rdus Kolab work is funded in part by KDAB and the Kolab Konsortium
>>
>> ____ http://www.pardus.de _________________ http://gunnarwrobel.de _
>> E-mail : p at rdus.de                                 Dr. Gunnar Wrobel
>> Tel.   : +49 700 6245 0000                          Bundesstrasse 29
>> Fax    : +49 721 1513 52322                          D-20146 Hamburg
>> --------------------------------------------------------------------
>>     >> Mail at ease - Rent a kolab groupware server at p at rdus <<
>> --------------------------------------------------------------------
>>
>> _______________________________________________
>> Kolab-devel mailing list
>> Kolab-devel at kolab.org
>> https://kolab.org/mailman/listinfo/kolab-devel
>>
>
>
>
> --
> ______ http://kdab.com _______________ http://kolab-konsortium.com _
>
> p at rdus Kolab work is funded in part by KDAB and the Kolab Konsortium
>
> ____ http://www.pardus.de _________________ http://gunnarwrobel.de _
> E-mail : p at rdus.de                                 Dr. Gunnar Wrobel
> Tel.   : +49 700 6245 0000                          Bundesstrasse 29
> Fax    : +49 721 1513 52322                          D-20146 Hamburg
> --------------------------------------------------------------------
>     >> Mail at ease - Rent a kolab groupware server at p at rdus <<
> --------------------------------------------------------------------
>
> _______________________________________________
> Kolab-devel mailing list
> Kolab-devel at kolab.org
> https://kolab.org/mailman/listinfo/kolab-devel
>



-- 
____ http://www.pardus.de _________________ http://gunnarwrobel.de _

E-mail : p at rdus.de                                 Dr. Gunnar Wrobel
Tel.   : +49 700 6245 0000                         Bundesstrasse 29
Fax    : +49 721 1513 52322                        D-20146 Hamburg
--------------------------------------------------------------------
    >> Mail at ease - Rent a kolab groupware server at p at rdus <<
--------------------------------------------------------------------


_______________________________________________
Kolab-devel mailing list
Kolab-devel at kolab.org
https://kolab.org/mailman/listinfo/kolab-devel




More information about the devel mailing list