[Kolab-devel] Search: Invalid DN syntax function.ldap-search

Gunnar Wrobel wrobel at pardus.de
Thu Feb 25 17:46:05 CET 2010


Quoting ComCept Soliva <soliva at comcept.ch>:

> Hi Gunnar
>
> This works meaning created a new user using a "," or "=" in the First Name
> for test:
>
> Type    Name                        E-mail               uid
> U       Test User, Andrea,Soliva    test1 at comcept-net.ch
> test1 at comcept-net.ch
> U       Test User, Andrea=Soliva    test2 at comcept-net.ch
> test2 at comcept-net.ch
>
> This works also meaning created a new user using a "," or "=" in the Last
> Name for test:
>
> Type    Name                        E-mail               uid
> U       Test,User, Andrea Soliva    test3 at comcept-net.ch
> test3 at comcept-net.ch
> U       Test=User, Andrea Soliva    test4 at comcept-net.ch
> test4 at comcept-net.ch

Thanks for the feedback!

>
> I don't think that this should work correct? I thinks this works "probably
> only on my system"

No it should actually work. Not only on your system :) It is okay if  
people use these characters in the LDAP attributes. There is no reason  
why they should not. Especially since we can't exect the users to know  
that we put the first and last name in the DN of the object (probably  
about to change with 2.3 anyhow) and that these character have special  
meaning in the DN of an LDAP object.

> because the "," or "=" is not really used in the
> background because I deleted afterward the test3 at comcept-net.ch as
> test4 at comcept-net.ch and it appears on the Webpage a confirmation:
>
> "The user with DN cn=Andrea Soliva Test\2CUser,dc=comcept-net,dc=ch has been
> deleted"
> "The user with DN cn=Andrea Soliva Test\3DUser,dc=comcept-net,dc=ch has been
> deleted"
>
> This means "=" is used as "/3D" and for ";" is used "/2C".

Correct. Escaping these characters in the right way was what I tried  
to patch for 2.2.3.

Cheers,

Gunnar

>
> In the log for creating the user nothing specially appears except the normal
> entry:
>
> ==> /kolab/var/apache/log/apache-access.log <==
> 192.168.101.11 - - [24/Feb/2010:05:29:43 +0100] "GET /admin/user/ HTTP/1.1"
> 200 14475
> 192.168.101.11 - - [24/Feb/2010:05:29:58 +0100] "GET
> /admin/user/user.php?action=create HTTP/1.1" 200 10501
>
> If you need mor tell me
>
> Kind regards
>
> Andrea Soliva
>
> Mail: soliva at comcept.ch
>
> -----Ursprüngliche Nachricht-----
> Von: Gunnar Wrobel [mailto:wrobel at pardus.de] Im Auftrag von
> kolab-devel-bounces at kolab.org
> Gesendet: Sonntag, 21. Februar 2010 21:31
> An: kolab-devel at kolab.org
> Betreff: [Kolab-devel] Search: Invalid DN syntax function.ldap-search
>
> Hi Andrea,
>
> Quoting ComCept Soliva <soliva at comcept.ch>:
>
>> Hi Gunnar
>>
>> Man thanks fort he hint and I modified the file as in your patch shown:
>>
>>         --------------- /kolab/var/kolab/php/admin/include/ldap.class.php
>> ---------------
>>
>>
>>            411    // Count the number of occurences of an email address
>>            412    // in users' mail and alias attributes and in dist.
> lists.
>>            413    // This can be used to check for uniqueness etc.
>>            412    // in users' mail and alias attributes and in dist.
> lists.
>>            413    // This can be used to check for uniqueness etc.
>>            414    function countMail( $base, $mail , $excludedn=false ) {
>>            415          // First count users
>>            416          $filter = '(|(|(mail='.$this->escape($mail).')
>>            417                         (alias='.$this->escape($mail).')
>>            418                       )
>>            419                       (uid='.$this->escape($mail).')
>>            420                     )';
>>            421  //      $res = $this->search( $this->dn_escape($base),
>> $filter, array( 'dn' ) );
>>            422          $res = $this->search( $base, $filter, array( 'dn'
> )
>> );
>>            423          $count = 0;
>>            424
>>            425          $entries = ldap_get_entries( $this->connection,
> $res
>> );
>>            426          if( $excludedn ) {
>>            427            for ( $i = 0; $i < count( $entries ); $i++ ) {
>>            428  //              if( is_null( $entries[$i] ) ) continue;
>>            429                  if( !isset($entries[$i]) || is_null(
>> $entries[$i] ) ) continue;
>>            430                  if(
>> KolabLDAP::unescape_dn_value($entries[$i]['dn']) ==
>> KolabLDAP::unescape_dn_value($excludedn) ) continue;
>>            431                  debug("found ".$entries[$i]['dn'] );
>>            432                  $count++;
>>
>>         --------------- /kolab/var/kolab/php/admin/include/ldap.class.php
>> ---------------
>>
>> After that I created a new user, modified as deleted the user without any
>> warnings etc. in the log /kolab/var/apache/log/php/php-errors.log. From
> this
>> point it seems the warning are gone. I saw somewhere also in the devel
>> messages (can not remember anymore) that without this patch it is possible
>> to configure a mail alias to two different uid's (users)?
>> Right....?
>
> Correct.
>
>> .....after the patch this is not possible meaning a warning is
>> shown/poping up that this alias is already set to another uid/user etc.
>
> Nice. Many thanks for the feedback!
>
>>
>> As mentioned I did not find anything else after the patch was applied
>> meaning warnings, errros etc. even I manipulated the new user I created
> for
>> the test in different ways. Hope this helps and if you need more tests or
>> wathever give me a hint.
>
> If you want, you can check if creating users that contain a "," or a
> "=" in the first or last name works as well.
>
> That was what the original patch was actually about. Breaking the
> countMail() function was an undesired side effect.
>
> Cheers,
>
> Gunnar
>
>>
>> Many thnks and kind regards
>>
>> Andrea Soliva
>>
>> Mail: soliva at comcept.ch
>> -----Ursprüngliche Nachricht-----
>> Von: Gunnar Wrobel [mailto:wrobel at pardus.de] Im Auftrag von
>> kolab-devel-bounces at kolab.org
>> Gesendet: Sonntag, 21. Februar 2010 14:15
>> An: kolab-devel at kolab.org
>> Betreff: Re: [Kolab-devel] Search: Invalid DN syntax function.ldap-search
>>
>> Quoting ComCept Soliva <soliva at comcept.ch>:
>>
>>> Hi Gunnar
>>>
>>> No problem can give a try...give me a hint as soon as the patch is
>>> available....
>>
>> Here it is: http://kolab.org/pipermail/kolab-commits/2010q1/011956.html
>>
>> Cheers,
>>
>> Gunnar
>>
>>>
>>> Kind regards
>>>
>>> Andrea
>>>
>>> Mail: soliva at comcept.ch
>>>
>>> -----Ursprüngliche Nachricht-----
>>> Von: Gunnar Wrobel [mailto:wrobel at pardus.de] Im Auftrag von
>>> kolab-devel-bounces at kolab.org
>>> Gesendet: Montag, 15. Februar 2010 10:00
>>> An: kolab-devel at kolab.org
>>> Betreff: Re: [Kolab-devel] Search: Invalid DN syntax function.ldap-search
>>>
>>> Hi Andrea,
>>>
>>> actually the error you see is probably a side effect of the bug I
>>> introduced with the fix for https://issues.kolab.org/issue3499. I'll
>>> try to provide a patch for that today. Please add yourself in nosy
>>> there. Would be great if you could provide feedback if that works.
>>>
>>> Cheers,
>>>
>>> Gunnar
>>>
>>> Quoting ComCept Soliva <soliva at comcept.ch>:
>>>
>>>> Hi Gunnar
>>>>
>>>> Sorry was in holidays for a fiew days :-)
>>>>
>>>> I tried to include your suggested stuff "var_dump($base);" in the Code
>> of:
>>>>
>>>> /opt/kolab/var/kolab/php/admin/include/ldap.class.php on line 204
>>>>
>>>> But as a pity without success....I'm not so familar with php :-( can you
>>>> please advice how you would include it.
>>>>
>>>> Regarding your suggstion what the symptomes are if this error occurs
>>>> following:
>>>>
>>>> The error occures "ONLY" if a user is added or modified within the
>> manager
>>>> interface. It happens also if a Distribution List ist added or modified.
>>> For
>>>> the manager itself which add's or modifies the users or distribution
> list
>>> on
>>>> the manager interface nothing occured meanining I added over 20 domains
>>> with
>>>> 50 email address's and aliases but I never was kicked out or saw a blank
>>>> white page or a error from php or whatever. I'm using kolab since years
>>> and
>>>> this never occoured but I have to say what I did this time was to add a
>>>> Domain Maintainer which I never used before...could this be the reason?
>> If
>>> I
>>>> looked in as the Domain Maintainer and added a user I had some kick outs
>>> and
>>>> blank white pages? I have a strange feeling about this function but that
>>> we
>>>> have no misunderstandig at all as Kolab Manager I had never blank pages
>> or
>>>> uncontrolled kicke outs.
>>>>
>>>> If you could advice where to add the code etc. I can follow up on
>> this....
>>>>
>>>> PS: One more thing which you are probably interessted....I did in
> rc.conf
>>>> template a modification....this means in the past for config the entry
> in
>>>> this file was:
>>>>
>>>> openldap_url="ldap:// ldaps://"
>>>>
>>>> This was working fine without any problems...in the newewst version the
>>>> entry is:
>>>>
>>>> openldap_url="ldap://@@@bind_addr@@@/ ldaps://@@@bind_addr@@@/"
>>>>
>>>> This was given errors and a lot of problems because the real entry in
> the
>>>> /kolab/etc/rc.conf was looking:
>>>>
>>>> openldap_url="ldap://0.0.0.0/ ldaps://0.0.0.0/"
>>>>
>>>> This does not work and I changed to 127.0.0.1 or back to the old style.
>>> Both
>>>> is working fine:
>>>>
>>>> openldap_url="ldap:// ldaps://"
>>>>
>>>> I do not think so that this has something to do with the issue which we
>>> are
>>>> discussion here even I do not understand the
>>> "openldap_url="ldap://0.0.0.0/
>>>> ldaps://0.0.0.0/". Looks for me funny and not usable. My opinion is that
>>> the
>>>> bind_addr did not work as expected because I'm using Kolab in a Solaris
>>> Zone
>>>> and the localhost as the 127.0.0.1 is handled in some circumstances in
>>>> another way.....this only for your information. I documented the overall
>>>> stuff on the Wiki:
>>>>
>>>> https://wiki.kolab.org/index.php/Solaris
>>>>
>>>>
>>>> Kind regards
>>>>
>>>> Andrea
>>>>
>>>> Mail: soliva at comcept.ch
>>>>
>>>> -----Ursprüngliche Nachricht-----
>>>> Von: Gunnar Wrobel [mailto:wrobel at pardus.de] Im Auftrag von
>>>> kolab-devel-bounces at kolab.org
>>>> Gesendet: Donnerstag, 11. Februar 2010 22:10
>>>> An: kolab-devel at kolab.org
>>>> Betreff: [Kolab-devel] Search: Invalid DN syntax function.ldap-search
>>>>
>>>> Hi Andrea,
>>>>
>>>> Quoting ComCept Soliva <soliva at comcept.ch>:
>>>>
>>>>> Hi
>>>>>
>>>>> It is from my point of view clear the search function but even I see
> the
>>>>> lines I can not identify what is false and why?:
>>>>>
>>>>> syntax in /opt/kolab/var/kolab/php/admin/include/ldap.class.php on line
>>>> 204
>>>>>
>>>>>
>>>>> 201    function search( $base, $filter, $attrs = false ) {
>>>>>    202      $this->freeSearchResult();
>>>>>    203      if( $attrs ) {
>>>>>    204            $this->search_result = ldap_search(
> $this->connection,
>>>>> $base, $filter, $attrs );
>>>>>    205          } else {
>>>>>    206            $this->search_result = ldap_search(
> $this->connection,
>>>>> $base, $filter );
>>>>>    207          }
>>>>>    208      return $this->search_result;
>>>>>    209    }
>>>>
>>>> The error sounds as if $base contains an invalid value. You could add
>>>> a "var_dump($base);" in the code to display the value.
>>>>
>>>> Both log entries you mentioned are just warnings though. The code
>>>> won't stop on a warning. And the code of the web admin is not exactly
>>>> clean when it comes to notices and warnings. Quite the contrary. So
>>>> what you see might not be a real problem.
>>>>
>>>> But I did not quite understand what kind of problems you saw in the
>>>> actual frontend. Did you see any specific errors that were displayed?
>>>> Or did the web admin just show you a blank page (the PHP white screen
>>>> of death)?
>>>>
>>>> Cheers,
>>>>
>>>> Gunnar
>>>>
>>>>>
>>>>>
>>>>> is not a valid ldap result resource in
>>>>> /opt/kolab/var/kolab/php/admin/include/ldap.class.php on line 424
>>>>>
>>>>>    411    // Count the number of occurences of an email address
>>>>>    412    // in users' mail and alias attributes and in dist. lists.
>>>>>    413    // This can be used to check for uniqueness etc.
>>>>>    414    function countMail( $base, $mail , $excludedn=false ) {
>>>>>    415          // First count users
>>>>>    416          $filter = '(|(|(mail='.$this->escape($mail).')
>>>>>    417                         (alias='.$this->escape($mail).')
>>>>>    418                       )
>>>>>    419                       (uid='.$this->escape($mail).')
>>>>>    420                     )';
>>>>>    421          $res = $this->search( $this->dn_escape($base), $filter,
>>>>> array( 'dn' ) );
>>>>>    422          $count = 0;
>>>>>    423
>>>>>    424          $entries = ldap_get_entries( $this->connection, $res );
>>>>>    425          if( $excludedn ) {
>>>>>    426            for ( $i = 0; $i < count( $entries ); $i++ ) {
>>>>>    427                  if( is_null( $entries[$i] ) ) continue;
>>>>>    428                  if(
>>>> KolabLDAP::unescape_dn_value($entries[$i]['dn'])
>>>>> == KolabLDAP::unescape_dn_value($excludedn) ) continue;
>>>>>    429                  debug("found ".$entries[$i]['dn'] );
>>>>>    430                  $count++;
>>>>>    431            }
>>>>>    432          } else $count += $entries['count'];
>>>>>
>>>>>
>>>>> Kind regards
>>>>>
>>>>> Andrea Soliva
>>>>>
>>>>> Mail: soliva at comcept.ch
>>>>> -----Ursprüngliche Nachricht-----
>>>>> Von: Bernhard Reiter [mailto:bernhard at intevation.de] Im Auftrag von
>>>>> kolab-devel-bounces at kolab.org
>>>>> Gesendet: Montag, 25. Januar 2010 14:37
>>>>> An: kolab-devel at kolab.org
>>>>> Betreff: Re: [Kolab-devel] Search: Invalid DN syntax
>> function.ldap-search
>>>>>
>>>>> Am Sonntag, 24. Januar 2010 11:31:48 schrieb ComCept Soliva:
>>>>>> [23-Jan-2010 14:59:36] PHP Warning:  ldap_search() [<a
>>>>>> href='function.ldap-search'>function.ldap-search</a>]: Search: Invalid
>>> DN
>>>>>> syntax in /opt/kolab/var/kolab/php/admin/include/ldap.class.php on
> line
>>>>> 204
>>>>>> [23-Jan-2010 14:59:36] PHP Warning:  ldap_get_entries(): supplied
>>>> argument
>>>>>> is not a valid ldap result resource in
>>>>>> /opt/kolab/var/kolab/php/admin/include/ldap.class.php on line 424
>>>>>>
>>>>>> Is this already recognized? Is it not known....I tried to figure out
>>> what
>>>>>> is wrong but actually I could not?!
>>>>>>
>>>>>> Any suggestion?
>>>>>
>>>>> My suggestion is to check the given line 204 and see which argument
>>>>> is used there (maybe add a statement to print it out).
>>>>>
>>>>>> By the way is there a documentation about Master/Slave configuration
>>>>>> meaning how this works etc. I could not find anything. Any hints would
>>> be
>>>>>> appriciated.
>>>>>
>>>>> I think the documentation is in the architecture documents.
>>>>> The idea is pretty simple: Replicate the directory server on the slave
>>>>> (for which there is a bootstrap) have all read access on the slave
>>>> accounts
>>>>> go
>>>>> to the slave LDAP server and all write access (only by webadmin) to the
>>>>> master.
>>>>>
>>>>> Bernhard
>>>>>
>>>>> --
>>>>> Managing Director - Owner: www.intevation.net       (Free Software
>>>> Company)
>>>>> Germany Coordinator: fsfeurope.org. Coordinator:
>>> www.Kolab-Konsortium.com.
>>>>> Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
>>>>> Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
>>>>>
>>>>> _______________________________________________
>>>>> Kolab-devel mailing list
>>>>> Kolab-devel at kolab.org
>>>>> https://kolab.org/mailman/listinfo/kolab-devel
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> ____ http://www.pardus.de _________________ http://gunnarwrobel.de _
>>>>
>>>> E-mail : p at rdus.de                                 Dr. Gunnar Wrobel
>>>> Tel.   : +49 700 6245 0000                         Bundesstrasse 29
>>>> Fax    : +49 721 1513 52322                        D-20146 Hamburg
>>>> --------------------------------------------------------------------
>>>>     >> Mail at ease - Rent a kolab groupware server at p at rdus <<
>>>> --------------------------------------------------------------------
>>>>
>>>>
>>>> _______________________________________________
>>>> Kolab-devel mailing list
>>>> Kolab-devel at kolab.org
>>>> https://kolab.org/mailman/listinfo/kolab-devel
>>>>
>>>> _______________________________________________
>>>> Kolab-devel mailing list
>>>> Kolab-devel at kolab.org
>>>> https://kolab.org/mailman/listinfo/kolab-devel
>>>>
>>>
>>>
>>>
>>> --
>>> ______ http://kdab.com _______________ http://kolab-konsortium.com _
>>>
>>> p at rdus Kolab work is funded in part by KDAB and the Kolab Konsortium
>>>
>>> ____ http://www.pardus.de _________________ http://gunnarwrobel.de _
>>> E-mail : p at rdus.de                                 Dr. Gunnar Wrobel
>>> Tel.   : +49 700 6245 0000                          Bundesstrasse 29
>>> Fax    : +49 721 1513 52322                          D-20146 Hamburg
>>> --------------------------------------------------------------------
>>>     >> Mail at ease - Rent a kolab groupware server at p at rdus <<
>>> --------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> Kolab-devel mailing list
>>> Kolab-devel at kolab.org
>>> https://kolab.org/mailman/listinfo/kolab-devel
>>>
>>
>>
>>
>> --
>> ______ http://kdab.com _______________ http://kolab-konsortium.com _
>>
>> p at rdus Kolab work is funded in part by KDAB and the Kolab Konsortium
>>
>> ____ http://www.pardus.de _________________ http://gunnarwrobel.de _
>> E-mail : p at rdus.de                                 Dr. Gunnar Wrobel
>> Tel.   : +49 700 6245 0000                          Bundesstrasse 29
>> Fax    : +49 721 1513 52322                          D-20146 Hamburg
>> --------------------------------------------------------------------
>>     >> Mail at ease - Rent a kolab groupware server at p at rdus <<
>> --------------------------------------------------------------------
>>
>> _______________________________________________
>> Kolab-devel mailing list
>> Kolab-devel at kolab.org
>> https://kolab.org/mailman/listinfo/kolab-devel
>>
>
>
>
> --
> ____ http://www.pardus.de _________________ http://gunnarwrobel.de _
>
> E-mail : p at rdus.de                                 Dr. Gunnar Wrobel
> Tel.   : +49 700 6245 0000                         Bundesstrasse 29
> Fax    : +49 721 1513 52322                        D-20146 Hamburg
> --------------------------------------------------------------------
>     >> Mail at ease - Rent a kolab groupware server at p at rdus <<
> --------------------------------------------------------------------
>
>
> _______________________________________________
> Kolab-devel mailing list
> Kolab-devel at kolab.org
> https://kolab.org/mailman/listinfo/kolab-devel
>
> _______________________________________________
> Kolab-devel mailing list
> Kolab-devel at kolab.org
> https://kolab.org/mailman/listinfo/kolab-devel
>



-- 
______ http://kdab.com _______________ http://kolab-konsortium.com _

p at rdus Kolab work is funded in part by KDAB and the Kolab Konsortium

____ http://www.pardus.de _________________ http://gunnarwrobel.de _
E-mail : p at rdus.de                                 Dr. Gunnar Wrobel
Tel.   : +49 700 6245 0000                          Bundesstrasse 29
Fax    : +49 721 1513 52322                          D-20146 Hamburg
--------------------------------------------------------------------
    >> Mail at ease - Rent a kolab groupware server at p at rdus <<
--------------------------------------------------------------------

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digitale PGP-Unterschrift
URL: <http://lists.kolab.org/pipermail/devel/attachments/20100225/7730bd3c/attachment.sig>


More information about the devel mailing list