search

389ds / 389-ds-base

The enterprise-class Open Source LDAP server for Linux
https://www.port389.org/
Other
211 stars 91 forks source link

Duplicate collation entries #1995

Closed 389-ds-bot closed 4 years ago

389-ds-bot commented 4 years ago

Cloned from Pagure issue: https://pagure.io/389-ds-base/issue/48936

Description of problem:

Desktop LDAP clients have trouble accessing FreeIPA via LDAP.
GQ crashes when accessing objects. Can display object hierarchy and schema but
fails as soon as it accesses and object (leaf).
Luma can access and display objects but reports many errors:
ERROR: [base.backend.ObjectClassAttributeInfo/MainThread]: Could not fetch LDAP
schema from server. Reason:
NAME not unique for ( 2.16.840.1.113730.3.3.2.211.1 NAME
'caseIgnoreOrderingMatch-sk' DESC 'sk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

Version-Release number of selected component (if applicable):

freeipa-admintools-4.3.1-1.fc24.noarch
freeipa-common-4.3.1-1.fc24.noarch
freeipa-server-common-4.3.1-1.fc24.noarch
freeipa-client-common-4.3.1-1.fc24.noarch
freeipa-client-4.3.1-1.fc24.x86_64
freeipa-server-4.3.1-1.fc24.x86_64
389-ds-base-libs-1.3.5.10-1.fc24.x86_64
389-ds-base-1.3.5.10-1.fc24.x86_64

How reproducible:

Always.

Steps to Reproduce:
1. Install freeipa and create instance.
2. Access the LDAP service using a desktop client.

Actual results:

See above.

Expected results:

Should work.

Additional info:

My FreeIPA instance started life some time ago and has been upgraded a number
of times so I tried a new VM installation and it has exactly the same issue.
That implies that it is not an upgrade issue.

Since GQ can see the schema tree I used that. It shows some duplicate entries
under {server}/matchingRules:

Name                            OID
...
caseIgnoreOrderingMatch-sk      2.16.840.1.113730.3.3.2.42.1
caseIgnoreOrderingMatch-sk      2.16.840.1.113730.3.3.2.211.1
caseIgnoreOrderingMatch-sl      2.16.840.1.113730.3.3.2.43.1
caseIgnoreOrderingMatch-sl      2.16.840.1.113730.3.3.2.212.1
caseIgnoreOrderingMatch-sq      2.16.840.1.113730.3.3.2.44.1
caseIgnoreOrderingMatch-sq      2.16.840.1.113730.3.3.2.213.1
...

It looks like these languages are being added twice.
All other entries are unique (I think).

Just guessing but the probable cause is:
https://git.fedorahosted.org/cgit/389/ds.git/tree/ldap/schema/slapd-collations.
conf#n58
https://git.fedorahosted.org/cgit/389/ds.git/tree/ldap/schema/slapd-collations.
conf#n59
https://git.fedorahosted.org/cgit/389/ds.git/tree/ldap/schema/slapd-collations.
conf#n61
then:
https://git.fedorahosted.org/cgit/389/ds.git/tree/ldap/schema/slapd-collations.
conf#n227
https://git.fedorahosted.org/cgit/389/ds.git/tree/ldap/schema/slapd-collations.
conf#n228
https://git.fedorahosted.org/cgit/389/ds.git/tree/ldap/schema/slapd-collations.
conf#n229

I think the second batch of entries is for sub-languages but they also appear
to add the main language too which is defined in the first batch.

Commit?
https://git.fedorahosted.org/cgit/389/ds.git/commit/ldap/schema/slapd-collation
s.conf?id=e0c78d5b87d4d798a936eba9c90f5db5347bcb3c
389-ds-bot commented 4 years ago

Comment from nhosoi (@nhosoi) at 2016-07-29 01:52:42

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1361321

389-ds-bot commented 4 years ago

Comment from rmeggins (@richm) at 2016-07-29 02:23:19

192     collation id "" "" 1 3  2.16.840.1.113730.3.3.2.176.1   id-ID 
193     collation id ID "" 1 3  2.16.840.1.113730.3.3.2.177.1   ig-NG 
    192 collation id "" "" 1 3  2.16.840.1.113730.3.3.2.176.1   id      id-ID 
    193 collation id NG "" 1 3  2.16.840.1.113730.3.3.2.177.1   ig-NG

I know it's ig in the old version too, but why the change from id to ig? That looks wrong to me.

389-ds-bot commented 4 years ago

Comment from nhosoi (@nhosoi) at 2016-07-29 11:25:21

Replying to [comment:4 richm]:

193 collation id NG "" 1 3 2.16.840.1.113730.3.3.2.177.1 ig-NG

Thank you, Rich. This is absolutely wrong. ig-NG is Igbo - Nigeria.

A new patch is being attached.

389-ds-bot commented 4 years ago

Comment from nhosoi (@nhosoi) at 2016-07-29 11:27:40

git patch file (master) -- revised based upon the comment by Rich (Thanks!) 0001-Ticket-48936-Duplicate-collation-entries.patch

389-ds-bot commented 4 years ago

Comment from rmeggins (@richm) at 2016-07-29 20:00:43

https://fedorahosted.org/389/attachment/ticket/48936/0001-Ticket-48936-Duplicate-collation-entries.patch has ig in it - did you post a new patch?

389-ds-bot commented 4 years ago

Comment from nhosoi (@nhosoi) at 2016-07-29 22:34:14

Replying to [comment:6 richm]:

https://fedorahosted.org/389/attachment/ticket/48936/0001-Ticket-48936-Duplicate-collation-entries.patch has ig in it - did you post a new patch? Yes, this patch is the latest one.

The diff for ig-NG is this pair of lines.

-collation id ID "" 1 3 2.16.840.1.113730.3.3.2.177.1   ig-NG
+collation ig "" "" 1 3 2.16.840.1.113730.3.3.2.177.1   ig      ig-NG

"ig-NG" is Igbo - Nigeria, which is supposed to be in the table with the language code ig, I think.

389-ds-bot commented 4 years ago

Comment from rmeggins (@richm) at 2016-07-29 22:47:36

Ok, I see.

389-ds-bot commented 4 years ago

Comment from nhosoi (@nhosoi) at 2016-07-29 22:57:35

Reviewed by Rich (Thank you!!)

Pushed to master: 6d472e4..3e3dff8 master -> master commit 3e3dff89c29afdf52a32e4d44f01bddedd60bcd3

389-ds-bot commented 4 years ago

Comment from nhosoi (@nhosoi) at 2017-02-11 23:11:47

Metadata Update from @nhosoi: