I can't edit nor delete entry

[ondrejneufinger]

Hello,

when i click on edit error shows me:

Unable to load LDAP entry: cn=test Remove,ou=Robots,o=Zajezdy LDAP error, server says: Success

LDAP server is build on openDJ and have error like: [20/bře/2024:10:26:21 +0100] category=CORE severity=ERROR msgID=108 msg=Worker Thread 7 encountered an uncaught exception while processing operation SearchOperation(connID=740035, opID=1, baseDN=cn=test Remove,ou=Robots,o=Zajezdy, scope=base, filter=(objectClass=*)): StackOverflowError (HashMap.java:625 HashMap.java:608 HashSet.java:220 DynamicGroup.java:229 Group.java:321 IsMemberOfVirtualAttributeProvider.java:72 VirtualAttributeProvider.java:201 VirtualAttribute.java:95 SearchFilter.java:2607 SearchFilter.java:2196 SearchFilter.java:2394 SearchFilter.java:2190 SearchFilter.java:2143 LDAPURL.java:1209 DynamicGroup.java:236 Group.java:321 IsMemberOfVirtualAttributeProvider.java:72 VirtualAttributeProvider.java:201 VirtualAttribute.java:95 SearchFilter.java:2607 SearchFilter.java:2196 ...)

The same is when I click delete. This not going too.

But when I want to add entry it is possible.

Any advice to solution would be appreciated.

Thanks for your help.

[gruberroland]

Seems like something is triggering an exception inside OpenDJ. It could be caused by some of LAM's queries that use an LDAP filter without parenthesis. You can try to apply the following changes on your local installation (lib/account.inc and lib/modules.inc). The files can be found in /usr/share/ldap-account-manager.

Changes: https://github.com/LDAPAccountManager/lam/commit/992f67718acaa880c7bf2afb722e1fb75bd55282

[ondrejneufinger]

if i change only these two files account and modules, the result is the same.

But It should be parenthes around baseDN? Becouse there is (from opendj log) baseDN=cn=test Remove,ou=Robots,o=Zajezdy. If user "test Remove" or whitespace do the issue. No, it isn' problem. I create another user without whitespace in cn and exception raised.

[gruberroland]

In this case I would suggest to check with the OpenDJ team. As a stack trace is logged there is some issue on server side. I was hoping this is solved with the filter but there seems to be a different problem.

[ondrejneufinger]

OK, thank you

[ondrejneufinger]

Hello @gruberroland ,

I'm sorry for disrupting, but in phpldapadmin were error in param $attr where in function is (...,...,...,$attr=array('*','+'),..) after I changed it to (...,...,...,$attr=array('*'),..) it starts to work. Is there possibility that if I changed here something similar, it starts to work too?

Thank you

[gruberroland]

The "+" is a standard method to read operational attributes (https://www.rfc-editor.org/rfc/rfc3673). Some of LAM's modules require this to work.

[ondrejneufinger]

I edited modules.inc and changed $searchattrs=('*','+') to $searchattrs=('*') and now it works. It's the OpenDJ 4.4 who is doing this error (maybe it should be change). When I have actual OpenLDAP server is everything OK :-) And I hope, that I will not need any module, where I have to solve problems with that. Hope, that we will migrate to new LDAP server sooner :-)

Thank you.

[gruberroland]

Ok, will close this then. Maybe your version is buggy. At least, other users with OpenDJ did not report such issues yet.