check data validity for importdatatemplate action

[artlog]

due to a typo in slapd-cli.conf i had no DATA_ADMIN_XXX_MAIL corresponding to other DATA_ADMIN_XXX_YYY values.

When launching slapd-cli importdatatemplate

Admin is not created and full provisionning fails short since $MEMBER was not set.

A simple warning that some values (here mail) are missing could save some time here.

As seen in following (redacted) trace , there is no WARN or ERROR before ALERT.

root@extpiserver:/usr/local/openldap/etc/openldap# slapd-cli importdatatemplate 
slapd-cli: [INFO] Using /usr/local/openldap/etc/openldap/slapd-cli.conf for configuration
slapd-cli: [INFO] Launching OpenLDAP database backup...
slapd-cli: [INFO] No data in /usr/local/openldap/var/openldap-data, don't do any backup
slapd-cli: [INFO] Halting OpenLDAP...
slapd-cli: [INFO] Can't read PID file, to stop OpenLDAP try: /usr/local/openldap/sbin/slapd-cli forcestop
slapd-cli: [INFO] Import test data...
slapd-cli: [INFO] Using /usr/local/openldap/etc/openldap/data-template-2.6.ldif as template
slapd-cli: [INFO] Adding organization Famille
slapd-cli: [INFO] Adding user ZZZZZZ: uid=zZZZZZ, gn=ZZZZZZ, sn=ZZZZZZZ, mail=ZZZZ@ZZZZZZZZZZZZZ, pass={ARGON2}$argon2id$v=19$m=65536,t=2,p=1$ZZZZZZZZZZZZZZZZZZZZZZZZZZZ
slapd-cli: [INFO] Using suffix dc=ZZZZZZ,dc=ZZZZZZZZ
slapd-cli: [INFO] Adding service account service
slapd-cli: [INFO] Delete data in /usr/local/openldap/var/openldap-data associated to suffix dc=artisanlogiciel,dc=net
slapd-cli: [INFO] Importing data from /usr/local/openldap/etc/openldap/data-template-2.6-filled.ldif
Entry (cn=adminn,ou=groups,ou=Famille,dc=ZZZZZZZZ,dc=ZZZZZ): object class 'groupOfNames' requires attribute 'member'
slapadd: dn="cn=admin,ou=groups,ou=Famille,dc=ZZZZZZZZ,dc=ZZZZZ" (line=125): (65) object class 'groupOfNames' requires attribute 'member'
Closing DB...
slapd-cli: [ALERT] OpenLDAP database restore failed for ZZZZZZ.ZZZZZZ

( moved from https://github.com/ltb-project/openldap-deb/issues/97 )

[davidcoutadeur]

Hello @artlog

Data templates are mostly used for testing things, so the aim of importdatatemplate feature is to ease the deployment of users. In any other cases, administrators have specific schema and data, and the importdatatemplate is not relevant anymore.

So IMO, the feature must stay as simple and light as possible.

Thus I think that the error slapadd: dn="cn=admin,ou=groups,ou=Famille,dc=ZZZZZZZZ,dc=ZZZZZ" (line=125): (65) object class 'groupOfNames' requires attribute 'member' is clear enough to incriminate the typo.

If you think you can add a more precise warning with a simple check (1-5 lines of code maximum), it can be interesting.

The PR you proposed (https://github.com/ltb-project/slapd-cli/pull/51) is a 14-files modification, which seem overkill to me.

[artlog]

@davidcoutadeur Actual fix is far smaller and change only one file. I did provide my tests to validate the fix right away. Additional files are mostly for non regression tests. Of course additional code modularization part was done to test it without having to deploy a real slapd. I could open other tickets to split this :

• non regression test
• play non regression test on lighter setup.
• be able to get help without requiring to have correct configuration setup.

[artlog]

I will split this.

[artlog]

Here expected outcome :

When commenting those lines

#DATA_ADMIN_DJACKSON_GN="Daniel
#DATA_USER_JONEILL_MAIL="jack.oneill@my-example.com"

you get this

slapd-cli: [WARNING] for DJACKSON some values are missing ( DATA_ADMIN_DJACKSON_GN ) preventing admin to be created
slapd-cli: [INFO] Adding organization SG1
slapd-cli: [WARNING] Can't create dn: cn=admin,ou=groups,ou=SG1,dc=my-domain,dc=com since there is no member to add in
slapd-cli: [INFO] Adding organization SG2
slapd-cli: [WARNING] Can't create dn: cn=admin,ou=groups,ou=SG2,dc=my-domain,dc=com since there is no member to add in
slapd-cli: [WARNING] for JONEILL some values are missing ( DATA_USER_JONEILL_MAIL ) preventing user to be created
slapd-cli: [INFO] Adding user SCARTER: uid=samantha.carter, gn=Samantha, sn=Carter, mail=samantha.carter@my-example.com, pass=hashed_password
slapd-cli: [INFO] Adding user TEALC: uid=tealc, gn=TealC, sn=Jaffa, mail=tealc@my-example.com, pass=hashed_password

[davidcoutadeur]

Thanks @artlog : the fix has been merged with some modifications in 42a84b3

• use ATTR_SUFFIX rather than suffix (which has other signification in LDAP)
• add a missing end of line before the admin group:

  printf "\n%s" "
  dn: cn=admin,ou=groups,ou=${o},${DATA_SUFFIX}
  objectClass: groupOfNames
  objectClass: top
  cn: admin
  $MEMBER" >> ${DATA_FILE_PATH}

• rewrite the message log

Thanks again for your contribution!