Ryan Braun [ADS]
2008-Sep-24 21:05 UTC
[Fedora-directory-users] Need to escape space when adding referrals from scripts?
I have a perl script I''ve been working on to setup replication. The
replication works great for replication from master to master. But
I''ve been running into problems with dedicated consumers and their
referrals.
If I disable the add_replical_referral sub in my script, and let fds handle the
referrals on the fly it works (go figure :) ). But it doesn''t set it
up how I want so I need to customize it. It seems like when I set the referrals
manually via perl, the space in the url of the referal is causing the whole dn
of the update to get truncated as soon as it detects a space. Here is what I
mean.
The following snippets are from myself updating an object on the consumer and it
failing. All referrals have been created from my script. Not sure what the
nsdisablerole is doing...
On the dedicated consumer
[24/Sep/2008:19:58:50 +0000] conn=14 op=0 BIND dn="cn=Directory
Manager" method=128 version=3
[24/Sep/2008:19:58:51 +0000] conn=14 op=0 RESULT err=0 tag=97 nentries=0 etime=1
dn="cn=directory manager"
[24/Sep/2008:19:58:51 +0000] conn=14 op=1 SRCH base="uid=goodgut,ou=People,
dc=xxx,dc=ec,dc=gc,dc=ca" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry))"
attrs="nscpEntryDN nsICQStatusText nsAIMStatusText copiedFrom
passwordExpirationTime passwordAllowChangeTime nsICQStatusGraphic
hasSubordinates nsRole nsRoleDN aci modifyTimestamp passwordExpWarned
nsAccountLock nsAIMStatusGraphic nsds5ReplConflict nsIdleTimeout
pwdpolicysubentry nsLookThroughLimit nsSizeLimit entryid nsUniqueId
passwordRetryCount dncomp creatorsName nsSchemaCSN passwordGraceUserTime
nsYIMStatusGraphic nsTimeLimit entrydn copyingFrom subschemaSubentry
accountUnlockTime createTimestamp numSubordinates passwordHistory
retryCountResetTime parentid ldapSchemas ldapSyntaxes modifiersName
nsYIMStatusText nsBackendSuffix * aci"
[24/Sep/2008:19:58:51 +0000] conn=14 op=1 RESULT err=0 tag=101 nentries=1
etime=0
[24/Sep/2008:19:58:51 +0000] conn=14 op=2 SRCH base="" scope=0
filter="(objectClass=*)" attrs="nsslapd-suffix
nsBackendSuffix"
[24/Sep/2008:19:58:51 +0000] conn=14 op=2 RESULT err=0 tag=101 nentries=1
etime=0
[24/Sep/2008:19:58:51 +0000] conn=14 op=3 SRCH
base="cn=nsdisabledrole,dc=xxx,dc=ec,dc=gc,dc=ca" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="cn
userPassword nsRole nsRoleDN objectClass nsAccountLock"
[24/Sep/2008:19:58:51 +0000] conn=14 op=3 RESULT err=32 tag=101 nentries=0
etime=0
[24/Sep/2008:19:58:56 +0000] conn=14 op=4 MOD
dn="uid=goodgut,ou=People,dc=xxx,dc=ec,dc=gc,dc=ca"
[24/Sep/2008:19:58:56 +0000] conn=14 op=4 RESULT err=10 tag=103 nentries=0
etime=0
On the MMR server
[24/Sep/2008:19:58:57 +0000] conn=59 fd=70 slot=70 connection from x.x.x.x to
x.x.x.x
[24/Sep/2008:19:58:57 +0000] conn=59 op=0 BIND dn="cn=Directory
Manager" method=128 version=3
[24/Sep/2008:19:58:57 +0000] conn=59 op=0 RESULT err=0 tag=97 nentries=0 etime=0
dn="cn=directory manager"
[24/Sep/2008:19:58:57 +0000] conn=59 op=1 MOD
dn="uid=goodgut,ou=people,dc=xxx,"
[24/Sep/2008:19:58:57 +0000] conn=59 op=1 RESULT err=32 tag=103 nentries=0
etime=0
[24/Sep/2008:19:58:57 +0000] conn=59 op=2 UNBIND
[24/Sep/2008:19:58:57 +0000] conn=59 op=2 fd=70 closed - U1
You can see in the mod request, it''s not getting the whole DN, it
seems to truncate it at the first space it detects.
Here is the referral entries from the consumer
xxxsrvr4:/etc/dirsrv/slapd-xxxsrvr4# ldapsearch -x -h xxxsrvr4 -D
"cn=directory manager" -b "cn=config" -W
"objectclass=*"|grep dmns
Enter LDAP Password:
nsslapd-referral: ldap://xxxdmns0:389/dc=xxx, dc=ec, dc=gc, dc=ca
nsDS5ReplicaReferral: ldap://xxxdmns0:389/dc=xxx, dc=ec, dc=gc, dc=ca
If I blow away the rep agreement, and create it from the console, the
referrals work fine and look like so.
[24/Sep/2008:20:17:29 +0000] conn=60 fd=70 slot=70 connection from x.x.x.x to
x.x.x.x
[24/Sep/2008:20:17:29 +0000] conn=60 op=0 BIND dn="cn=Directory
Manager" method=128 version=3
[24/Sep/2008:20:17:29 +0000] conn=60 op=0 RESULT err=0 tag=97 nentries=0 etime=0
dn="cn=directory manager"
[24/Sep/2008:20:17:29 +0000] conn=60 op=1 MOD
dn="uid=goodgut,ou=People,dc=xxx,dc=ec,dc=gc,dc=ca"
[24/Sep/2008:20:17:29 +0000] conn=60 op=1 RESULT err=0 tag=103 nentries=0
etime=0 csn=48daa05a000000010000
[24/Sep/2008:20:17:29 +0000] conn=61 fd=71 slot=71 connection from x.x.x.x to
x.x.x.x
[24/Sep/2008:20:17:29 +0000] conn=61 op=0 BIND
dn="uid=RManager,cn=config" method=128 version=3
[24/Sep/2008:20:17:29 +0000] conn=61 op=0 RESULT err=0 tag=97 nentries=0 etime=0
dn="uid=rmanager,cn=config"
[24/Sep/2008:20:17:29 +0000] conn=61 op=1 SRCH base="" scope=0
filter="(objectClass=*)" attrs="supportedControl
supportedExtension"
[24/Sep/2008:20:17:29 +0000] conn=61 op=1 RESULT err=0 tag=101 nentries=1
etime=0
[24/Sep/2008:20:17:29 +0000] conn=61 op=2 SRCH base="" scope=0
filter="(objectClass=*)" attrs="supportedControl
supportedExtension"
[24/Sep/2008:20:17:29 +0000] conn=61 op=2 RESULT err=0 tag=101 nentries=1
etime=0
[24/Sep/2008:20:17:29 +0000] conn=61 op=3 EXT
oid="2.16.840.1.113730.3.5.3" name="Netscape Replication Start
Session"
[24/Sep/2008:20:17:29 +0000] conn=61 op=3 RESULT err=0 tag=120 nentries=0
etime=0
[24/Sep/2008:20:17:29 +0000] conn=61 op=4 EXT
oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End
Session"
[24/Sep/2008:20:17:29 +0000] conn=61 op=4 RESULT err=0 tag=120 nentries=0
etime=0
[24/Sep/2008:20:17:29 +0000] conn=60 op=2 UNBIND
But the referals look like they''ve been added with ascii codes in the
console.
xxxsrvr4:/etc/dirsrv/slapd-xxxsrvr4# ldapsearch -x -h xxxsrvr4 -D
"cn=directory manager" -b "cn=config" -W
"objectclass=*"|grep dmns
Enter LDAP Password:
nsslapd-referral: ldap://xxxdmns0.xxx.ec.gc.ca:389/dc%3Dxxx%2C%20dc%3Dec%2C%20
nsslapd-referral: ldap://xxxdmns1.xxx.ec.gc.ca:389/dc%3Dxxx%2C%20dc%3Dec%2C%20
xxxrvr4:/etc/dirsrv/slapd-xxxsrvr4#
So my question, is do I need to convert the spaces in my referral entries to
ascii codes before creating the referral entries?
Here is the sub I use for reference.
sub add_replica_referral
{
# adds referral to the multivalued attribute nsDS5ReplicaReferral in dn:
cn=replica,cn="$config{BASE_DN}",cn=mapping tree,cn=config
# should only need to add this to a read only consumer!!
# the first entry will be created automatically by the add_rep_object, this
will add more referrals
# TODO add check to make sure the replica object exists, otherwise it will
fail silently and throw and err=32 no such object
# in the servers log.
my ($server, $server_port, $referral, $referral_port, $bind_pw) = @_;
my ($ldap, $msg);
if ( ($ldap = conn_bind($server,$server_port,$passwd)) eq 0 ) {
print "\t*********** bind/connect failed to $server on port $server_port
***************\n";
return 0;
}
print "Adding referral on $server back to $referral\n";
# dn: cn=replica,cn="$config{BASE_DN}",cn=mapping tree,cn=config
# nsDS5ReplicaReferral: ldap://xxxx:389/dc=xxx,dc=ec,dc=gc,dc=ca
$msg =
$ldap->modify("cn=replica,cn=\"$config{BASE_DN}\",cn=mapping
tree,cn=config",
add => { ''nsDS5ReplicaReferral'' =>
"ldap://$referral:$referral_port/$config{BASE_DN}" });
if ($msg->code == LDAP_ALREADY_EXISTS)
{
print "\t -> already exists\n\n";
}
disconnect($ldap);
}
Ryan
Pierangelo Masarati
2008-Sep-25 04:59 UTC
Re: [Fedora-directory-users] Need to escape space when adding referrals from scripts?
Ryan Braun [ADS] wrote:> I have a perl script I''ve been working on to setup replication. The > replication works great for replication from master to master. But > I''ve been running into problems with dedicated consumers and their > referrals. > > If I disable the add_replical_referral sub in my script, and let fds > handle the referrals on the fly it works (go figure :) ). But it > doesn''t set it up how I want so I need to customize it. It seems > like when I set the referrals manually via perl, the space in the > url of the referal is causing the whole dn of the update to get > truncated as soon as it detects a space. Here is what I mean.The syntax of the "ref" attribute is labeledURI. This consists in a URI and an optional label, separated by a blank. The URI must have special chars, which include spaces, URL-escaped (e.g. spaces must be "%20"). p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------