|
|
bc0d6c |
From 3796e26e93991ded631ac57053049e9aad44c53b Mon Sep 17 00:00:00 2001
|
|
|
bc0d6c |
From: Thierry Bordaz <tbordaz@redhat.com>
|
|
|
bc0d6c |
Date: Wed, 10 Oct 2018 15:35:12 +0200
|
|
|
bc0d6c |
Subject: [PATCH] Ticket 49968 - Confusing CRITICAL message: list_candidates -
|
|
|
bc0d6c |
NULL idl was recieved from filter_candidates_ext
|
|
|
bc0d6c |
|
|
|
bc0d6c |
Bug Description:
|
|
|
bc0d6c |
When a filter component is indexed but returns an empty IDL
|
|
|
bc0d6c |
an alarming message is logged although it is normal.
|
|
|
bc0d6c |
|
|
|
bc0d6c |
Fix Description:
|
|
|
bc0d6c |
Remove the alarming message
|
|
|
bc0d6c |
|
|
|
bc0d6c |
https://pagure.io/389-ds-base/issue/49968
|
|
|
bc0d6c |
|
|
|
bc0d6c |
Reviewed by: Mark Reynolds
|
|
|
bc0d6c |
|
|
|
bc0d6c |
Platforms tested: F27 + testcase
|
|
|
bc0d6c |
|
|
|
bc0d6c |
Flag Day: no
|
|
|
bc0d6c |
|
|
|
bc0d6c |
Doc impact: no
|
|
|
bc0d6c |
---
|
|
|
bc0d6c |
dirsrvtests/tests/suites/basic/basic_test.py | 202 +++++++++++++++++++
|
|
|
bc0d6c |
ldap/servers/slapd/back-ldbm/filterindex.c | 10 +-
|
|
|
bc0d6c |
2 files changed, 204 insertions(+), 8 deletions(-)
|
|
|
bc0d6c |
|
|
|
bc0d6c |
diff --git a/dirsrvtests/tests/suites/basic/basic_test.py b/dirsrvtests/tests/suites/basic/basic_test.py
|
|
|
bc0d6c |
index 45988dc7a..dc366cd67 100644
|
|
|
bc0d6c |
--- a/dirsrvtests/tests/suites/basic/basic_test.py
|
|
|
bc0d6c |
+++ b/dirsrvtests/tests/suites/basic/basic_test.py
|
|
|
bc0d6c |
@@ -868,6 +868,208 @@ adds nsslapd-return-default-opattr attr with value of one operation attribute.
|
|
|
bc0d6c |
log.fatal('Search failed, error: ' + e.message['desc'])
|
|
|
bc0d6c |
assert False
|
|
|
bc0d6c |
|
|
|
bc0d6c |
+
|
|
|
bc0d6c |
+@pytest.fixture(scope="module")
|
|
|
bc0d6c |
+def create_users(topology_st):
|
|
|
bc0d6c |
+ """Add users to the default suffix
|
|
|
bc0d6c |
+ """
|
|
|
bc0d6c |
+
|
|
|
bc0d6c |
+ users = UserAccounts(topology_st.standalone, DEFAULT_SUFFIX)
|
|
|
bc0d6c |
+ user_names = ["Directory", "Server", "389", "lib389", "pytest"]
|
|
|
bc0d6c |
+
|
|
|
bc0d6c |
+ log.info('Adding 5 test users')
|
|
|
bc0d6c |
+ for name in user_names:
|
|
|
bc0d6c |
+ user = users.create(properties={
|
|
|
bc0d6c |
+ 'uid': name,
|
|
|
bc0d6c |
+ 'sn': name,
|
|
|
bc0d6c |
+ 'cn': name,
|
|
|
bc0d6c |
+ 'uidNumber': '1000',
|
|
|
bc0d6c |
+ 'gidNumber': '1000',
|
|
|
bc0d6c |
+ 'homeDirectory': '/home/%s' % name,
|
|
|
bc0d6c |
+ 'mail': '%s@example.com' % name,
|
|
|
bc0d6c |
+ 'userpassword': 'pass%s' % name,
|
|
|
bc0d6c |
+ })
|
|
|
bc0d6c |
+
|
|
|
bc0d6c |
+
|
|
|
bc0d6c |
+def test_basic_anonymous_search(topology_st, create_users):
|
|
|
bc0d6c |
+ """Tests basic anonymous search operations
|
|
|
bc0d6c |
+
|
|
|
bc0d6c |
+ :id: c7831e04-f458-4e50-83c7-b6f77109f639
|
|
|
bc0d6c |
+ :setup: Standalone instance
|
|
|
bc0d6c |
+ Add 5 test users with different user names
|
|
|
bc0d6c |
+ :steps:
|
|
|
bc0d6c |
+ 1. Execute anonymous search with different filters
|
|
|
bc0d6c |
+ :expectedresults:
|
|
|
bc0d6c |
+ 1. Search should be successful
|
|
|
bc0d6c |
+ """
|
|
|
bc0d6c |
+
|
|
|
bc0d6c |
+ filters = ["uid=Directory", "(|(uid=S*)(uid=3*))", "(&(uid=l*)(mail=l*))", "(&(!(uid=D*))(ou=People))"]
|
|
|
bc0d6c |
+ log.info("Execute anonymous search with different filters")
|
|
|
bc0d6c |
+ for filtr in filters:
|
|
|
bc0d6c |
+ entries = topology_st.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, filtr)
|
|
|
bc0d6c |
+ assert len(entries) != 0
|
|
|
bc0d6c |
+
|
|
|
bc0d6c |
+
|
|
|
bc0d6c |
+@pytest.mark.ds604
|
|
|
bc0d6c |
+@pytest.mark.bz915801
|
|
|
bc0d6c |
+def test_search_original_type(topology_st, create_users):
|
|
|
bc0d6c |
+ """Test ldapsearch returning original attributes
|
|
|
bc0d6c |
+ using nsslapd-search-return-original-type-switch
|
|
|
bc0d6c |
+
|
|
|
bc0d6c |
+ :id: d7831d04-f558-4e50-93c7-b6f77109f640
|
|
|
bc0d6c |
+ :setup: Standalone instance
|
|
|
bc0d6c |
+ Add some test entries
|
|
|
bc0d6c |
+ :steps:
|
|
|
bc0d6c |
+ 1. Set nsslapd-search-return-original-type-switch to ON
|
|
|
bc0d6c |
+ 2. Check that ldapsearch *does* return unknown attributes
|
|
|
bc0d6c |
+ 3. Turn off nsslapd-search-return-original-type-switch
|
|
|
bc0d6c |
+ 4. Check that ldapsearch doesn't return any unknown attributes
|
|
|
bc0d6c |
+ :expectedresults:
|
|
|
bc0d6c |
+ 1. nsslapd-search-return-original-type-switch should be set to ON
|
|
|
bc0d6c |
+ 2. ldapsearch should return unknown attributes
|
|
|
bc0d6c |
+ 3. nsslapd-search-return-original-type-switch should be OFF
|
|
|
bc0d6c |
+ 4. ldapsearch should not return any unknown attributes
|
|
|
bc0d6c |
+ """
|
|
|
bc0d6c |
+
|
|
|
bc0d6c |
+ log.info("Set nsslapd-search-return-original-type-switch to ON")
|
|
|
bc0d6c |
+ topology_st.standalone.config.set('nsslapd-search-return-original-type-switch', 'on')
|
|
|
bc0d6c |
+
|
|
|
bc0d6c |
+ log.info("Check that ldapsearch *does* return unknown attributes")
|
|
|
bc0d6c |
+ entries = topology_st.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, 'uid=Directory',
|
|
|
bc0d6c |
+ ['objectclass overflow', 'unknown'])
|
|
|
bc0d6c |
+ assert "objectclass overflow" in entries[0].getAttrs()
|
|
|
bc0d6c |
+
|
|
|
bc0d6c |
+ log.info("Set nsslapd-search-return-original-type-switch to Off")
|
|
|
bc0d6c |
+ topology_st.standalone.config.set('nsslapd-search-return-original-type-switch', 'off')
|
|
|
bc0d6c |
+ log.info("Check that ldapsearch *does not* return unknown attributes")
|
|
|
bc0d6c |
+ entries = topology_st.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, 'uid=Directory',
|
|
|
bc0d6c |
+ ['objectclass overflow', 'unknown'])
|
|
|
bc0d6c |
+ assert "objectclass overflow" not in entries[0].getAttrs()
|
|
|
bc0d6c |
+
|
|
|
bc0d6c |
+
|
|
|
bc0d6c |
+@pytest.mark.bz192901
|
|
|
bc0d6c |
+def test_search_ou(topology_st):
|
|
|
bc0d6c |
+ """Test that DS should not return an entry that does not match the filter
|
|
|
bc0d6c |
+
|
|
|
bc0d6c |
+ :id: d7831d05-f117-4e89-93c7-b6f77109f640
|
|
|
bc0d6c |
+ :setup: Standalone instance
|
|
|
bc0d6c |
+ :steps:
|
|
|
bc0d6c |
+ 1. Create an OU entry without sub entries
|
|
|
bc0d6c |
+ 2. Search from the OU with the filter that does not match the OU
|
|
|
bc0d6c |
+ :expectedresults:
|
|
|
bc0d6c |
+ 1. Creation of OU should be successful
|
|
|
bc0d6c |
+ 2. Search should not return any results
|
|
|
bc0d6c |
+ """
|
|
|
bc0d6c |
+
|
|
|
bc0d6c |
+ log.info("Create a test OU without sub entries")
|
|
|
bc0d6c |
+ ou = OrganizationalUnits(topology_st.standalone, DEFAULT_SUFFIX)
|
|
|
bc0d6c |
+ ou.create(properties={
|
|
|
bc0d6c |
+ 'ou': 'test_ou',
|
|
|
bc0d6c |
+ })
|
|
|
bc0d6c |
+
|
|
|
bc0d6c |
+ search_base = ("ou=test_ou,%s" % DEFAULT_SUFFIX)
|
|
|
bc0d6c |
+ log.info("Search from the OU with the filter that does not match the OU, it should not return anything")
|
|
|
bc0d6c |
+ entries = topology_st.standalone.search_s(search_base, ldap.SCOPE_SUBTREE, 'uid=*', ['dn'])
|
|
|
bc0d6c |
+ assert len(entries) == 0
|
|
|
bc0d6c |
+
|
|
|
bc0d6c |
+
|
|
|
bc0d6c |
+@pytest.mark.bz1044135
|
|
|
bc0d6c |
+@pytest.mark.ds47319
|
|
|
bc0d6c |
+def test_connection_buffer_size(topology_st):
|
|
|
bc0d6c |
+ """Test connection buffer size adjustable with different values(valid values and invalid)
|
|
|
bc0d6c |
+
|
|
|
bc0d6c |
+ :id: e7831d05-f117-4ec9-1203-b6f77109f117
|
|
|
bc0d6c |
+ :setup: Standalone instance
|
|
|
bc0d6c |
+ :steps:
|
|
|
bc0d6c |
+ 1. Set nsslapd-connection-buffer to some valid values (2, 0 , 1)
|
|
|
bc0d6c |
+ 2. Set nsslapd-connection-buffer to some invalid values (-1, a)
|
|
|
bc0d6c |
+ :expectedresults:
|
|
|
bc0d6c |
+ 1. This should pass
|
|
|
bc0d6c |
+ 2. This should fail
|
|
|
bc0d6c |
+ """
|
|
|
bc0d6c |
+
|
|
|
bc0d6c |
+ valid_values = ['2', '0', '1']
|
|
|
bc0d6c |
+ for value in valid_values:
|
|
|
bc0d6c |
+ topology_st.standalone.config.replace('nsslapd-connection-buffer', value)
|
|
|
bc0d6c |
+
|
|
|
bc0d6c |
+ invalid_values = ['-1', 'a']
|
|
|
bc0d6c |
+ for value in invalid_values:
|
|
|
bc0d6c |
+ with pytest.raises(ldap.OPERATIONS_ERROR):
|
|
|
bc0d6c |
+ topology_st.standalone.config.replace('nsslapd-connection-buffer', value)
|
|
|
bc0d6c |
+
|
|
|
bc0d6c |
+@pytest.mark.bz1637439
|
|
|
bc0d6c |
+def test_critical_msg_on_empty_range_idl(topology_st):
|
|
|
bc0d6c |
+ """Doing a range index lookup should not report a critical message even if IDL is empty
|
|
|
bc0d6c |
+
|
|
|
bc0d6c |
+ :id: a07a2222-0551-44a6-b113-401d23799364
|
|
|
bc0d6c |
+ :setup: Standalone instance
|
|
|
bc0d6c |
+ :steps:
|
|
|
bc0d6c |
+ 1. Create an index for internationalISDNNumber. (attribute chosen because it is
|
|
|
bc0d6c |
+ unlikely that previous tests used it)
|
|
|
bc0d6c |
+ 2. telephoneNumber being indexed by default create 20 users without telephoneNumber
|
|
|
bc0d6c |
+ 3. add a telephoneNumber value and delete it to trigger an empty index database
|
|
|
bc0d6c |
+ 4. Do a search that triggers a range lookup on empty telephoneNumber
|
|
|
bc0d6c |
+ 5. Check that the critical message is not logged in error logs
|
|
|
bc0d6c |
+ :expectedresults:
|
|
|
bc0d6c |
+ 1. This should pass
|
|
|
bc0d6c |
+ 2. This should pass
|
|
|
bc0d6c |
+ 3. This should pass
|
|
|
bc0d6c |
+ 4. This should pass on normal build but could abort a debug build
|
|
|
bc0d6c |
+ 4. This should pass
|
|
|
bc0d6c |
+ """
|
|
|
bc0d6c |
+ indexedAttr = 'internationalISDNNumber'
|
|
|
bc0d6c |
+
|
|
|
bc0d6c |
+ # Step 1
|
|
|
bc0d6c |
+ from lib389.index import Indexes
|
|
|
bc0d6c |
+
|
|
|
bc0d6c |
+ indexes = Indexes(topology_st.standalone)
|
|
|
bc0d6c |
+ indexes.create(properties={
|
|
|
bc0d6c |
+ 'cn': indexedAttr,
|
|
|
bc0d6c |
+ 'nsSystemIndex': 'false',
|
|
|
bc0d6c |
+ 'nsIndexType': 'eq'
|
|
|
bc0d6c |
+ })
|
|
|
bc0d6c |
+ topology_st.standalone.restart()
|
|
|
bc0d6c |
+
|
|
|
bc0d6c |
+ # Step 2
|
|
|
bc0d6c |
+ users = UserAccounts(topology_st.standalone, DEFAULT_SUFFIX)
|
|
|
bc0d6c |
+ log.info('Adding 20 users without "%s"' % indexedAttr)
|
|
|
bc0d6c |
+ for i in range(20):
|
|
|
bc0d6c |
+ name = 'user_%d' % i
|
|
|
bc0d6c |
+ last_user = users.create(properties={
|
|
|
bc0d6c |
+ 'uid': name,
|
|
|
bc0d6c |
+ 'sn': name,
|
|
|
bc0d6c |
+ 'cn': name,
|
|
|
bc0d6c |
+ 'uidNumber': '1000',
|
|
|
bc0d6c |
+ 'gidNumber': '1000',
|
|
|
bc0d6c |
+ 'homeDirectory': '/home/%s' % name,
|
|
|
bc0d6c |
+ 'mail': '%s@example.com' % name,
|
|
|
bc0d6c |
+ 'userpassword': 'pass%s' % name,
|
|
|
bc0d6c |
+ })
|
|
|
bc0d6c |
+
|
|
|
bc0d6c |
+ # Step 3
|
|
|
bc0d6c |
+ # required update to create the indexAttr (i.e. 'loginShell') database, and then make it empty
|
|
|
bc0d6c |
+ topology_st.standalone.modify_s(last_user.dn, [(ldap.MOD_ADD, indexedAttr, b'1234')])
|
|
|
bc0d6c |
+ ent = topology_st.standalone.getEntry(last_user.dn, ldap.SCOPE_BASE,)
|
|
|
bc0d6c |
+ assert ent
|
|
|
bc0d6c |
+ assert ent.hasAttr(indexedAttr)
|
|
|
bc0d6c |
+ topology_st.standalone.modify_s(last_user.dn, [(ldap.MOD_DELETE, indexedAttr, None)])
|
|
|
bc0d6c |
+ ent = topology_st.standalone.getEntry(last_user.dn, ldap.SCOPE_BASE,)
|
|
|
bc0d6c |
+ assert ent
|
|
|
bc0d6c |
+ assert not ent.hasAttr(indexedAttr)
|
|
|
bc0d6c |
+
|
|
|
bc0d6c |
+ # Step 4
|
|
|
bc0d6c |
+ # The first component being not indexed the range on second is evaluated
|
|
|
bc0d6c |
+ try:
|
|
|
bc0d6c |
+ ents = topology_st.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, '(&(sudoNotAfter=*)(%s>=111))' % indexedAttr)
|
|
|
bc0d6c |
+ assert len(ents) == 0
|
|
|
bc0d6c |
+ except ldap.SERVER_DOWN:
|
|
|
bc0d6c |
+ log.error('Likely testing against a debug version that asserted')
|
|
|
bc0d6c |
+ pass
|
|
|
bc0d6c |
+
|
|
|
bc0d6c |
+ # Step 5
|
|
|
bc0d6c |
+ assert not topology_st.standalone.searchErrorsLog('CRIT - list_candidates - NULL idl was recieved from filter_candidates_ext.')
|
|
|
bc0d6c |
+
|
|
|
bc0d6c |
+
|
|
|
bc0d6c |
if __name__ == '__main__':
|
|
|
bc0d6c |
# Run isolated
|
|
|
bc0d6c |
# -s for DEBUG mode
|
|
|
bc0d6c |
diff --git a/ldap/servers/slapd/back-ldbm/filterindex.c b/ldap/servers/slapd/back-ldbm/filterindex.c
|
|
|
bc0d6c |
index 6d36ba33e..3ef04f884 100644
|
|
|
bc0d6c |
--- a/ldap/servers/slapd/back-ldbm/filterindex.c
|
|
|
bc0d6c |
+++ b/ldap/servers/slapd/back-ldbm/filterindex.c
|
|
|
bc0d6c |
@@ -803,16 +803,10 @@ list_candidates(
|
|
|
bc0d6c |
}
|
|
|
bc0d6c |
|
|
|
bc0d6c |
/*
|
|
|
bc0d6c |
- * Assert we recieved a valid idl. If it was NULL, it means somewhere we failed
|
|
|
bc0d6c |
- * during the dblayer interactions.
|
|
|
bc0d6c |
- *
|
|
|
bc0d6c |
- * idl_set requires a valid idl structure to generate the linked list of
|
|
|
bc0d6c |
- * idls that we insert.
|
|
|
bc0d6c |
+ * The IDL for that component is NULL, so no candidate retrieved from that component. This is all normal
|
|
|
bc0d6c |
+ * Just build a idl with an empty set
|
|
|
bc0d6c |
*/
|
|
|
bc0d6c |
if (tmp == NULL) {
|
|
|
bc0d6c |
- slapi_log_err(SLAPI_LOG_CRIT, "list_candidates", "NULL idl was recieved from filter_candidates_ext.");
|
|
|
bc0d6c |
- slapi_log_err(SLAPI_LOG_CRIT, "list_candidates", "Falling back to empty IDL set. This may affect your search results.");
|
|
|
bc0d6c |
- PR_ASSERT(tmp);
|
|
|
bc0d6c |
tmp = idl_alloc(0);
|
|
|
bc0d6c |
}
|
|
|
bc0d6c |
|
|
|
bc0d6c |
--
|
|
|
bc0d6c |
2.17.2
|
|
|
bc0d6c |
|