Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-2222

OpenDJ: Server should not allow creation of a new backend with a sub-suffix when the entry exists in the parent suffix and backend

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 3.0.0, 2.6.3, 2.6.2, 2.6.1, 2.6.0
    • Fix Version/s: None
    • Component/s: core server, tools
    • Labels:
    • Support Ticket IDs:
    • Sprint:
      DJ Sustaining Sprint 10, DJ Sustaining Sprint 12, DJ Sustaining Sprint 13, DJ Sustaining Sprint 14, DJ Sustaining Sprint 15

      Description

      OpenDJ unknowingly allows an administrator, with limited knowledge of the current userRoot suffix structure, to add a new backend with the same structure.

      The server should reject the config attempt as opposed to allowing it and then and logging an error.

      Issues encountered:

      1) The administrator can see two values for the same structure, under the same suffix in the control panel.

      2) There is no way to determine which entry belongs to which backend. An add or mod can intended for userRoot, goes to the new backend.

      3) Attempting to delete the bad backend can (and did) hang the Administration Connector forcing the administrator to kill -9 to stop the server. See: kill -3 server.out files.

      Testcase:

      1) Start with an existing userRoot replicated (or not) backend structure.

      dn: dc=forgerock,dc=com
      objectClass: top
      objectClass: domain
      dc: forgerock

      dn: o=business,dc=forgerock,dc=com
      objectClass: top
      objectClass: organization
      o: business

      dn: ou=Corporations,o=business,dc=forgerock,dc=com
      objectClass: top
      objectClass: organizationalUnit
      ou: Corporations

      2) Create a new backend database, "business" with a baseDN of o=business,dc=forgerock,dc=com.

      dsconfig create-backend \
      --set base-dn:o=business,dc=forgerock,dc=com \
      --set enabled:true \
      --type local-db \
      --backend-name business \
      --no-prompt

      dn: o=business,dc=forgerock,dc=com
      objectClass: top
      objectClass: organization
      o: business

      dn: ou=Corporations,o=business,dc=forgerock,dc=com
      objectClass: top
      objectClass: organizationalUnit
      ou: Corporations

      Errors seen:

      2.6.x

      [21/Jul/2015:19:24:30 -0600] category=JEB severity=NOTICE msgID=8847402 msg=The database backend business containing 0 entries has started
      [21/Jul/2015:19:24:30 -0600] category=CORE severity=SEVERE_WARNING msgID=131648 msg=Backend userRoot already contains entry ou=business,dc=forgerock,dc=com which has just been registered as the base DN for backend business. These conflicting entries can cause unexpected or errant search results, and both backends should be reinitialized to ensure that each has the correct content

      3.0.0 SNAPSHOT

      [22/Jul/2015:09:38:10 -0600] category=JEB severity=NOTICE msgID=org.opends.messages.backend.513 msg=The database backend business containing 0 entries has started
      [22/Jul/2015:09:38:10 -0600] category=CORE severity=ERROR msgID=org.opends.messages.core.576 msg=Backend userRoot already contains entry o=business,dc=forgerock,dc=com which has just been registered as the base DN for backend business. These conflicting entries can cause unexpected or errant search results, and both backends should be reinitialized to ensure that each has the correct content

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              lee.trujillo Lee Trujillo
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: