Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-3380

Creating a backend with null base DN can render the instance unusable

    Details

    • Support Ticket IDs:
    • Sprint:
      OpenDJ Sprint 106

      Description

      Using dsconfig's interactive mode lets you create a backend with a null basedn. Doing so can render further dsconfig, status and control-pane commands useless. A combination of restart, delete, restart is enough to fix the issue.


      Note: using dsconfig in non-interactive mode rejects the improper config change.

      opendj; bin/$ ./dsconfig create-backend --set base-dn: --set enabled:true --set db-directory:db --backend-name null --type local-db --hostname localhost --port 4444 --trustAll --bindDN cn=Directory\ Manager --bindPasswordFile pass --no-prompt
      The property argument "base-dn:" does not contain a property value. The
      argument should have the following syntax: property:value
      

      Steps to reproduce

      1. Setup an instance
      2. Launch dsconfig in interactive mode
      3. Create a new backend with any name.
      4. When prompted, hit enter without providing a basedn.

      Enter a value for the "base-dn" property: 
      
      Enter another value for the "base-dn" property [continue]: 
      

      5. Select 1 to enable the backend

      Select a value for the "enabled" property:
      
          1)  true
          2)  false
      
          ?)  help
          c)  cancel
          q)  quit
      
      Enter choice [c]: 1
      

      6. Hit <enter> (f) to finish and create the backend,

      >>>> Configure the properties of the bogusBackend
      
               Property                 Value(s)
               ---------------------------------------------
          1)   backend-id               bogusBackend
          2)   base-dn                  ""
          3)   cipher-key-length        128
          4)   cipher-transformation    AES/CBC/PKCS5Padding
          5)   compact-encoding         true
          6)   confidentiality-enabled  false
          7)   db-cache-percent         50
          8)   db-cache-size            0 b
          9)   db-directory             db
          10)  enabled                  true
          11)  index-entry-limit        4000
          12)  writability-mode         enabled
      
          ?)   help
          f)   finish - create the new bogusBackend
          c)   cancel
          q)   quit
      
      Enter choice [f]: 
      
      The JE Backend was created successfully
      
      The equivalent non-interactive command-line is:
      dsconfig create-backend \
                --set base-dn: \
                --type je \
                --backend-name bogusBackend \
                --no-prompt
      
      Press RETURN to continue 
      

      The backend is created following config:

      dn: ds-cfg-backend-id=bogusBackend,cn=Backends,cn=config
      objectClass: ds-cfg-local-db-backend
      objectClass: top
      objectClass: ds-cfg-backend
      ds-cfg-writability-mode: enabled
      ds-cfg-base-dn:
      ds-cfg-enabled: true
      ds-cfg-java-class: org.opends.server.backends.jeb.BackendImpl
      ds-cfg-db-directory: db
      ds-cfg-backend-id: bogusBackend
      creatorsName: cn=Directory Manager,cn=Root DNs,cn=config
      entryUUID: 850879da-befa-4b5a-b08a-0607f9c356f0
      createTimestamp: 20161007215852Z
      

      Delete the backend

      Attempts to delete the backend result in the following errors.

      Interactive:

      What would you like to do?
      
          1)  List existing Backends
          2)  Create a new Backend
          3)  View and edit an existing Backends
          4)  Delete an existing Backend
      
          b)  back
          q)  quit
      
      Enter choice [b]: 4
      
      
      >>>> Select the Backend from the following list:
      
          1)  adminRoot
          2)  bogusBackend
          3)  userRoot
      
          c)  cancel
          q)  quit
      
      Enter choice [c]: 2
      
      Are you sure that you want to delete the Backend? (yes / no) [no]: yes
      
      The Backend could not be deleted because of the following reason:
      
          *  Unwilling to Perform: Entry
             AddRequest(name=ds-cfg-backend-id=bogusBackend,cn=Backends,cn=config,
             attributes=["objectClass":["ds-cfg-pluggable-backend","top","ds-cfg-back
             end","ds-cfg-je-backend"], "ds-cfg-writability-mode":["enabled"],
             "ds-cfg-base-dn":[""], "ds-cfg-enabled":["true"],
             "ds-cfg-java-class":["org.opends.server.backends.jeb.JEBackend"],
             "ds-cfg-db-directory":["db"], "ds-cfg-backend-id":["bogusBackend"],
             "creatorsName":["cn=Directory Manager,cn=Root DNs,cn=config"],
             "entryUUID":["631fca16-530d-417b-b5d8-7da52d900383"],
             "createTimestamp":["20161007220959Z"]], controls=[]) cannot be removed
             from the Directory Server configuration because one of the delete
             listeners registered with the parent entry cn=Backends,cn=config
             rejected this change with the message: The backend defined in
             configuration entry ds-cfg-backend-id=bogusBackend,cn=Backends,cn=config
             has one or more subordinate backends. A backend may not be removed if it
             has subordinate backends
      

      Non-interactive:

      opendj; bin/$ ./dsconfig delete-backend \
                --backend-name bogusBackend \
                --hostname localhost \
                --port 4444 \
                --trustAll \
                --bindDN cn=Directory\ Manager \
                --bindPasswordFile pass \
                --no-prompt
      
      The version of the installed OpenDJ could not be determined because an error
      occurs during reading the current configuration.
      

      Symptoms

      Symptoms range from not being able to delete the bogus backend to rendering commands like dsconfig and status unusable.

      DJ 4.0.0-SNAPSHOT

      dsconfig

      If the interactive dsconfig command is closed via control-c, all attempts to launch it to delete the backend fail with a EntryNotFoundException exception.

      opendj; bin/$ ./dsconfig -h localhost -p 6444 -j pass -D "cn=Directory Manager" --displayCommand  --trustAll --commandFilePath /opt/instances/backendtest400/logs/admin
      The version of the installed OpenDJ could not be determined because an error
      occurred while reading the current configuration: EntryNotFoundException: No
      Such Entry: The entry  specified as the search base does not exist in the
      Directory Server (LdapException.java:171 ResultLdapPromiseImpl.java:132
      LDAPClientFilter.java:318 LDAPReader.java:685 LDAPReader.java:549
      LDAPReader.java:122 LDAPBaseFilter.java:72 ExecutorResolver.java:119
      DefaultFilterChain.java:284 DefaultFilterChain.java:201
      DefaultFilterChain.java:133 DefaultFilterChain.java:112
      ProcessorExecutor.java:77 TCPNIOTransport.java:526 AbstractIOStrategy.java:112
      WorkerThreadIOStrategy.java:117 WorkerThreadIOStrategy.java:56
      WorkerThreadIOStrategy.java:137 AbstractThreadPool.java:591
      AbstractThreadPool.java:571 Thread.java:745)
      

      status: fails to display backend data and throws a ManagedObjectNotFoundException exception.

      opendj; bin/$ status
      Fri Oct  7 16:31:14 MDT 2016
      
                --- Server Status ---
      Server Run Status:        Started
      Open Connections:         3
      
                --- Server Details ---
      Host Name:                Lees-MacBook-Pro.local
      Administrative Users:     <not available> (*)
      Installation Path:        /opt/instances/backendtest400
      Version:                  OpenDJ Server 4.0.0-SNAPSHOT
      Java Version:             <not available> (*)
      Administration Connector: N/A
      
                --- Connection Handlers ---
      -No Listener Ports Found-
      
                --- Data Sources ---
      -No LDAP Databases Found-
      
      The requested managed object could not be found
      
      The requested managed object could not be found
      
      The requested managed object could not be found
      
      The requested managed object could not be found
      
      The requested managed object could not be found
      
      The requested managed object could not be found
      
      The requested managed object could not be found
      
      Error reading data from server.  Verify the authentication information
      provided.
      Details: org.forgerock.opendj.config.ManagedObjectNotFoundException
      
      * Information only available if you provide valid authentication information
      when launching the status command.
      

      The control-panel is also unusable. It constantly says the server is running but you need to authenticate (even though you already have), or that there is an error reading the configuration.

      Restarting the instance allows dsconfig to be launched and the backend to be viewed and deleted.

      >>>> Backend management menu
      
      What would you like to do?
      
          1)  List existing Backends
          2)  Create a new Backend
          3)  View and edit an existing Backends
          4)  Delete an existing Backend
      
          b)  back
          q)  quit
      
      Enter choice [b]: 4
      
      
      >>>> Select the Backend from the following list:
      
          1)  adminRoot
          2)  bogusBackend
          3)  userRoot
      
          c)  cancel
          q)  quit
      

      DJ 2.6.4

      On 2.6.4, listing the backend shows zero backends (4.0.0 can see the bogus backend)

      What would you like to do?
      
          1)  List existing Backends
          2)  Create a new Backend
          3)  View and edit an existing Backend
          4)  Delete an existing Backend
      
          b)  back
          q)  quit
      
      Enter choice [b]: 1
      
      
      Backend : Type : enabled : base-dn
      --------:------:---------:--------
      

      Delete the backend

      What would you like to do?
      
          1)  List existing Backends
          2)  Create a new Backend
          3)  View and edit an existing Backend
          4)  Delete an existing Backend
      
          b)  back
          q)  quit
      
      Enter choice [b]: 4
      
      
      Unable to continue since there are no Backends currently configured on the
      server
      

      Restarting the allows the backend to be viewed and deleted.

      What would you like to do?
      
          1)  List existing Backends
          2)  Create a new Backend
          3)  View and edit an existing Backend
          4)  Delete an existing Backend
      
          b)  back
          q)  quit
      
      Enter choice [b]: 4
      
      
      >>>> Select the Backend from the following list:
      
          1)  adminRoot
          2)  bogusBackend
          3)  userRoot
      
          c)  cancel
          q)  quit
      
      Enter choice [c]: 2
      
      Are you sure that you want to delete the Backend? (yes / no) [no]: yes
      The Backend was deleted successfully
      
      The equivalent non-interactive command-line is:
      dsconfig delete-backend \
                --backend-name bogusBackend \
                --hostname localhost \
                --port 4444 \
                --trustAll \
                --bindDN cn=Directory\ Manager \
                --bindPasswordFile pass \
                --no-prompt
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                joseph.de-menditte Joseph de-Menditte
                Reporter:
                lee.trujillo Lee Trujillo
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: