Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-4485

MODRDN with a blank newrdn: value is not rejected.

    Details

    • Support Ticket IDs:

      Description

      A MODRDN with a blank newdn specified, is not rejected.  An unfortunate side effect is that the entry is subsequently deleted after the MODRDN.

       

      ./ldapmodify --port 1389 -D "cn=Directory Manager" -w password <<"EOF";
      dn: uid=user.0,ou=People,dc=example,dc=com
      changetype: modrdn
      newrdn: uid=
      deleteoldrdn: 1
      EOF

       

      Example:

       

      opendj; bin/$ ./ldapsearch --port 1389 -D "cn=Directory Manager" -w password --baseDN dc=example,dc=com uid=user.0 dn
      dn: uid=user.0,ou=People,dc=example,dc=com
      
      opendj; bin/$ ./modrdn
      # Processing MODIFYDN request for uid=user.0,ou=People,dc=example,dc=com
      # MODIFYDN operation successful for DN uid=user.0,ou=People,dc=example,dc=com
      opendj; bin/$
      opendj; bin/$ ./ldapsearch --port 1389 -D "cn=Directory Manager" -w password --baseDN dc=example,dc=com uid=user.0 dn
      opendj; bin/${noformat}
       
      
      Logs
      
       
      

      [09/Nov/2017:16:55:03 -0700] CONNECT conn=0 from=192.168.0.11:60126 to=192.168.0.11:1389 protocol=LDAP
      [09/Nov/2017:16:55:03 -0700] BIND REQ conn=0 op=0 msgID=1 version=3 type=SIMPLE dn="cn=Directory Manager"
      [09/Nov/2017:16:55:03 -0700] BIND RES conn=0 op=0 msgID=1 result=0 authDN="cn=Directory Manager,cn=Root DNs,cn=config" etime=38
      [09/Nov/2017:16:55:04 -0700] SEARCH REQ conn=0 op=1 msgID=2 base="dc=example,dc=com" scope=sub filter="(uid=user.0)" attrs="dn"
      [09/Nov/2017:16:55:04 -0700] SEARCH RES conn=0 op=1 msgID=2 result=0 nentries=1 etime=10
      [09/Nov/2017:16:55:04 -0700] UNBIND REQ conn=0 op=2 msgID=3
      [09/Nov/2017:16:55:04 -0700] DISCONNECT conn=0 reason="Client Unbind"

      [09/Nov/2017:16:55:09 -0700] CONNECT conn=1 from=192.168.0.11:60127 to=192.168.0.11:1389 protocol=LDAP
      [09/Nov/2017:16:55:10 -0700] BIND REQ conn=1 op=0 msgID=1 version=3 type=SIMPLE dn="cn=Directory Manager"
      [09/Nov/2017:16:55:10 -0700] BIND RES conn=1 op=0 msgID=1 result=0 authDN="cn=Directory Manager,cn=Root DNs,cn=config" etime=13
      [09/Nov/2017:16:55:10 -0700] MODIFYDN REQ conn=1 op=1 msgID=2 dn="uid=user.0,ou=People,dc=example,dc=com" newRDN="uid=" deleteOldRDN="true"
      [09/Nov/2017:16:55:10 -0700] MODIFYDN RES conn=1 op=1 msgID=2 result=0 etime=18
      [09/Nov/2017:16:55:10 -0700] UNBIND REQ conn=1 op=2 msgID=3
      [09/Nov/2017:16:55:10 -0700] DISCONNECT conn=1 reason="Client Unbind"

      [09/Nov/2017:16:55:13 -0700] CONNECT conn=2 from=192.168.0.11:60128 to=192.168.0.11:1389 protocol=LDAP
      [09/Nov/2017:16:55:14 -0700] BIND REQ conn=2 op=0 msgID=1 version=3 type=SIMPLE dn="cn=Directory Manager"
      [09/Nov/2017:16:55:14 -0700] BIND RES conn=2 op=0 msgID=1 result=0 authDN="cn=Directory Manager,cn=Root DNs,cn=config" etime=16
      [09/Nov/2017:16:55:14 -0700] SEARCH REQ conn=2 op=1 msgID=2 base="dc=example,dc=com" scope=sub filter="(uid=user.0)" attrs="dn"
      [09/Nov/2017:16:55:14 -0700] SEARCH RES conn=2 op=1 msgID=2 result=0 nentries=0 etime=1
      [09/Nov/2017:16:55:14 -0700] UNBIND REQ conn=2 op=2 msgID=3
      [09/Nov/2017:16:55:14 -0700] DISCONNECT conn=2 reason="Client Unbind"

       
      
       
      
      1. 09/Nov/2017:16:55:10 -0700; conn=1; op=1
        dn: uid=user.0,ou=People,dc=example,dc=com
        changetype: modrdn
        newrdn: uid=
        deleteoldrdn: 1
         
        
        This can also affect the Global Admin ID.  The result is a bad admin account.  If you restart the server, the admin id is deleted.
        
      2. 09/Nov/2017:17:14:39 -0700; conn=5; op=1
        dn: cn=admin,cn=Administrators,cn=admin data
        changetype: modrdn
        newrdn: cn=
        deleteoldrdn: 1

      dn: cn=,cn=Administrators,cn=admin data
      objectClass: top
      objectClass: person
      sn: admin
      userPassword:

      {PBKDF2}

      10000:8YUh1aGE+AXoMWfLWwAxH/H7feCEe+MiUM6H4g==
      description: The Administrator that can manage all the server instances.
      cn:
      ds-pwp-password-policy-dn: cn=Root Password Policy,cn=Password Policies,cn=config
      ds-privilege-name: bypass-acl
      ds-privilege-name: modify-acl
      ds-privilege-name: config-read
      ds-privilege-name: config-write
      ds-privilege-name: ldif-import
      ds-privilege-name: ldif-export
      ds-privilege-name: backend-backup
      ds-privilege-name: backend-restore
      ds-privilege-name: server-shutdown
      ds-privilege-name: server-restart
      ds-privilege-name: disconnect-client
      ds-privilege-name: cancel-request
      ds-privilege-name: password-reset
      ds-privilege-name: update-schema
      ds-privilege-name: privilege-change
      ds-privilege-name: unindexed-search
      ds-privilege-name: subentry-write
      ds-privilege-name: changelog-read
      createTimestamp: 20171110001339Z
      pwdChangedTime: 20171110001339.532Z
      creatorsName: cn=Directory Manager,cn=Root DNs,cn=config
      modifyTimestamp: 20171110001439Z
      ds-sync-hist: dn:0000015fa3474b0536a800000002:moddn
      modifiersName: cn=Directory Manager,cn=Root DNs,cn=config
      entryUUID: 6503d755-b944-4857-9aad-416711806d3e

      opendj; bin/$ date; ./dsreplication status --adminUID admin --adminPassword password --hostname opendj.forgerock.com --port 4444 --trustAll
      Thu Nov  9 17:17:15 MST 2017

      The provided credentials are not valid in server opendj.forgerock.com:4444.
      Details: Invalid Credentials

      
      

      Tested on

      • 3.5.2
      • 5.5.0
      • 6.0.0

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                matthew Matthew Swift
                Reporter:
                lee.trujillo Lee Trujillo
                QA Assignee:
                Viktor Nawrath
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: