Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-7380

Able to use invalid baseDN for data (like 'bs=example,dc=com')



    • Type: Bug
    • Status: Dev backlog
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 5.5.3, 6.5.3, 7.0.0, 7.0.1, 7.1.0
    • Fix Version/s: None
    • Component/s: setup, upgrade
    • Labels:
    • Environment:
      DS_5.5.3-1_all.deb, DS_6.5.3-1_all.deb and DS_7.0.0-M2020-10.3-1_all.deb,
      opendj-deb-7.0.1-RC2.deb and opendj-rpm-7.0.1-RC2.rpm


      Not sure if I understand right from slack conversation. So if we using baseDn with unknown attributes like 'ds' then it should be failed.

      Steps to reproduce (v. 7.0.0):

      1. Download and install DS
        dpkg -i DS_7.0.0-M2020-10.3-1_all.deb
      2. Setup DS with ds-user-data profile and set the profile baseDn to 'ds=example,dc=com' then start DS
        ./opendj/setup --serverId first-ds --deploymentKeyPassword password --rootUserDn uid=admin --rootUserPassword password --monitorUserPassword password --hostname localhost --ldapPort 1389 --ldapsPort 1636 --httpsPort 8443 --adminConnectorPort 4444 --profile ds-user-data --set ds-user-data/baseDn:ds=example,dc=com --acceptLicense
        Validating parameters..... Done
        Configuring certificates....... Done
        Store the following deployment key in a safe place and re-use it when
        configuring other servers in the topology:
        Configuring server..... Done
        Configuring profile DS user data store....... Done
        To see basic server status and configuration, you can launch
      3. Try ldapsearch
        ./opendj/bin/ldapsearch -h localhost -p 1636 --useSsl -X -D uid=admin -w password -b "ds=example,dc=com" "(&)" dn
        dn: ds=example,dc=com

      Second strange thing is when we setup old version with this invalid baseDn when after upgrade to version 7.0.0 so data disappears.
      Steps to reproduce (from 5.5.3 to 7.0.0)

      1. Download and install DS 5.5.3
        dpkg -i DS_5.5.3-1_all.deb
      2. Setup DS with sampleData
        ./opendj/setup --rootUserDn uid=admin --rootUserPassword password --hostname localhost --ldapPort 1389 --enableStartTls --ldapsPort 1636 --httpsPort 8443 --adminConnectorPort 4444 --baseDn ds=example,dc=com --sampleData 200  --acceptLicense
        Validating parameters..... Done
        Configuring certificates.....WARNING: An illegal reflective access operation has occurred
        WARNING: Illegal reflective access by org.opends.server.util.Platform$PlatformIMPL (file:/opt/opendj/lib/opendj.jar) to constructor sun.security.tools.keytool.CertAndKeyGen(java.lang.String,java.lang.String)
        WARNING: Please consider reporting this to the maintainers of org.opends.server.util.Platform$PlatformIMPL
        WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
        WARNING: All illegal access operations will be denied in a future release
        Configuring server..... Done
        Importing automatically-generated data (200 entries)....... Done
        Starting directory server............ Done
        To see basic server status and configuration, you can launch
      3. Run ldapsearch
        ./opendj/bin/ldapsearch -h localhost -p 1389 -D uid=admin -w password -b "ds=example,dc=com" "(&)" dn
        dn: ds=example,dc=com
        dn: ou=People,ds=example,dc=com
        dn: uid=user.0,ou=People,ds=example,dc=com
      4. Upgrade DS to 7.0.0 version
        sudo dpkg -i DS_7.0.0-M2020-10.3-1_all.deb
      5. Check that DS was updated
      6. Run the same ldapsearch (or same but change to ldaps port + useSsl option)
        ./opendj/bin/ldapsearch -h localhost -p 1389 -D uid=admin -w password -b "ds=example,dc=com" "(&)" dn
        # The LDAP search request failed: 32 (No Such Entry)
        # Additional Information:  The search base entry 'ds=example,dc=com' does not exist

      Looks strange that DS accept this baseDN during setup but during upgrade with data with this baseDn are disappears.

      Note: It does not happens only with 'ds=example,dc=com', I tried with more invalid - like 'dcou=com' with same result.


          Issue Links



              Unassigned Unassigned
              miroslav.meca Miroslav Meca
              0 Vote for this issue
              1 Start watching this issue