[OPENDJ-7380] Able to use invalid baseDN for data (like 'bs=example,dc=com') Created: 23/Jul/20  Updated: 08/Dec/20

Status: Dev backlog
Project: OpenDJ
Component/s: setup, upgrade
Affects Version/s: 5.5.3, 6.5.3, 7.0.0, 7.0.1
Fix Version/s: None

Type: Bug Priority: Major
Reporter: Miroslav Meca Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: None
Environment:

DS_5.5.3-1_all.deb, DS_6.5.3-1_all.deb and DS_7.0.0-M2020-10.3-1_all.deb,
opendj-deb-7.0.1-RC2.deb and opendj-rpm-7.0.1-RC2.rpm



 Description   

Not sure if I understand right from slack conversation. So if we using baseDn with unknown attributes like 'ds' then it should be failed.

Steps to reproduce (v. 7.0.0):

  1. Download and install DS
    dpkg -i DS_7.0.0-M2020-10.3-1_all.deb
  2. Setup DS with ds-user-data profile and set the profile baseDn to 'ds=example,dc=com' then start DS
    ./opendj/setup --serverId first-ds --deploymentKeyPassword password --rootUserDn uid=admin --rootUserPassword password --monitorUserPassword password --hostname localhost --ldapPort 1389 --ldapsPort 1636 --httpsPort 8443 --adminConnectorPort 4444 --profile ds-user-data --set ds-user-data/baseDn:ds=example,dc=com --acceptLicense
    
    ...
    Validating parameters..... Done
    Configuring certificates....... Done
    Store the following deployment key in a safe place and re-use it when
    configuring other servers in the topology:
    XYZ
    Configuring server..... Done
    Configuring profile DS user data store....... Done
    To see basic server status and configuration, you can launch
    /opt/opendj/bin/status
    
  3. Try ldapsearch
    ./opendj/bin/ldapsearch -h localhost -p 1636 --useSsl -X -D uid=admin -w password -b "ds=example,dc=com" "(&)" dn
    dn: ds=example,dc=com
    

Second strange thing is when we setup old version with this invalid baseDn when after upgrade to version 7.0.0 so data disappears.
Steps to reproduce (from 5.5.3 to 7.0.0)

  1. Download and install DS 5.5.3
    dpkg -i DS_5.5.3-1_all.deb
  2. Setup DS with sampleData
    ./opendj/setup --rootUserDn uid=admin --rootUserPassword password --hostname localhost --ldapPort 1389 --enableStartTls --ldapsPort 1636 --httpsPort 8443 --adminConnectorPort 4444 --baseDn ds=example,dc=com --sampleData 200  --acceptLicense
    
    Validating parameters..... Done
    Configuring certificates.....WARNING: An illegal reflective access operation has occurred
    WARNING: Illegal reflective access by org.opends.server.util.Platform$PlatformIMPL (file:/opt/opendj/lib/opendj.jar) to constructor sun.security.tools.keytool.CertAndKeyGen(java.lang.String,java.lang.String)
    WARNING: Please consider reporting this to the maintainers of org.opends.server.util.Platform$PlatformIMPL
    WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
    WARNING: All illegal access operations will be denied in a future release
     Done
    Configuring server..... Done
    Importing automatically-generated data (200 entries)....... Done
    Starting directory server............ Done
    
    To see basic server status and configuration, you can launch
    /opt/opendj/bin/status
  3. Run ldapsearch
    ./opendj/bin/ldapsearch -h localhost -p 1389 -D uid=admin -w password -b "ds=example,dc=com" "(&)" dn
    
    dn: ds=example,dc=com
    
    dn: ou=People,ds=example,dc=com
    
    dn: uid=user.0,ou=People,ds=example,dc=com
    ...
    
  4. Upgrade DS to 7.0.0 version
    sudo dpkg -i DS_7.0.0-M2020-10.3-1_all.deb
  5. Check that DS was updated
  6. Run the same ldapsearch (or same but change to ldaps port + useSsl option)
    ./opendj/bin/ldapsearch -h localhost -p 1389 -D uid=admin -w password -b "ds=example,dc=com" "(&)" dn
    # The LDAP search request failed: 32 (No Such Entry)
    # Additional Information:  The search base entry 'ds=example,dc=com' does not exist

Looks strange that DS accept this baseDN during setup but during upgrade with data with this baseDn are disappears.

Note: It does not happens only with 'ds=example,dc=com', I tried with more invalid - like 'dcou=com' with same result.


Generated at Sat Feb 27 22:01:08 UTC 2021 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.