[OPENDJ-7380] Able to use invalid baseDN for data (like 'bs=example,dc=com') Created: 23/Jul/20  Updated: 08/Dec/20

Status: Dev backlog
Project: OpenDJ
Component/s: setup, upgrade
Affects Version/s: 5.5.3, 6.5.3, 7.0.0, 7.0.1
Fix Version/s: None

Type: Bug Priority: Major
Reporter: Miroslav Meca Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: None
Environment:

DS_5.5.3-1_all.deb, DS_6.5.3-1_all.deb and DS_7.0.0-M2020-10.3-1_all.deb,
opendj-deb-7.0.1-RC2.deb and opendj-rpm-7.0.1-RC2.rpm


 Description   

Not sure if I understand right from slack conversation. So if we using baseDn with unknown attributes like 'ds' then it should be failed.

Steps to reproduce (v. 7.0.0):

  1. Download and install DS 
    dpkg -i DS_7.0.0-M2020-10.3-1_all.deb
  2. Setup DS with ds-user-data profile and set the profile baseDn to 'ds=example,dc=com' then start DS 
    ./opendj/setup --serverId first-ds --deploymentKeyPassword password --rootUserDn uid=admin --rootUserPassword password --monitorUserPassword password --hostname localhost --ldapPort 1389 --ldapsPort 1636 --httpsPort 8443 --adminConnectorPort 4444 --profile ds-user-data --set ds-user-data/baseDn:ds=example,dc=com --acceptLicense

...
Validating parameters..... Done
Configuring certificates....... Done
Store the following deployment key in a safe place and re-use it when
configuring other servers in the topology:
XYZ
Configuring server..... Done
Configuring profile DS user data store....... Done
To see basic server status and configuration, you can launch
/opt/opendj/bin/status
  3. Try ldapsearch 
    ./opendj/bin/ldapsearch -h localhost -p 1636 --useSsl -X -D uid=admin -w password -b "ds=example,dc=com" "(&)" dn
dn: ds=example,dc=com

Second strange thing is when we setup old version with this invalid baseDn when after upgrade to version 7.0.0 so data disappears.
Steps to reproduce (from 5.5.3 to 7.0.0)

  1. Download and install DS 5.5.3 
    dpkg -i DS_5.5.3-1_all.deb
  2. Setup DS with sampleData 
    ./opendj/setup --rootUserDn uid=admin --rootUserPassword password --hostname localhost --ldapPort 1389 --enableStartTls --ldapsPort 1636 --httpsPort 8443 --adminConnectorPort 4444 --baseDn ds=example,dc=com --sampleData 200  --acceptLicense

Validating parameters..... Done
Configuring certificates.....WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.opends.server.util.Platform$PlatformIMPL (file:/opt/opendj/lib/opendj.jar) to constructor sun.security.tools.keytool.CertAndKeyGen(java.lang.String,java.lang.String)
WARNING: Please consider reporting this to the maintainers of org.opends.server.util.Platform$PlatformIMPL
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
 Done
Configuring server..... Done
Importing automatically-generated data (200 entries)....... Done
Starting directory server............ Done

To see basic server status and configuration, you can launch
/opt/opendj/bin/status
  3. Run ldapsearch 
    ./opendj/bin/ldapsearch -h localhost -p 1389 -D uid=admin -w password -b "ds=example,dc=com" "(&)" dn

dn: ds=example,dc=com

dn: ou=People,ds=example,dc=com

dn: uid=user.0,ou=People,ds=example,dc=com
...
  4. Upgrade DS to 7.0.0 version 
    sudo dpkg -i DS_7.0.0-M2020-10.3-1_all.deb
  5. Check that DS was updated
  6. Run the same ldapsearch (or same but change to ldaps port + useSsl option) 
    ./opendj/bin/ldapsearch -h localhost -p 1389 -D uid=admin -w password -b "ds=example,dc=com" "(&)" dn
# The LDAP search request failed: 32 (No Such Entry)
# Additional Information:  The search base entry 'ds=example,dc=com' does not exist

Looks strange that DS accept this baseDN during setup but during upgrade with data with this baseDn are disappears.

Note: It does not happens only with 'ds=example,dc=com', I tried with more invalid - like 'dcou=com' with same result.
Generated at Sat Feb 27 22:01:08 UTC 2021 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.