Uploaded image for project: 'Directory ApacheDS'
  1. Directory ApacheDS
  2. DIRSERVER-1964

Duplicate DN returned

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Cannot Reproduce
    • 1.5.7
    • None
    • core
    • None

    Description

      A single user started complaining that he was unable to login. When looking at the logs, we noticed the following entry:

      "result: 4 Size limit exceeded"

      Curious, I sent the same ldapsearch request to see why more than one user would be returned:

      1. ldapsearch -x -h 192.168.1.150 -p 1850 -D "dc=authserver" -b "dc=authserver" "(&(cn=user50)(ou=UAT))" -w password -M -z 1 -l 5
      1. extended LDIF
        #
      2. LDAPv3
      3. base <dc=authserver> with scope subtree # filter: (&(cn=user50)(ou=UAT)) # requesting: ALL # with manageDSAit control #
      1. user50, UAT, authserver
        dn: cn=user50,ou=UAT,dc=authserver
        sn: user50
        name: user50
        userPassword:: MWYzNGJkMTctMjFhOS00ZDM2LWI4MzgtZDEwNDZmNmZiZGQ3
        objectClass: person
        objectClass: extensibleObject
        objectClass: top
        ou: UAT
        cn: user50
      1. search result
        search: 2
        result: 4 Size limit exceeded
      1. numResponses: 2
      2. numEntries: 1

      Running the same, but with a higher value of -z (-z 1000):

      1. ldapsearch -x -h 192.168.1.150 -p 1850 -D "dc=authserver" -b "dc=authserver" "(&(cn=user50)(ou=UAT))" -w password -M -z 1000 -l 5
      1. extended LDIF
        #
      2. LDAPv3
      3. base <dc=authserver> with scope subtree # filter: (&(cn=user50)(ou=UAT)) # requesting: ALL # with manageDSAit control #
      1. user50, UAT, authserver
        dn: cn=user50,ou=UAT,dc=authserver
        sn: user50
        name: user50
        userPassword:: MWYzNGJkMTctMjFhOS00ZDM2LWI4MzgtZDEwNDZmNmZiZGQ3
        objectClass: person
        objectClass: extensibleObject
        objectClass: top
        ou: UAT
        cn: user50
      1. user50, UAT, authserver
        dn: cn=user50,ou=UAT,dc=authserver
        sn: user50
        name: user50
        userPassword:: YTg1NTM2MDMtZWQ1NS00OGQ4LWFlNjMtOTRkN2YwMzg1OGFj
        objectClass: person
        objectClass: extensibleObject
        objectClass: top
        ou: UAT
        cn: user50
      1. search result
        search: 2
        result: 0 Success
      1. numResponses: 3
      2. numEntries: 2

      You can see that both entries have the exact same "dn":
      dn: cn=user50,ou=UAT,dc=authserver
      dn: cn=user50,ou=UAT,dc=authserver

      When looking at the code, I tried to reproduce the same issue in a different environment, but the CoreSession object will actually not allow you to add duplicate entries, throwing the following exception:

      org.apache.directory.shared.ldap.exception.LdapEntryAlreadyExistsException: ERR_250 cn=user50,ou=UAT,dc=authserver already exists!

      Is it possible that a bug in ApacheDS has corrupted the internal database?

      Thank you.

      Attachments

        Activity

          People

            Unassigned Unassigned
            pll.lacroix Pierre-Luc Lacroix
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: