pbrinette cc.in2p3.fr wrote:
> Openldap is used as information provider in a GRID
middleware project
> (http://www.eu-egee.org/).
This information provider is known as BDII.
>
> The information about grid nodes are published via
openldap.
>
> Until now, the platform supported by the middleware is
Scientific Linux 3 (a
> RHEL 3 clone like CentOS). The openldap version
provided with this system is
> openldap 2.0.27.
>
> We updated our systems with Scientific Linux 4.4 (RHEL
4.4) for new hardware
> support. The openldap version provided is now 2.2.13.
>
> When I put the new service in production, I find some
issues with some
> attributes that disappears from the directory.
>
> In our openldap schema, we have an attribute declared
like this:
>
> attributetype ( 1.3.6.1.4.1.8005.100.2.2.7.1
> NAME 'GlueVOViewLocalID'
> DESC 'Local ID for this VO view'
> EQUALITY caseIgnoreIA5Match
> SUBSTR caseIgnoreIA5SubstringsMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
> SINGLE-VALUE)
>
>
> This attribute may containt string like these:
>
> GlueVOViewLocalID=dteam
>
GlueVOViewLocalID=/VO=swetest/GROUP=/swetest/ROLE=swadmin,
>
> It seem that theses both sample strings are IA5
compliant.
>
> When I ask the openldap server with this request, I’ve
got different results
> regarding the openldap version :
>
> ------------ Openldap 2.0.27 -----------------------
>
> ldapsearch -x -P3 -H
ldap://cclcgtopbdii01.in2p3.fr:2170 -b
>
"GlueVOViewLocalID=/VO=swetest/GROUP=/swetest/ROLE=swad
min,GlueCEUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge-s
wetest,mds-vo-name=UPorto,mds-vo-name=local,o=grid"
> version: 2
>
> #
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # /VO=swetest/GROUP=/swetest/ROLE=swadmin,
grid001.fc.up.pt:2119/jobmanager-l
> cgsge-swetest, UPorto, local, grid
> dn:
GlueVOViewLocalID=/VO=swetest/GROUP=/swetest/ROLE=swadmin,Gl
ueCEUniqueID=g
>
rid001.fc.up.pt:2119/jobmanager-lcgsge-swetest,mds-vo-name=U
Porto,mds-vo-name
> =local,o=grid
> objectClass: GlueCETop
> objectClass: GlueVOView
> objectClass: GlueCEInfo
> objectClass: GlueCEState
> objectClass: GlueCEAccessControlBase
> objectClass: GlueCEPolicy
> objectClass: GlueKey
> objectClass: GlueSchemaVersion
> GlueVOViewLocalID:
/VO=swetest/GROUP=/swetest/ROLE=swadmin
> GlueCEAccessControlBaseRule:
VOMS:/VO=swetest/GROUP=/swetest/ROLE=swadmin
> GlueCEAccessControlBaseRule: DENY:dteam
> GlueCEAccessControlBaseRule: DENY:ops
> GlueCEAccessControlBaseRule: DENY:swetest
> GlueCEAccessControlBaseRule:
DENY:/VO=dteam/GROUP=/dteam/ROLE=lcgadmin
> GlueCEAccessControlBaseRule:
DENY:/VO=dteam/GROUP=/dteam/ROLE=production
> GlueCEAccessControlBaseRule:
DENY:/VO=ops/GROUP=/ops/ROLE=lcgadmin
> GlueCEStateRunningJobs: 0
> GlueCEStateWaitingJobs: 0
> GlueCEStateTotalJobs: 0
> GlueCEStateFreeJobSlots: 22
> GlueCEStateEstimatedResponseTime: 0
> GlueCEStateWorstResponseTime: 0
> GlueCEInfoDefaultSE: hades.up.pt
> GlueCEInfoApplicationDir: /vosoft/swetestsoft
> GlueCEInfoDataDir: unset
> GlueChunkKey:
GlueCEUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge-swete
st
> GlueSchemaVersionMajor: 1
> GlueSchemaVersionMinor: 2
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
>
>
>
> --------------------- openldap 2.2.13
------------------------
>
> ldapsearch -P3 -x -H
ldap://cclcgtopbdii02.in2p3.fr:2170 -b
>
"GlueVOViewLocalID=/VO=swetest/GROUP=/swetest/ROLE=swad
min,GlueCEUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge-s
wetest,mds-vo-name=UPorto,mds-vo-name=local,o=grid"
> version: 2
>
> #
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # search result
> search: 2
> result: 34 Invalid DN syntax
> text: invalid DN
>
> # numResponses: 1
>
> ---------------------------------------------------
>
>
>
> Each time a dn contain an attribute of the following
form :
> "attribute=a_string=another_string,..."
(eg:
> "/VO=swetest/GROUP=/swetest/ROLE=swadmin")
openldap 2.2 produce an error "could
> not parse entry"
>
> In fact, each time the attribute value contain more
that one equal ("=")
> character, openldap failed to handle the string, even
though this character is
> included in the IA5 table.
>
> Best regards.
>
>
1) both 2.0 and 2.2 are ancient. OpenLDAP 2.3 is mature,
and 2.4 is
about to exit beta stage. Unless the problem is related to
a real
software bug, and it persists either in HEAD/2.4 or in 2.3
code, this
ITS will be closed.
2) were GlueCEUniqueID and mds-vo-name declared anywhere?
There seems
to be nothing wrong with your DN per se; in fact, dntest
yields
$ dntest
'GlueVOViewLocalID=/VO=swetest/GROUP=/swetest/ROLE=swadmin,G
lueCEUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge-swetes
t,mds-vo-name=UPorto,mds-vo-name=local,o=grid'
ldap_rdn2str() =
"GlueVOViewLocalID=/VO3Dswetest/GROUP3D/swetest/ROLE
3Dswadmin"
ldap_rdn2str() =
"GlueCEUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge
-swetest"
ldap_rdn2str() = "mds-vo-name=UPorto"
ldap_rdn2str() = "mds-vo-name=local"
ldap_rdn2str() = "o=grid"
ldap_dn2str(ldap_str2dn("GlueVOViewLocalID=/VO=swetest/
GROUP=/swetest/ROLE=swadm
in,GlueCEUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge-sw
etest,mds-vo-name=UP
orto,mds-vo-name=local,o=grid"))
=
"GlueVOViewLocalID=/VO3Dswetest/GROUP3D/swetest/ROLE
3Dswadmin,GlueC
EUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge-swetest,md
s-vo-name=UPorto,mds
-vo-name=local,o=grid"
ldap_dn2domain("GlueVOViewLocalID=/VO=swetest/GROUP=/sw
etest/ROLE=swadmin,GlueCE
UniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge-swetest,mds
-vo-name=UPorto,mds-
vo-name=local,o=grid")
= ""
ldap_dn2ufn("GlueVOViewLocalID=/VO=swetest/GROUP=/swete
st/ROLE=swadmin,GlueCEUni
queID=grid001.fc.up.pt:2119/jobmanager-lcgsge-swetest,mds-vo
-name=UPorto,mds-vo-
name=local,o=grid")
=
"/VO3Dswetest/GROUP3D/swetest/ROLE3Dswadmin,
grid001.fc.up.pt:2119/
jobmanager-lcgsge-swetest, UPorto, local, grid"
ldap_dn2dcedn("GlueVOViewLocalID=/VO=swetest/GROUP=/swe
test/ROLE=swadmin,GlueCEU
niqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge-swetest,mds-
vo-name=UPorto,mds-v
o-name=local,o=grid")
=
"/o=grid/mds-vo-name=local/mds-vo-name=UPorto/GlueCEUni
queID=grid001.f
c.up.pt:2119/jobmanager-lcgsge-swetest/GlueVOViewLocalID=/
VO=swetest/GROUP=
/swetest/ROLE=swadmin"
ldap_dcedn2dn("/o=grid/mds-vo-name=local/mds-vo-name=UP
orto/GlueCEUniqueID=grid0
01.fc.up.pt:2119/jobmanager-lcgsge-swetest/GlueVOViewLocalI
D=/VO=swetest/GRO
UP=/swetest/ROLE=swadmin")
=
"GlueVOViewLocalID=/VO3Dswetest/GROUP3D/swetest/ROLE
3Dswadmin,GlueC
EUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge-swetest,md
s-vo-name=UPorto,mds
-vo-name=local,o=grid"
ldap_dn2ad_canonical("GlueVOViewLocalID=/VO=swetest/GRO
UP=/swetest/ROLE=swadmin,
GlueCEUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge-swete
st,mds-vo-name=UPort
o,mds-vo-name=local,o=grid")
=
"grid/local/UPorto/grid001.fc.up.pt:2119/jobmanager-lc
gsge-swetest//
VO=swetest/GROUP=/swetest/ROLE=swadmin/"
ldap_explode_dn("GlueVOViewLocalID=/VO3Dswetest/GROUP
3D/swetest/ROLE3Dswadmin
,GlueCEUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge-swet
est,mds-vo-name=UPor
to,mds-vo-name=local,o=grid"):
"GlueVOViewLocalID=/VO3Dswetest/GROUP3D/swetest/ROLE
3Dswadmin"
ldap_explode_rdn("GlueVOViewLocalID=/VO3Dswetest/GROUP
3D/swetest/ROLE
3Dswadmin")
'GlueVOViewLocalID=/VO3Dswetest/GROUP3D/swetest/ROLE3Dswa
dmin
'
ldap_explode_rdn("GlueVOViewLocalID=/VO3Dswetest/GROUP
3D/swetest/ROLE
3Dswadmin") (no types)
"/VO3Dswetest/GROUP3D/swetest/ROLE3Dswadmin"
"GlueCEUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge
-swetest"
ldap_explode_rdn("GlueCEUniqueID=grid001.fc.up.pt:2119/
jobmanager-lcgsge
-swetest")
'GlueCEUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge-swet
est'
ldap_explode_rdn("GlueCEUniqueID=grid001.fc.up.pt:2119/
jobmanager-lcgsge
-swetest") (no types)
"grid001.fc.up.pt:2119/jobmanager-lcgsge-swetest"
"mds-vo-name=UPorto"
ldap_explode_rdn("mds-vo-name=UPorto")
'mds-vo-name=UPorto'
ldap_explode_rdn("mds-vo-name=UPorto")
(no types)
"UPorto"
"mds-vo-name=local"
ldap_explode_rdn("mds-vo-name=local")
'mds-vo-name=local'
ldap_explode_rdn("mds-vo-name=local") (no
types)
"local"
"o=grid"
ldap_explode_rdn("o=grid")
'o=grid'
ldap_explode_rdn("o=grid") (no types)
"grid"
ldap_explode_dn("GlueVOViewLocalID=/VO3Dswetest/GROUP
3D/swetest/ROLE3Dswadmin
,GlueCEUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge-swet
est,mds-vo-name=UPor
to,mds-vo-name=local,o=grid") (no types):
"/VO3Dswetest/GROUP3D/swetest/ROLE3Dswadmin"
"grid001.fc.up.pt:2119/jobmanager-lcgsge-swetest"
"UPorto"
"local"
"grid"
"GlueVOViewLocalID=/VO3Dswetest/GROUP3D/swetest/ROLE
3Dswadmin,GlueCEUniqueID=
grid001.fc.up.pt:2119/jobmanager-lcgsge-swetest,mds-vo-name=
UPorto,mds-vo-name=l
ocal,o=grid"
==
"GlueVOViewLocalID=/VO3Dswetest/GROUP3D/swetest/ROLE
3Dswadmin,Glu
eCEUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge-swetest,
mds-vo-name=UPorto,m
ds-vo-name=local,o=grid" ? yes
But apparently some attribute declarations are missing; in
fact, slapdn
(after declaring GlueVOViewLocalID as indicated above)
yields
slapdn -f testrun/slapd.1.conf
'GlueVOViewLocalID=/VO=swetest/GROUP=/swetest/ROLE=swadmin,G
lueCEUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge-swetes
t,mds-vo-name=UPorto,mds-vo-name=local,o=grid'
DN:
<GlueVOViewLocalID=/VO=swetest/GROUP=/swetest/ROLE=swadmi
n,GlueCEUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge-swe
test,mds-vo-name=UPorto,mds-vo-name=local,o=grid>
check failed 21 (Invalid syntax)
where the failure refers exactly to the fact that
GlueCEUniqueID was not
declared.
p.
PS: don't look for those tools in ancient software; they've
been
introduced only in recent times (dntest: October 2001;
slapdn: March 2004).
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Email: pierangelo.masaratisys-net.it
---------------------------------------
|
