Friday, April 8, 2022

[389-users] Re: Posible bug in Schema Reload plug-in validator?

I can reproduce the issue.  Not sure what is going on, but looks like a
bug.  Can you please file a ticket:
https://github.com/389ds/389-ds-base/issues/new

Thanks,

Mark

On 4/8/22 4:38 AM, Jan Tomasek wrote:
> Hello,
>
> I'm running 389DS version 1.4.4.11-2 on Debian Bullseye and when I try
> dynamic schema reload I get this error:
>
>> [08/Apr/2022:09:50:38.481339672 +0200] - INFO - schemareload -
>> schemareload_thread - Schema reload task starts (schema dir: default)
>> ...
>> [08/Apr/2022:09:50:38.528960187 +0200] - ERR - parse_attr_str -
>> Cannot find parent attribute type "certSubjectDN"
>> [08/Apr/2022:09:50:38.534608629 +0200] - ERR - dse_read_one_file -
>> The entry cn=schema in file
>> /etc/dirsrv/slapd-ldap33/schema/96radoc.ldif (lineno: 1) is invalid,
>> error code 21 (Invalid syntax) - attribute type raOfficerSubjectDN:
>> Missing parent attribute syntax OID
>> [08/Apr/2022:09:50:38.539912128 +0200] - ERR - schema_reload -
>> slapi_validate_schema_files failed
>> [08/Apr/2022:09:50:38.544588257 +0200] - ERR - schemareload -
>> schemareload_thread - Schema validation failed.
>
> raOfficerSubjectDN is defined this way:
>
> attributeTypes: ( raOfficerSubjectDN-oid
>   NAME 'raOfficerSubjectDN'
>   DESC 'RA office subject  DN; KDO'
>   SUP certSubjectDN
>   SINGLE-VALUE
>   X-ORIGIN 'CESNET RA DOC'
>  )
>
> and certSubjectDN is defined:
>
> attributeTypes: ( certSubjectDN-oid
>   NAME 'certsubjectdn'
>   DESC 'CESNET Attribute'
>   SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
>   X-ORIGIN 'CESNET'
>  )
>
> It is interesting that when I restart whole server it starts correctly
> and in schema is attribute present:
>
> ldapsearch -H ldaps://ldap33 -x -b 'cn=schema' -o ldif-wrap=no +
> ...
> attributeTypes: ( raOfficerSubjectDN-oid NAME 'raOfficerSubjectDN'
> DESC 'RA office subject  DN; KDO' SUP certSubjectDN SYNTAX
> 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'CESNET RA DOC' )
>
> I was looking for attributeType syntax and in RFC 2252 is written:
>
>> ... Servers SHOULD provide at least one of the "SUP" and "SYNTAX"
>> fields for each AttributeTypeDescription.
> Isn't there a bug in validator which is used by Schema Reload plug-in?
>
> Best regards

--
Directory Server Development Team
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

No comments:

Post a Comment