Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LDIF mangling is in schema provider does not handle LDIF line wrapping correctly #352

Open
dabelenda opened this issue Feb 25, 2022 · 1 comment
Open

LDIF mangling is in schema provider does not handle LDIF line wrapping correctly #352

dabelenda opened this issue Feb 25, 2022 · 1 comment

Comments

@dabelenda
Copy link

Affected Puppet, Ruby, OS and module versions/distributions

  • Module version: 5.0.1

How to reproduce (e.g Puppet code you use)

When managing openldap schema with the module, having this definition

   openldap::server::schema { 'cosine':
    ensure => present,
    path   => '/etc/openldap/schema/cosine.ldif',
  }

When applying to RHEL7.9 nodes with openldap 2.4.44-24.el7_9

What are you seeing

Managing schema with the previous snippet results with this error:

Error message: Execution of '/usr/bin/ldapadd -cQY EXTERNAL -H ldapi:/// -f /tmp/openldap_schemas_ldif20220225-44400-33371m' returned 80: ldap_modify: Other (e.g., implementation specific) error (80)
	additional info: olcAttributeTypes: Unexpected token before {256} )
modifying entry "cn={1}cosine,cn=schema,cn=config"
Error: /Stage[main]/Profiles_epfl::App::Ldap_rhel7/Openldap::Server::Schema[cosine]/Openldap_schema[cosine]/ensure: change from 'absent' to 'present' failed: LDIF content:
dn: cn={1}cosine,cn=schema,cn=config
changetype: modify
replace: olcAttributeTypes
olcAttributeTypes:( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress' 
  EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.
  1466.115.121.1.15{256} )

[...]

Error message: Execution of '/usr/bin/ldapadd -cQY EXTERNAL -H ldapi:/// -f /tmp/openldap_schemas_ldif20220225-44400-33371m' returned 80: ldap_modify: Other (e.g., implementation specific) error (80)
	additional info: olcAttributeTypes: Unexpected token before {256} )
modifying entry "cn={1}cosine,cn=schema,cn=config"

Reading the LDIF present in the error message I saw the problem, there are two spaces at each line wrapping. In LDIF format, a line with a single space means line wrapping that single space is eaten and the rest of the line is appended at the end of the previous line. The original file is correct, so the puppet module is changing the file.

What behaviour did you expect instead

The schema should be applied without error.

Output log

Any additional information you'd like to impart

The following snippet is responsible for the error: https://github.com/voxpupuli/puppet-openldap/blob/master/lib/puppet/provider/openldap_schema/olc.rb#L144-L145
This regexp matching and output may replace a single space with two spaces and thus create an invalid syntax error as seen in my output.
@dabelenda
Copy link
Author

As a workaround I used the /etc/openldap/schema/cosine.schema file instead, since it is provided by Red Hat.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dabelenda