Univention Bugzilla – Bug 34262
Search for univentionInventoryNumber is case sensitive
Last modified: 2014-11-26 06:55:20 CET
Reported by a customer: still existing and very annoying. +++ This bug was initially created as a clone of Bug #18183 +++ # ldapsearch -x -LL univentionInventoryNumber="IVTNR 400" univentionInventoryNumber version: 1 dn: cn=fsc01,cn=FSC-Futro-A250,cn=ThinClients,cn=computers,dc=knut,dc=univention,dc=de univentionInventoryNumber: IVTNR 400 # ldapsearch -x -LL univentionInventoryNumber="ivtnr 400" univentionInventoryNumber version: 1
There is some strange issue blocking a quick fix currently: When I change caseExactMatch to caseIgnoreMatch the existing attributes are not found any longer (even not with exact search). We had this once and could fix this by running slapindex once again, but somehow I couldn't get it to work yet.
* If I don't change the default matching rule in the schema file, the following four searches return the object (which already had the attribute before the syntax change): univention-ldapsearch -x "(univentionInventoryNumber=INV 938)" univention-ldapsearch -x "(univentionInventoryNumber:caseExactMatch:=INV 938)" univention-ldapsearch -x "(univentionInventoryNumber:caseIgnoreMatch:=INV 938)" univention-ldapsearch -x "(univentionInventoryNumber:caseIgnoreMatch:=inv 938)" When I change the default matching roule to caseIgnoreMatch only univention-ldapsearch -x "(univentionInventoryNumber:caseExactMatch:=INV 938)" returns a result. This is not exactly expected behaviour. * When I add the attribute to another object, the search to that value succeeds in any of the possible searches above. * Another thing we should maybe fix here is that univentionInventoryNumber is not in ldap/index/eq, only in ldap/index/sub.
I couldn't get this fixed properly in the source code (and changing the normalization of LDAP searches is much too dangerous without upstream consultation). So I created an example script demonstrating the issue and opened an ITS (see URL). Let's see what upstream thinks about this.
This is the upstream position on how to deal with this: Making such changes requires the DB to be reloaded.
There at least two ways to handle this: a) change the schema during the update to UCS 4.0 b) keep the schema on update, but use the new schema for new installations, and offer a tool and description for migration. Caveat: use old schema on new installed slaves in an updated domain? I guess in both cases it would be good to have a tool to dump, call a hook (i.e. change the schema) and restore the backend. Even in case a) it's probably to messy to patch slapd.pre/postinst to handle the schema change on the fly. Retagging for UCS 4.0.
A third way would be to only tackle this in the UDM layer. Again several options here: a) Use special univention.admin.mapping function for the UDM property b) Make use of the "extensible matching rule" to explicitly select caseIgnoreMatch equality matching in the UDM LDAP search, like: "(univentionInventoryNumber:caseIgnoreMatch:=INV 938)" This looks like a more complex change in the lookup functions to e.g. adjust search filters containing "univentionInventoryNumber'. So this is probably to complex to implement. Let's focus on option a): This only tackles UDM, but I guess this would be enough, as the customer can always use the "extensible matching rule" in case plain ldap searches are required in some context. Probably the first option is something that could also be done in errata3.2-x.
Fixed: * default matching rule adjusted in schema * univention-ldap-config has been added to the preup.sh * the attribute has been added to the ldap/index/eq list * changelog entry
OK > * default matching rule adjusted in schema -> univention-ldapsearch -LLL univentionInventoryNumber="INV*" dn: cn=master,cn=dc,cn=computers,dc=new,dc=intranet univentionInventoryNumber: InvNum 876 -> univention-ldapsearch -LLL univentionInventoryNumber="inv*" dn: cn=master,cn=dc,cn=computers,dc=new,dc=intranet univentionInventoryNumber: InvNum 876 -> univention-ldapsearch -LLL univentionInventoryNumber="InvNum 876" dn: cn=master,cn=dc,cn=computers,dc=new,dc=intranet univentionInventoryNumber: InvNum 876 -> univention-ldapsearch -LLL univentionInventoryNumber="iNVnUM 876" dn: cn=master,cn=dc,cn=computers,dc=new,dc=intranet univentionInventoryNumber: InvNum 876 > * the attribute has been added to the ldap/index/eq list -> grep univentionInventoryNumber /etc/ldap/slapd.conf index pTRRecord,sambaSID,univentionInventoryNumber eq,sub > * univention-ldap-config has been added to the preup.sh OK > * changelog entry OK
UCS 4.0-0 has been released: http://docs.univention.de/release-notes-4.0-0-en.html http://docs.univention.de/release-notes-4.0-0-de.html If this error occurs again, please use "Clone This Bug".