Bug 34420

Comment 1 Janis Meybohm 2015-06-25 09:39:23 CEST

Ticket#2015061821000522

Reported again by customer and this is still the case for UCS 4.

We should fix this as customers may use the logged LDIF's to restore LDAP-objects that were mistakenly deleted. Without the "::" prefix the base64 encoded attributes will be written to LDAP as strings and that may(will) lead to encoding problems down the road.

Comment 2 Julius Hinrichs 2016-09-14 14:21:53 CEST

Created attachment 8006 [details]
Suggested patch for /usr/lib/univention-directory-listener/system/directory_logger.py to add the prefix

Comment 3 Florian Best 2016-09-14 16:37:25 CEST

(In reply to Julius Hinrichs from comment #2)
> Created attachment 8006 [details]
> Suggested patch for
> /usr/lib/univention-directory-listener/system/directory_logger.py to add the
> prefix

The patch would write "foo::: bar" into the LDIF.
By the way: There are libs in python to create LDIF's. Maybe that's better because they automatically handle this? (Not sure, I don't know the context of the listener).

Comment 4 Florian Best 2016-09-14 16:38:47 CEST

(In reply to Florian Best from comment #3)
> (In reply to Julius Hinrichs from comment #2)
> > Created attachment 8006 [details]
> > Suggested patch for
> > /usr/lib/univention-directory-listener/system/directory_logger.py to add the
> > prefix
> 
> The patch would write "foo::: bar" into the LDIF.
The patch would write "::foo: bar" instead of "foo:: bar".

Comment 5 Julius Hinrichs 2016-09-14 17:01:56 CEST

Created attachment 8008 [details]
Updated patch for /usr/lib/univention-directory-listener/system/directory_logger.py

This should return the correct notation.

Comment 6 Arvid Requate 2016-09-27 18:15:45 CEST

Your change calculates base64Filter(value) twice, I guess that can be coded more efficiently.

Comment 7 Julius Hinrichs 2016-09-28 14:53:23 CEST

Created attachment 8044 [details]
Alternative solution

In this version the base64value is calculated only once.

Comment 8 Florian Best 2016-09-28 15:04:25 CEST

Comment on attachment 8044 [details]
Alternative solution

If performance matters:

def ldapEntry2string(entry):
    return ''.join(
        '%s%s %s\n' % (key, ':' if base64value == value else '::', base64value)
        for key, valuelist in entry.iteritems()
        for value, base64value in ((value, base64Filter(value)) for value in valuelist)
    )

Comment 9 Philipp Hahn 2016-10-11 17:30:26 CEST

Created attachment 8089 [details]
base64 encoding

base64 detection is incomplete as well - stolen from python-ldap

Comment 10 Philipp Hahn 2016-10-13 11:44:12 CEST

r73116 | Bug #34420 log: Fix base64 encoding

Package: univention-directory-logger
Version: 7.0.1-2.39.201610131121
Branch: ucs_4.1-0
Scope: errata4.1-3

r73131 | Bug #34420 log: Fix base64 encoding

r73141 | Bug #25404,Bug #34916,Bug #34420,Bug #42665: univention-directory-logger YAML
 univention-directory-logger.yaml

Comment 11 Philipp Hahn 2016-10-17 14:30:06 CEST

Created attachment 8117 [details]
34420.diff

b0275d1 Bug #34420 log: Fix base64 encoding

Comment 12 Felix Botner 2016-10-21 11:04:56 CEST

OK - base64 encoding
OK - ldif: '::' for base64 encoded attributes
OK - yaml
OK - merged to 4.2

Comment 13 Janek Walkenhorst 2016-10-26 17:09:00 CEST

<http://errata.software-univention.de/ucs/4.1/317.html>