Hi Andrey, Looking at this line, &#039, is not a UTF-8 representation of apostrophe. Rather a Latin-1 representation? Also, it contains ',' in the rdn value without an escape. It's considered a separator between rdns. I wonder who created the input DN...? entryrdn-index - entryrdn_index_read: Param error: Failed to convert cn=salon d&#039,honneur,ou=objets,dc=id,dc=polytechnique,dc=edu to Slapi_RDN

Thanks, --noriko On 08/25/2010 08:35 AM, Andrey Ivanov wrote: > Hi, > > i'm continuing to test the latest version of 389. Here are the error > messages that i've seen (it happened only once for now) in error log : > > [25/Aug/2010:17:21:10 +0200] entryrdn-index - entryrdn_index_read: > Param error: Failed to convert cn=salon > d&#039,honneur,ou=objets,dc=id,dc=polytechnique,dc=edu to Slapi_RDN > [25/Aug/2010:17:21:10 +0200] - dn2entry: Failed to get id for > cn=salon d&#039,honneur,ou=objets,dc=id,dc=polytechnique,dc=edu from > entryrdn index (34) > [25/Aug/2010:17:21:10 +0200] entryrdn-index - entryrdn_index_read: > Param error: Failed to convert > honneur,ou=objets,dc=id,dc=polytechnique,dc=edu to Slapi_RDN > [25/Aug/2010:17:21:10 +0200] - dn2entry: Failed to get id for > honneur,ou=objets,dc=id,dc=polytechnique,dc=edu from entryrdn index (34) > > > The object in question is > cn=SALON D'HONNEUR,ou=Objets,dc=id,dc=polytechnique,dc=edu > departmentNumber: DG/SG/MG/REST > objectClass: top > cn: SALON D'HONNEUR > > What is the problem with this entry, conversion to Slapi_DN and > entryrdn index? Here are the > corresponding entries extracted with dbscan : > > 5370:cn=salon d'honneur > ID: 5370; RDN: "cn=SALON D'HONNEUR"; NRDN: "cn=salon d'honneur" > > C3106:ou=objets > ID: 5370; RDN: "cn=SALON D'HONNEUR"; NRDN: "cn=salon d'honneur" > > P5370:cn=salon d'honneur > ID: 3106; RDN: "ou=Objets"; NRDN: "ou=objets" > > > > I have not made any upgrades of the existing server. Instead, i have > exported the ldif by db2ldif and then imported it into the new server, > so there was no conversion phase. > > > Andrey Ivanov > tel +33-(0)1-69-33-99-24 > fax +33-(0)1-69-33-99-55 > > Direction des Systemes d'Information > Ecole Polytechnique > 91128 Palaiseau CEDEX > France > > -- > 389 users mailing list > 389-users(a)lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users ------------------------------------------------------------------------ -- 389 users mailing list 389-users(a)lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users

On 08/25/2010 10:44 AM, Rich Megginson wrote: > > Noriko Hosoi wrote: >> >> Hi Andrey, >> >> Looking at this line,&#039, is not a UTF-8 representation of >> apostrophe. Rather a Latin-1 representation? Also, it contains ',' >> in the rdn value without an escape. It's considered a separator >> between rdns. I wonder who created the input DN...? >> >> entryrdn-index - entryrdn_index_read: Param error: Failed to convert >> cn=salon d&#039,honneur,ou=objets,dc=id,dc=polytechnique,dc=edu to >> Slapi_RDN >> > &#039, looks like some sort of html/xml escape? >

Thanks, Rich! You are right! And I don't think our DN normalizer

Andrey, what you observe is ... 389 v1.2.6.rc7 has no problem to handle cn=salon d&#039,honneur, but

We haven't touched the normalizer between 1.2.6.rc7 and 1.2.7.a1, I

--noriko >> >> Thanks, >> --noriko >> >> On 08/25/2010 08:35 AM, Andrey Ivanov wrote: >>> >>> Hi, >>> >>> i'm continuing to test the latest version of 389. Here are the error >>> messages that i've seen (it happened only once for now) in error log : >>> >>> [25/Aug/2010:17:21:10 +0200] entryrdn-index - entryrdn_index_read: >>> Param error: Failed to convert cn=salon >>> d&#039,honneur,ou=objets,dc=id,dc=polytechnique,dc=edu to Slapi_RDN >>> [25/Aug/2010:17:21:10 +0200] - dn2entry: Failed to get id for >>> cn=salon d&#039,honneur,ou=objets,dc=id,dc=polytechnique,dc=edu from >>> entryrdn index (34) >>> [25/Aug/2010:17:21:10 +0200] entryrdn-index - entryrdn_index_read: >>> Param error: Failed to convert >>> honneur,ou=objets,dc=id,dc=polytechnique,dc=edu to Slapi_RDN >>> [25/Aug/2010:17:21:10 +0200] - dn2entry: Failed to get id for >>> honneur,ou=objets,dc=id,dc=polytechnique,dc=edu from entryrdn index

>>> >>> >>> The object in question is >>> cn=SALON D'HONNEUR,ou=Objets,dc=id,dc=polytechnique,dc=edu >>> departmentNumber: DG/SG/MG/REST >>> objectClass: top >>> cn: SALON D'HONNEUR >>> >>> What is the problem with this entry, conversion to Slapi_DN and >>> entryrdn index? Here are the >>> corresponding entries extracted with dbscan : >>> >>> 5370:cn=salon d'honneur >>> ID: 5370; RDN: "cn=SALON D'HONNEUR"; NRDN: "cn=salon d'honneur" >>> >>> C3106:ou=objets >>> ID: 5370; RDN: "cn=SALON D'HONNEUR"; NRDN: "cn=salon d'honneur" >>> >>> P5370:cn=salon d'honneur >>> ID: 3106; RDN: "ou=Objets"; NRDN: "ou=objets" >>> >>> >>> >>> I have not made any upgrades of the existing server. Instead, i have >>> exported the ldif by db2ldif and then imported it into the new server, >>> so there was no conversion phase. >>> >>> >>> Andrey Ivanov >>> tel +33-(0)1-69-33-99-24 >>> fax +33-(0)1-69-33-99-55 >>> >>> Direction des Systemes d'Information >>> Ecole Polytechnique >>> 91128 Palaiseau CEDEX >>> France >>> >>> -- >>> 389 users mailing list >>> 389-users(a)lists.fedoraproject.org >>> https://admin.fedoraproject.org/mailman/listinfo/389-users >> >> ------------------------------------------------------------------------ >> >> -- >> 389 users mailing list >> 389-users(a)lists.fedoraproject.org >> https://admin.fedoraproject.org/mailman/listinfo/389-users > > -- > 389 users mailing list > 389-users(a)lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users(a)lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users

Thank you so much for the update, Andrey. You eliminated one of our concerns! (Of course, there are plenty more. ;) --noriko

On 08/25/2010 12:44 PM, Andrey Ivanov wrote: > Well, i've sorted out this problem. Rich has pointed out that it's an > html/xml escape. He was right. Since i was working on our production > servers there were some requests constantly coming in. I've searched > through the access logs and found that the source of the problem is a > broken web application that requests an incorrect DN : > > [25/Aug/2010:21:25:21 +0200] conn=4201 op=1 SRCH base="cn=cadre > d&#039,astreinte,ou=objets,dc=id,dc=polytechnique,dc=edu" scope=0 > filter="(&(&(objectClass=X-Object)(ou=*)))" attrs="* modifyTimestamp" > [25/Aug/2010:21:25:21 +0200] conn=4201 op=1 RESULT err=32 tag=101 > nentries=0 etime=0.002000 > > These requests generate the messages i've seen in error log : > [25/Aug/2010:21:25:21 +0200] entryrdn-index - entryrdn_index_read: > Param error: Failed to convert cn=cadre > d&#039,astreinte,ou=objets,dc=id,dc=polytechnique,dc=edu to Slapi_RDN > [25/Aug/2010:21:25:21 +0200] - dn2entry: Failed to get id for > cn=cadre d&#039,astreinte,ou=objets,dc=id,dc=polytechnique,dc=edu > from entryrdn index (34) > [25/Aug/2010:21:25:21 +0200] entryrdn-index - entryrdn_index_read: > Param error: Failed to convert > astreinte,ou=objets,dc=id,dc=polytechnique,dc=edu to Slapi_RDN > > So there is no problem in the server code, it's a broken application. > It applies to both 6rc7 and 7rc1 versions of course. The reason why > i thought there was no problem in rc7 case is that i've made the > tests with rc7 at 21h00, at this time there were no users and so no > requests from the above-mentioned application :)) > I was alarmed because on our servers there are very few error > messages in error logs and i know them all. This sort of error > message (incorrect DN or filter in ldap search requests) was not > logged in previous 389 versions, it's a behavour change... > So the only thing that i should look into is the server crash during > SSL incremental replication in the current git version. > > > > > 2010/8/25 Noriko Hosoi <nhosoi(a)redhat.com <mailto:nhosoi@redhat.com>> > > > > On 08/25/2010 10:44 AM, Rich Megginson wrote: > >> > >> Noriko Hosoi wrote: > >>> > >>> Hi Andrey, > >>> > >>> Looking at this line,&#039, is not a UTF-8 representation of > >>> apostrophe. Rather a Latin-1 representation? Also, it contains ',' > >>> in the rdn value without an escape. It's considered a separator > >>> between rdns. I wonder who created the input DN...? > >>> > >>> entryrdn-index - entryrdn_index_read: Param error: Failed to convert > >>> cn=salon d&#039,honneur,ou=objets,dc=id,dc=polytechnique,dc=edu to > >>> Slapi_RDN > >>> > >> &#039, looks like some sort of html/xml escape? > >> > http://www.theukwebdesigncompany.com/articles/entity-escape-characters.php > > > > Thanks, Rich! You are right! And I don't think our DN normalizer > supports it. > > > > Andrey, what you observe is ... > > 389 v1.2.6.rc7 has no problem to handle cn=salon d&#039,honneur, > but 1.2.7.a1 does? > > > > We haven't touched the normalizer between 1.2.6.rc7 and 1.2.7.a1, I > think... > > --noriko > >>> > >>> Thanks, > >>> --noriko > >>> > >>> On 08/25/2010 08:35 AM, Andrey Ivanov wrote: > >>>> > >>>> Hi, > >>>> > >>>> i'm continuing to test the latest version of 389. Here are the error > >>>> messages that i've seen (it happened only once for now) in error > log : > >>>> > >>>> [25/Aug/2010:17:21:10 +0200] entryrdn-index - entryrdn_index_read: > >>>> Param error: Failed to convert cn=salon > >>>> d&#039,honneur,ou=objets,dc=id,dc=polytechnique,dc=edu to Slapi_RDN > >>>> [25/Aug/2010:17:21:10 +0200] - dn2entry: Failed to get id for > >>>> cn=salon d&#039,honneur,ou=objets,dc=id,dc=polytechnique,dc=edu from > >>>> entryrdn index (34) > >>>> [25/Aug/2010:17:21:10 +0200] entryrdn-index - entryrdn_index_read: > >>>> Param error: Failed to convert > >>>> honneur,ou=objets,dc=id,dc=polytechnique,dc=edu to Slapi_RDN > >>>> [25/Aug/2010:17:21:10 +0200] - dn2entry: Failed to get id for > >>>> honneur,ou=objets,dc=id,dc=polytechnique,dc=edu from entryrdn > index (34) > >>>> > >>>> > >>>> The object in question is > >>>> cn=SALON D'HONNEUR,ou=Objets,dc=id,dc=polytechnique,dc=edu > >>>> departmentNumber: DG/SG/MG/REST > >>>> objectClass: top > >>>> cn: SALON D'HONNEUR > >>>> > >>>> What is the problem with this entry, conversion to Slapi_DN and > >>>> entryrdn index? Here are the > >>>> corresponding entries extracted with dbscan : > >>>> > >>>> 5370:cn=salon d'honneur > >>>> ID: 5370; RDN: "cn=SALON D'HONNEUR"; NRDN: "cn=salon d'honneur" > >>>> > >>>> C3106:ou=objets > >>>> ID: 5370; RDN: "cn=SALON D'HONNEUR"; NRDN: "cn=salon d'honneur" > >>>> > >>>> P5370:cn=salon d'honneur > >>>> ID: 3106; RDN: "ou=Objets"; NRDN: "ou=objets" > >>>> > >>>> > >>>> > >>>> I have not made any upgrades of the existing server. Instead, i have > >>>> exported the ldif by db2ldif and then imported it into the new > server, > >>>> so there was no conversion phase. > >>>> > >>>> > >>>> Andrey Ivanov > >>>> tel +33-(0)1-69-33-99-24 > >>>> fax +33-(0)1-69-33-99-55 > >>>> > >>>> Direction des Systemes d'Information > >>>> Ecole Polytechnique > >>>> 91128 Palaiseau CEDEX > >>>> France > >>>> > >>>> -- > >>>> 389 users mailing list > >>>> 389-users(a)lists.fedoraproject.org > <mailto:389-users@lists.fedoraproject.org> > >>>> https://admin.fedoraproject.org/mailman/listinfo/389-users > >>> > >>> > ------------------------------------------------------------------------ > >>> > >>> -- > >>> 389 users mailing list > >>> 389-users(a)lists.fedoraproject.org > <mailto:389-users@lists.fedoraproject.org> > >>> https://admin.fedoraproject.org/mailman/listinfo/389-users > >> > >> -- > >> 389 users mailing list > >> 389-users(a)lists.fedoraproject.org > <mailto:389-users@lists.fedoraproject.org> > >> https://admin.fedoraproject.org/mailman/listinfo/389-users > > > > > > > > -- > > 389 users mailing list > > 389-users(a)lists.fedoraproject.org > <mailto:389-users@lists.fedoraproject.org> > > https://admin.fedoraproject.org/mailman/listinfo/389-users > > > -- > 389 users mailing list > 389-users(a)lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users ------------------------------------------------------------------------ -- 389 users mailing list 389-users(a)lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users

2010/8/25 Rich Megginson <rmeggins(a)redhat.com <mailto:rmeggins@redhat.com>> Noriko Hosoi wrote: > Thank you so much for the update, Andrey. You eliminated one of our > concerns! (Of course, there are plenty more. ;) > --noriko +1 Are there any other issues with 1.2.6.rc7? If not, I would like to tag this as the final 1.2.6 and push it to stable. It's up on our test server for a week and it's in production (three multimasters) for a day now. I have tested it for the major problems i've seen in the past and it seems to be ok. The only other semi-cosmetic issue i've found is the statistics of the new dn cache (dnentrycachehits, dnentrycachetries and dnentrycachehitratio in "cn=monitor,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"). The monitor values for this cache do not change at all (this is especially strange for the hits and tries under heavy load) : dnentrycachehits: 19048 dnentrycachetries: 28571 dnentrycachehitratio: 66 dncurrententrycachesize: 1774672 dnmaxentrycachesize: 10485760 dncurrententrycachecount: 9524 dnmaxentrycachecount: -1 These values do not change at all on high load production servers for at least 12 hours, from the very beginning... As for me, this problem is not a showstopper for labelling this version as stable, it can be taken care of in future versions.

------------------------------------------------------------------------ -- 389 users mailing list 389-users(a)lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users

2010/8/25 Noriko Hosoi <nhosoi(a)redhat.com <mailto:nhosoi@redhat.com>> Hi Andrey, Looking at this line, &#039, is not a UTF-8 representation of apostrophe. Rather a Latin-1 representation? Also, it contains ',' in the rdn value without an escape. It's considered a separator between rdns. I wonder who created the input DN...? Hi Noriko, i have exported the complete ldif of userRoot database with db2ldif.pl <http://db2ldif.pl> of our current production server - 1.2.5.rc3 : db2ldif.pl <http://db2ldif.pl> -D "cn=Backup, cn=config" -w 'some password '-n userRoot -a /Backup/prod_base_`/bin/date +%Y_%b_%d_%Hh%Mm%Ss`.ldif The corresponding extract from ldif file is ... # entry-id: 5405 dn: cn=SALON D'HONNEUR,ou=objets,dc=id,dc=polytechnique,dc=edu nsUniqueId: 50a40f2e-251a11de-99ffa90c-effa97ef modifyTimestamp: 20100129123533Z modifiersName: uid=andrey.ivanov,ou=personnel,ou=utilisateurs,dc=id,dc=polytec hnique,dc=edu departmentNumber: DG/SG/MG/REST telephoneNumber: +33169333703 X-UniqueId: 50a40f2e-251a11de-99ffa90c-effa97ef ou: ou=rest,ou=mg,ou=sg,ou=dg,ou=organisation,dc=id,dc=polytechnique,dc=edu title: SALON D'HONNEUR objectClass: top objectClass: X-Object cn: SALON D'HONNEUR X-majaxIndex: 17988 creatorsName: createTimestamp: 20090811160546Z ... The error seems to appear only in 1.2.7.a1 version, the 1.2.6.rc7 version does not show any errors at all concerning this entry... entryrdn-index - entryrdn_index_read: Param error: Failed to convert cn=salon d&#039,honneur,ou=objets,dc=id,dc=polytechnique,dc=edu to Slapi_RDN Thanks, --noriko On 08/25/2010 08:35 AM, Andrey Ivanov wrote: Hi, i'm continuing to test the latest version of 389. Here are the error messages that i've seen (it happened only once for now) in error log : [25/Aug/2010:17:21:10 +0200] entryrdn-index - entryrdn_index_read: Param error: Failed to convert cn=salon d&#039,honneur,ou=objets,dc=id,dc=polytechnique,dc=edu to Slapi_RDN [25/Aug/2010:17:21:10 +0200] - dn2entry: Failed to get id for cn=salon d&#039,honneur,ou=objets,dc=id,dc=polytechnique,dc=edu from entryrdn index (34) [25/Aug/2010:17:21:10 +0200] entryrdn-index - entryrdn_index_read: Param error: Failed to convert honneur,ou=objets,dc=id,dc=polytechnique,dc=edu to Slapi_RDN [25/Aug/2010:17:21:10 +0200] - dn2entry: Failed to get id for honneur,ou=objets,dc=id,dc=polytechnique,dc=edu from entryrdn index (34) The object in question is cn=SALON D'HONNEUR,ou=Objets,dc=id,dc=polytechnique,dc=edu departmentNumber: DG/SG/MG/REST objectClass: top cn: SALON D'HONNEUR What is the problem with this entry, conversion to Slapi_DN and entryrdn index? Here are the corresponding entries extracted with dbscan : 5370:cn=salon d'honneur ID: 5370; RDN: "cn=SALON D'HONNEUR"; NRDN: "cn=salon d'honneur" C3106:ou=objets ID: 5370; RDN: "cn=SALON D'HONNEUR"; NRDN: "cn=salon d'honneur" P5370:cn=salon d'honneur ID: 3106; RDN: "ou=Objets"; NRDN: "ou=objets" I have not made any upgrades of the existing server. Instead, i have exported the ldif by db2ldif and then imported it into the new server, so there was no conversion phase. Andrey Ivanov tel +33-(0)1-69-33-99-24 fax +33-(0)1-69-33-99-55 Direction des Systemes d'Information Ecole Polytechnique 91128 Palaiseau CEDEX France -- 389 users mailing list 389-users(a)lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users(a)lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users(a)lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users