puppet-openldap icon indicating copy to clipboard operation
puppet-openldap copied to clipboard

Published 20 hours ago verified publisher icon voxpupuli

LDIF mangling is in schema provider does not handle LDIF line wrapping correctly

Open dabelenda opened this issue 3 years ago • 1 comments

Affected Puppet, Ruby, OS and module versions/distributions

  • Module version: 5.0.1

How to reproduce (e.g Puppet code you use)

When managing openldap schema with the module, having this definition

   openldap::server::schema { 'cosine':
    ensure => present,
    path   => '/etc/openldap/schema/cosine.ldif',
  }

When applying to RHEL7.9 nodes with openldap 2.4.44-24.el7_9

What are you seeing

Managing schema with the previous snippet results with this error:

Error message: Execution of '/usr/bin/ldapadd -cQY EXTERNAL -H ldapi:/// -f /tmp/openldap_schemas_ldif20220225-44400-33371m' returned 80: ldap_modify: Other (e.g., implementation specific) error (80)
	additional info: olcAttributeTypes: Unexpected token before {256} )
modifying entry "cn={1}cosine,cn=schema,cn=config"
Error: /Stage[main]/Profiles_epfl::App::Ldap_rhel7/Openldap::Server::Schema[cosine]/Openldap_schema[cosine]/ensure: change from 'absent' to 'present' failed: LDIF content:
dn: cn={1}cosine,cn=schema,cn=config
changetype: modify
replace: olcAttributeTypes
olcAttributeTypes:( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress' 
  EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.
  1466.115.121.1.15{256} )

[...]

Error message: Execution of '/usr/bin/ldapadd -cQY EXTERNAL -H ldapi:/// -f /tmp/openldap_schemas_ldif20220225-44400-33371m' returned 80: ldap_modify: Other (e.g., implementation specific) error (80)
	additional info: olcAttributeTypes: Unexpected token before {256} )
modifying entry "cn={1}cosine,cn=schema,cn=config"

Reading the LDIF present in the error message I saw the problem, there are two spaces at each line wrapping. In LDIF format, a line with a single space means line wrapping that single space is eaten and the rest of the line is appended at the end of the previous line. The original file is correct, so the puppet module is changing the file.

What behaviour did you expect instead

The schema should be applied without error.

Output log

Any additional information you'd like to impart

The following snippet is responsible for the error: https://github.com/voxpupuli/puppet-openldap/blob/master/lib/puppet/provider/openldap_schema/olc.rb#L144-L145 This regexp matching and output may replace a single space with two spaces and thus create an invalid syntax error as seen in my output.

dabelenda avatar Feb 25 '22 12:02 dabelenda