Bug #7565
LDAP configuration issue on production
100%
Description
Looks like there's an issue with the accounts tree in LDAP on production. Looks fine on stage and sandbox.
curl "https://cn.dataone.org/cn/v1/accounts"
<?xml version="1.0" encoding="UTF-8"?>
Problem listing entries at base: dc=org : Problem looking up group membership at base: dc=org : [LDAP: error code 32 - No Such Object]
Possibly related: during installation on production, there was an issue noted with os-core update that failed on UCSB even though it worked fine on ORC and UNM. After running "dpkg-reconfigure -a" and then running "apt-get upgrade" again, the install continued fine.
Related issues
History
#1 Updated by Ben Leinfelder almost 9 years ago
- % Done changed from 0 to 100
- Status changed from New to Closed
Robert found a group member entry that did not have a corresponding DN identity registered (cn=Christopher Jones A583,o=Google,c=US,dc=cilogon,dc=org) se we deleted that from the group (cn=dataone-coredev,dc=dataone,dc=org) and now the account listing works as expected.
#2 Updated by Rob Nahf almost 9 years ago
- Status changed from Closed to In Progress
- % Done changed from 100 to 30
Same problem has re-appeared, all three CNs:
rnahf$ curl "https://cn.dataone.org/cn/v1/accounts"
<?xml version="1.0" encoding="UTF-8"?>
Problem listing entries at base: dc=org : Problem looking up group membership at base: dc=org : [LDAP: error code 32 - No Such Object]
rnahf$ curl "https://cn-ucsb-1.dataone.org/cn/v1/accounts"
<?xml version="1.0" encoding="UTF-8"?>
Problem listing entries at base: dc=org : Problem looking up group membership at base: dc=org : [LDAP: error code 32 - No Such Object]
rnahf$ curl "https://cn-unm-1.dataone.org/cn/v1/accounts"
<?xml version="1.0" encoding="UTF-8"?>
Problem listing entries at base: dc=org : Problem looking up group membership at base: dc=org : [LDAP: error code 32 - No Such Object]
rnahf$ curl "https://cn-orc-1.dataone.org/cn/v1/accounts"
<?xml version="1.0" encoding="UTF-8"?>
Problem listing entries at base: dc=org : Problem looking up group membership at base: dc=org : [LDAP: error code 32 - No Such Object]
rnahf$
#3 Updated by Ben Leinfelder almost 9 years ago
There was a uniqueMember entry (uid=Karthik Ram,dc=dataone,dc=org) on the CN=ropensci,DC=dataone,DC=org group. I removed the non-existent user and account listing is back to normal.
#4 Updated by Ben Leinfelder almost 9 years ago
I've added a unit test to identify the issue and now we allow the use of unregistered subjects in group membership lists.
#5 Updated by Dave Vieglais over 8 years ago
- Target version changed from CCI-2.0.3 to CCI-2.2.0
#6 Updated by Robert Waltz over 8 years ago
- % Done changed from 30 to 100
- Status changed from In Progress to Closed
#7 Updated by Ben Leinfelder over 8 years ago
- Duplicated by Bug #7857: CnIdentityLDAPImpl.createGroup() allows non-existent uniqueMember, disabling the service entirely added