mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
parent: 26cba063 | patch | commit | show whitespace
jvergara
09.18.2009 a64eeca99c07bc4bdbb65d4a3643dc77c65f2095 
Fix for issue 2642 (ldif-diff doesn't detect differences in encoded values)

The fix has three parts.

1. Currently the code of ldif-diff does not take into account the syntax of the attributes.  Basically the comparison of values is a non-case sensitive String comparison.  In order to be able to take into account the syntax of the attributes a config file must be provided to LDIFDiff.  This is fixed by invoking _server_script instead of _client_script on the command-line scripts (ldif-diff and ldif-diff.bat).

2. There is a problem with the normalization in the org.opends.server.schema.UserPasswordExactEqualityMatchingRule class.  Currently the normalized value in the case of an encoded password is the lower-case version of the value.  For instance:

value: {SSHA}cJNE9kjr52rZmttLaIrl4bOelWfvlM3Luk4Q7g==
normalizedValue: {ssha}cjne9kjr52rzmttlairl4boelwfvlm3luk4q7g==

The fix consists on only normalizing the encoding tag:
value: {SSHA}cJNE9kjr52rZmttLaIrl4bOelWfvlM3Luk4Q7g==
normalizedValue: {ssha}cJNE9kjr52rZmttLaIrl4bOelWfvlM3Luk4Q7g==


3. If we load the configuration and we always use the schema check when reading the provided LDIF files, if those files are not compatible with the schema on the installation where they are being run, the ldif-diff will not work.  In order to keep the current behavior (and thus accept LDIF files that are not compatible with the schema of the installation) a new argument has been added to the ldif-diff command-line (checkSchema).  The user must provide this argument if a strict comparison of the values must be made.  Adding this attribute allows to keep the current 'tolerant' behavior of ldif-diff, however it makes the use of the command-line a bit more complex.  I personally think that having the possibility of running ldif-diff regardless of the schema overweights the problematic added complexity, but maybe someone disagrees (or has a better alternative than adding this argument).

The changes in LDIFDiff correspond to the new argument.
5 files modified
55 ■■■■ changed files
opends/resource/bin/ldif-diff 4 ●●●● patch | view | raw | blame | history
opends/resource/bin/ldif-diff.bat 4 ●●●● patch | view | raw | blame | history
opends/src/messages/messages/tools.properties 7 ●●●●● patch | view | raw | blame | history
opends/src/server/org/opends/server/schema/UserPasswordExactEqualityMatchingRule.java 17 ●●●● patch | view | raw | blame | history
opends/src/server/org/opends/server/tools/LDIFDiff.java 23 ●●●●● patch | view | raw | blame | history 
 opends/resource/bin/ldif-diff


@@ -23,7 +23,7 @@


# CDDL HEADER END


#


#


#      Copyright 2006-2008 Sun Microsystems, Inc.


#      Copyright 2006-2009 Sun Microsystems, Inc.






# This script may be used to compare the contents of two LDIF files.


@@ -34,4 +34,4 @@


export SCRIPT_NAME




SCRIPT_DIR=`dirname "${0}"`


"${SCRIPT_DIR}/../lib/_client-script.sh" "${@}"


"${SCRIPT_DIR}/../lib/_server-script.sh" "${@}"




 opends/resource/bin/ldif-diff.bat


@@ -23,12 +23,12 @@


rem CDDL HEADER END


rem


rem


rem      Copyright 2006-2008 Sun Microsystems, Inc.


rem      Copyright 2006-2009 Sun Microsystems, Inc.




setlocal




set OPENDS_INVOKE_CLASS="org.opends.server.tools.LDIFDiff"


set SCRIPT_NAME=ldif-diff


for %%i in (%~sf0) do call "%%~dPsi\..\lib\_client-script.bat" %*


for %%i in (%~sf0) do call "%%~dPsi\..\lib\_server-script.bat" %*








 opends/src/messages/messages/tools.properties


@@ -2482,3 +2482,10 @@


INFO_TASKINFO_CMD_CANCEL_CHAR_1672=c


INFO_TASKINFO_CMD_VIEW_LOGS_CHAR_1673=l


 


INFO_LDIFDIFF_DESCRIPTION_CHECK_SCHEMA_1674=Takes into account the syntax of \


 the attributes as defined in the schema to make the value comparison.  The \


 provided LDIF files must be conform to the server schema


SEVERE_WARN_LDIFDIFF_NO_CONFIG_FILE_1675=WARNING:  no configuration file was \


 provided as argument.  No schema check will be performed.  If this is being \


 called throught the '%s' command-line, verify that the script has not been \


 modified




 opends/src/server/org/opends/server/schema/UserPasswordExactEqualityMatchingRule.java


@@ -22,7 +22,7 @@


 * CDDL HEADER END


 *


 *


 *      Copyright 2006-2008 Sun Microsystems, Inc.


 *      Copyright 2006-2009 Sun Microsystems, Inc.


 */


package org.opends.server.schema;




@@ -148,7 +148,20 @@


    if (UserPasswordSyntax.isEncoded(value))


    {


      StringBuilder builder = new StringBuilder(value.length());


      StaticUtils.toLowerCase(value, builder, false);


      int closingBracePos = -1;


      for (int i=1; i < value.length(); i++)


      {


        if (value.byteAt(i) == '}')


        {


          closingBracePos = i;


          break;


        }


      }


      ByteSequence seq1 = value.subSequence(0, closingBracePos + 1);


      ByteSequence seq2 =


        value.subSequence(closingBracePos + 1, value.length());


      StaticUtils.toLowerCase(seq1, builder, false);


      builder.append(seq2);


      return ByteString.valueOf(builder.toString());


    }


    else




 opends/src/server/org/opends/server/tools/LDIFDiff.java


@@ -22,7 +22,7 @@


 * CDDL HEADER END


 *


 *


 *      Copyright 2006-2008 Sun Microsystems, Inc.


 *      Copyright 2006-2009 Sun Microsystems, Inc.


 */


package org.opends.server.tools;


import org.opends.messages.Message;


@@ -54,6 +54,7 @@




import static org.opends.messages.ToolMessages.*;


import static org.opends.server.tools.ToolConstants.*;


import static org.opends.server.util.ServerConstants.PROPERTY_SCRIPT_NAME;


import static org.opends.server.util.StaticUtils.*;






@@ -153,6 +154,7 @@


    BooleanArgument overwriteExisting;


    BooleanArgument showUsage;


    BooleanArgument singleValueChanges;


    BooleanArgument doCheckSchema;


    StringArgument  configClass;


    StringArgument  configFile;


    StringArgument  outputLDIF;


@@ -210,6 +212,12 @@


                   INFO_LDIFDIFF_DESCRIPTION_SINGLE_VALUE_CHANGES.get());


      argParser.addArgument(singleValueChanges);




      doCheckSchema =


        new BooleanArgument(


                "checkschema", null, "checkSchema",


                INFO_LDIFDIFF_DESCRIPTION_CHECK_SCHEMA.get());


      argParser.addArgument(doCheckSchema);




      configFile = new StringArgument("configfile", 'c', "configFile", false,


                                      false, true,


                                      INFO_CONFIGFILE_PLACEHOLDER.get(), null,


@@ -264,8 +272,19 @@


      return 0;


    }




    if (doCheckSchema.isPresent() && !configFile.isPresent())


    {


      String scriptName = System.getProperty(PROPERTY_SCRIPT_NAME);


      if (scriptName == null)


      {


        scriptName = "ldif-diff";


      }


      Message message = WARN_LDIFDIFF_NO_CONFIG_FILE.get(scriptName);


      err.println(message);


    }




    boolean checkSchema = configFile.isPresent();




    boolean checkSchema = configFile.isPresent() && doCheckSchema.isPresent();


    if (! serverInitialized)


    {


      // Bootstrap the Directory Server configuration for use as a client.