Bug 1034325

Summary: Linked attributes betxnpreoperation - transaction not aborted when linked entry does not exit
Product: Red Hat Enterprise Linux 7 Reporter: Ján Rusnačko <jrusnack>
Component: 389-ds-baseAssignee: Rich Megginson <rmeggins>
Status: CLOSED ERRATA QA Contact: Viktor Ashirov <vashirov>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.0CC: amsharma, mkubik, mreynolds, nhosoi, nkinder
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 389-ds-base-1.3.4.0-1.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-11-19 11:41:55 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Ján Rusnačko 2013-11-25 15:40:45 UTC 
Description of problem:
From RHEL 7 most DS plugins are converted to be betxn - if their operation fails, whole transaction should fail and not be comitted to database. In case of Linked Attributes plugin, we can create a situation where plugin fails to create linked attribute in managed entry, e.g. due to non-existent managed entry.

Version-Release number of selected component (if applicable):
389-ds-base-1.3.1.6-8.el7.x86_64

How reproducible:
always

Steps to Reproduce:

# Enable plugin
[jrusnack@localhost slapd-dstet]$ ldapmodify -h $HOST -p $PORT -D "cn=directory manager" -w Secret123 -a <<EOF
> dn: cn=Linked Attributes,cn=plugins,cn=config
> changetype: modify
> replace: nsslapd-pluginEnabled
> nsslapd-pluginEnabled: on
> EOF
modifying entry "cn=Linked Attributes,cn=plugins,cn=config"

# Set up new linked attribute seeAlso
[jrusnack@localhost slapd-dstet]$ ldapmodify -h $HOST -p $PORT -D "cn=directory manager" -w Secret123 -a <<EOF
> dn: cn=Manager Link,cn=Linked Attributes,cn=plugins,cn=config
> changetype: add
> objectClass: top
> objectClass: extensibleObject
> cn: Manager Link
> linkType: seeAlso
> managedType: seeAlso
> EOF
adding new entry "cn=Manager Link,cn=Linked Attributes,cn=plugins,cn=config"

# Restart DS to apply changes
[jrusnack@localhost slapd-dstet]$ sudo systemctl restart dirsrv.target

# Add manager entry, which links to non-existent uid=user
[jrusnack@localhost slapd-dstet]$ ldapmodify -h $HOST -p $PORT -D "cn=directory manager" -w Secret123 -a <<EOF
> dn: uid=manager,ou=people,dc=example,dc=com
> objectclass: person
> objectclass: inetOrgPerson
> objectclass: top
> cn: manager
> sn: manager
> uid: manager
> seeAlso: uid=user,ou=people,dc=example,dc=com
> EOF
adding new entry "uid=manager,ou=people,dc=example,dc=com"

[jrusnack@localhost slapd-dstet]$ ldapsearch -h $HOST -p $PORT -D "cn=directory manager" -w Secret123 -b "uid=manager,ou=people,dc=example,dc=com" -LLL
dn: uid=manager,ou=People,dc=example,dc=com
objectClass: person
objectClass: inetOrgPerson
objectClass: top
objectClass: organizationalPerson
cn: manager
sn: manager
uid: manager
seeAlso: uid=user,ou=people,dc=example,dc=com
[jrusnack@localhost slapd-dstet]$ ldapsearch -h $HOST -p $PORT -D "cn=directory manager" -w Secret123 -b "uid=user,ou=people,dc=example,dc=com" -LLL
No such object (32)
Matched DN: ou=people,dc=example,dc=com


Actual results:
Manager entry is created even though creating linked attribute in entry uid=user failed (uid=user does not exist).
Comment 2 Nathan Kinder 2013-11-25 16:02:05 UTC 
Moving to RHEL 7.1.  This plug-in isn't used by IPA, so we don't need to address this until RHEL 7.1 since 389-ds-base is only supported for use by IPA in RHEL 7.0.
Comment 3 Nathan Kinder 2013-12-18 16:57:14 UTC 
Upstream ticket:
https://fedorahosted.org/389/ticket/47640
Comment 7 Noriko Hosoi 2015-05-07 16:23:52 UTC 
Note: changing the behaviour is okay.  We need to doc it in the rel-notes.
Comment 8 mreynolds 2015-06-09 22:21:49 UTC 
Fixed upstream
Comment 10 Amita Sharma 2015-09-01 10:37:10 UTC 
INFO:ticket47640_test:Testcase PASSED
PASSED

========================================== 2 passed in 44.65 seconds ===========================================
wrote pytestdebug information to /export/ds/dirsrvtests/tickets/pytestdebug.log

[root@dhcp201-167 tickets]# rpm -qa | grep 389
389-ds-base-devel-1.3.4.0-14.el7.x86_64
389-ds-base-libs-1.3.4.0-14.el7.x86_64
389-ds-base-debuginfo-1.3.4.0-14.el7.x86_64
389-ds-base-1.3.4.0-14.el7.x86_64

Hence marking as VERIFIED.
Comment 11 errata-xmlrpc 2015-11-19 11:41:55 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2351.html