Bug 1082967
Summary: | attribute uniqueness plugin fails when set as a chaining component | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Amita Sharma <amsharma> |
Component: | 389-ds-base | Assignee: | Noriko Hosoi <nhosoi> |
Status: | CLOSED ERRATA | QA Contact: | Viktor Ashirov <vashirov> |
Severity: | unspecified | Docs Contact: | |
Priority: | low | ||
Version: | 7.1 | CC: | amsharma, lkrispen, mreynolds, nkinder, rmeggins |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | 389-ds-base-1.3.3.1-1.el7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-03-05 09:34:13 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Amita Sharma
2014-04-01 08:21:15 UTC
Upstream ticket: https://fedorahosted.org/389/ticket/47777 This is issue is two parts. Ticket 47777 is handling how the attribute uniqueness plugin works with chained backends. Currently it fails to check remote chained servers. Then the real issue is that the chaining plugin, which is a database plugin, simply does not call betxn(pre/post) plugins. This issue is being tracked by the following ticket: https://fedorahosted.org/389/ticket/47792 Fixed upstream via ticket 47792 Attribute uniqueness is not working ===================================== dn: cn=attribute uniqueness,cn=plugins,cn=config objectClass: top objectClass: nsSlapdPlugin objectClass: extensibleObject cn: attribute uniqueness nsslapd-pluginPath: libattr-unique-plugin nsslapd-pluginInitfunc: NSUniqueAttr_Init nsslapd-pluginType: betxnpreoperation nsslapd-pluginEnabled: on uniqueness-attribute-name: uid uniqueness-subtrees: o=unused.com uniqueness-across-all-subtrees: off nsslapd-plugin-depends-on-type: database nsslapd-pluginId: NSUniqueAttr nsslapd-pluginVersion: 1.3.3.1 nsslapd-pluginVendor: 389 Project nsslapd-pluginDescription: Enforce unique attribute values nsslapd-pluginarg2: o=my_suffix.com modifiersName: cn=directory manager modifyTimestamp: 20150129085036Z [root@dhcp201-126 export]# ldapsearch -x -h localhost -p 13891 -D "cn=test_user,o=my_mux_suffix.com" -w test_passwd -b "cn=o_target_userA,o=my_suffix.com" # extended LDIF # # LDAPv3 # base <cn=o_target_userA,o=my_suffix.com> with scope subtree # filter: (objectclass=*) # requesting: ALL # # o_target_userA, my_suffix.com dn: cn=o_target_userA,o=my_suffix.com objectClass: top objectClass: person objectClass: inetOrgPerson objectClass: organizationalPerson cn: o_target_userA uid: UID_TOKEN sn: o_target_userA sn # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 [root@dhcp201-126 export]# ldapsearch -x -h localhost -p 13891 -D "cn=test_user,o=my_mux_suffix.com" -w test_passwd -b "cn=o_target_userB,o=my_suffix.com" # extended LDIF # # LDAPv3 # base <cn=o_target_userB,o=my_suffix.com> with scope subtree # filter: (objectclass=*) # requesting: ALL # # o_target_userB, my_suffix.com dn: cn=o_target_userB,o=my_suffix.com objectClass: top objectClass: person objectClass: inetOrgPerson objectClass: organizationalPerson cn: o_target_userB uid: UID_TOKEN sn: o_target_userB sn # search result search: 2 result: 0 Success Even after changing nsslapd-pluginType to preoperation, it is not working :: --------------------------------------------------------------------------- [root@dhcp201-126 export]# ldapmodify -h localhost -p 13891 -D "cn=Directory Manager" -w Secret123 << EOF > dn: cn=attribute uniqueness,cn=plugins,cn=config > changetype: modify > replace: nsslapd-pluginType > nsslapd-pluginType: preoperation > EOF modifying entry "cn=attribute uniqueness,cn=plugins,cn=config" [root@dhcp201-126 export]# vim /etc/dirsrv/slapd-mux/dse.ldif [root@dhcp201-126 export]# ldapadd -x -h localhost -p 13891 -D "cn=test_user,o=my_mux_suffix.com" -w test_passwd << EOF > dn: cn=o_target_user1,o=my_suffix.com > objectclass: top > objectclass: person > objectclass: inetOrgPerson > cn: o_target_user1 > uid: same1 > sn: o_target_user1 sn > EOF adding new entry "cn=o_target_user1,o=my_suffix.com" [root@dhcp201-126 export]# ldapadd -x -h localhost -p 13891 -D "cn=test_user,o=my_mux_suffix.com" -w test_passwd << EOF > dn: cn=o_target_user2,o=my_suffix.com > objectclass: top > objectclass: person > objectclass: inetOrgPerson > cn: o_target_user2 > uid: same1 > sn: o_target_user2 sn > EOF adding new entry "cn=o_target_user2,o=my_suffix.com" Please refer detailed results of TET longduration test - chainingbackend2, they all have failed which were expecting errors:: http://dhcp201-126.englab.pnq.redhat.com/qa/archive/ds/10/acceptance/output/Linux/20150129-140229/chainingbackend2/chainingbackend2.run.out.32113 There are several problems with your plugin configuration: [1] a mismatch between the plugin args, and full attribute names(e.g. uniqueness-subtrees). [2] The plugin args is missing "nsslapd-pluginarg1", but you have nsslapd-pluginarg2 set. The plugin entry should look like this (no nsslapd-pluginarg's): dn: cn=attribute uniqueness,cn=plugins,cn=config objectClass: top objectClass: nsSlapdPlugin objectClass: extensibleObject cn: attribute uniqueness nsslapd-pluginPath: libattr-unique-plugin nsslapd-pluginInitfunc: NSUniqueAttr_Init nsslapd-pluginType: betxnpreoperation nsslapd-pluginEnabled: on uniqueness-attribute-name: uid uniqueness-subtrees: o=my_suffix.com uniqueness-across-all-subtrees: off nsslapd-plugin-depends-on-type: database nsslapd-pluginId: NSUniqueAttr nsslapd-pluginVersion: 1.3.3.1 nsslapd-pluginVendor: 389 Project nsslapd-pluginDescription: Enforce unique attribute values Test cases passed with recommended settings, need to fix this in tet code. Results ========= CBE2_11: expect=0 actual=0 PASS -- Create user at root level (same uid as the previous user) (error expected) ldap_add: Constraint violation ldap_add: additional info: Another entry with the same attribute value already exists (attribute: "uid") adding new entry cn=o_target_userB,o=my_suffix.com CBE2_11: expect=19 actual=19 PASS -- Create user at my_ou_0 level in the chained backend (error expected) ldap_add: Constraint violation ldap_add: additional info: Another entry with the same attribute value already exists (attribute: "uid") adding new entry cn=ou0_target_user,ou=my_ou_0,o=my_suffix.com CBE2_11: expect=19 actual=19 PASS -- Create user at my_ou_1 level (locally, but in another backend) (error expected) ldap_add: Constraint violation ldap_add: additional info: Another entry with the same attribute value already exists (attribute: "uid") adding new entry cn=ou1_target_user,ou=my_ou_1,o=my_suffix.com CBE2_11: expect=19 actual=19 PASS -- Create user at my_ou_2 level (locally, in the same backend) (error expected) ldap_add: Constraint violation ldap_add: additional info: Another entry with the same attribute value already exists (attribute: "uid") adding new entry cn=ou2_target_user,ou=my_ou_2,o=my_suffix.com CBE2_11: expect=19 actual=19 PASS TestCase [CBE2_11] result-> [PASS] Marking bug as VERIFIED. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-0416.html |