Bug 1109358

Summary: A tombstone entry is deleted by ldapdelete
Product: Red Hat Enterprise Linux 6 Reporter: Noriko Hosoi <nhosoi>
Component: 389-ds-baseAssignee: Noriko Hosoi <nhosoi>
Status: CLOSED ERRATA QA Contact: Sankar Ramalingam <sramling>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.0CC: amsharma, jgalipea, nkinder, rmeggins
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 389-ds-base-1.2.11.15-34.el6 Doc Type: Bug Fix
Doc Text:
Cause: An failure in backend transaction post plugin was not properly passed to the backend delete. Consequence: A tombstone deletion by ldapdelete op from client was unexpectedly executed. Fix: Added a failure check code. Result: A tombstone deletion by ldapdelete op from client fails as expected.
 Story Points: ---
Clone Of:
: 1109360 (view as bug list) Environment:
Last Closed: 2014-10-14 07:55:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1109360    

Description Noriko Hosoi 2014-06-13 18:13:05 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/389/ticket/47731

{{{
Steps:
1. add entries 
ou=People,dc=example,dc=com
uid=A,ou=People,dc=example,dc=com
uid=B,ou=People,dc=example,dc=com

2. delete entries 
uid=A,ou=People,dc=example,dc=com
uid=B,ou=People,dc=example,dc=com
ou=People,dc=example,dc=com

3. search tombstone entries
ldapsearch [...] -b 'dc=example,dc=com' "(objectclass=nstombstone)" dn
dn: nsuniqueid=...,ou=People,dc=example,dc=com
dn: nsuniqueid=...,uid=A,ou=People,dc=example,dc=com
dn: nsuniqueid=...,uid=B,ou=People,dc=example,dc=com

4. delete "uid=A"; it's successfully deleted, which should not be.
5. delete "ou=People"; it's successfully deleted. 
   1) a tombstone entry should not be deleted any way. 
   2) even if a child tombstone entry uid=B exists, ou=People is deleted.
}}}
Comment 2 Amita Sharma 2014-07-15 10:34:31 UTC 
[root@dhcp201-155 ~]# ldapadd -x -h localhost -p 30100 -D "cn=Directory Manager" -w Secret123  << EOF
dn: ou=A,dc=example,dc=com
ou: People
ou: A   
objectClass: top
objectClass: organizationalunit
EOF                              
adding new entry "ou=A,dc=example,dc=com"

[root@dhcp201-155 ~]# ldapadd -x -h localhost -p 30100 -D "cn=Directory Manager" -w Secret123  << EOF
dn: uid=AA,ou=A,dc=example,dc=com
uid: 1456
givenName: 123
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
sn: 456
cn: 456
EOF

adding new entry "uid=AA,ou=A,dc=example,dc=com"

[root@dhcp201-155 ~]# ldapadd -x -h localhost -p 30100 -D "cn=Directory Manager" -w Secret123  << EOF
dn: uid=BB,ou=A,dc=example,dc=com
uid: 1456
givenName: 123
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
sn: 456
cn: 456
EOF

adding new entry "uid=BB,ou=A,dc=example,dc=com"


[root@dhcp201-155 ~]# ldapdelete -x -r -h localhost -p 30100 -D "cn=Directory Manager"  -w Secret123  "ou=A,dc=example,dc=com"


[root@dhcp201-155 ~]# ldapsearch -x -h localhost -p 30100 -D "cn=Directory Manager" -w Secret123 -b "dc=example,dc=com" "(objectclass=nsTombstone)" dn
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: (objectclass=nsTombstone)
# requesting: dn 
#

# ffffffff-ffffffff-ffffffff-ffffffff, example.com
dn: nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff,dc=example,dc=com

# 028ba201-0c0611e4-bc01ffc3-e3d66826, A, example.com
dn: nsuniqueid=028ba201-0c0611e4-bc01ffc3-e3d66826,ou=A,dc=example,dc=com

# 264ee801-0c0611e4-bc01ffc3-e3d66826, AA, A, example.com
dn: nsuniqueid=264ee801-0c0611e4-bc01ffc3-e3d66826,uid=AA,ou=A,dc=example,dc=c
 om

# 264ee802-0c0611e4-bc01ffc3-e3d66826, BB, A, example.com
dn: nsuniqueid=264ee802-0c0611e4-bc01ffc3-e3d66826,uid=BB,ou=A,dc=example,dc=c
 om

# search result
search: 2
result: 0 Success

# numResponses: 5

[root@dhcp201-155 ~]# ldapdelete -x -r -h localhost -p 30100 -D "cn=Directory Manager"  -w Secret123  "ou=A,dc=example,dc=com"
ldap_search: No such object (32)
ldap_delete: No such object (32)
	matched DN: dc=example,dc=com
[root@dhcp201-155 ~]# ldapdelete -x -r -h localhost -p 30102 -D "cn=Directory Manager"  -w Secret123  "ou=A,dc=example,dc=com"
ldap_search: No such object (32)
ldap_delete: No such object (32)
	matched DN: dc=example,dc=com
[root@dhcp201-155 ~]# ldapdelete -x -r -h localhost -p 30102 -D "cn=Directory Manager"  -w Secret123  "uid=BB,ou=A,dc=example,dc=com"
ldap_search: No such object (32)
ldap_delete: No such object (32)
	matched DN: dc=example,dc=com
[root@dhcp201-155 ~]# ldapdelete -x -r -h localhost -p 30102 -D "cn=Directory Manager"  -w Secret123  "uid=AA,ou=A,dc=example,dc=com"
ldap_search: No such object (32)
ldap_delete: No such object (32)
	matched DN: dc=example,dc=com
[root@dhcp201-155 ~]# ldapdelete -x -r -h localhost -p 30100 -D "cn=Directory Manager"  -w Secret123  "uid=AA,ou=A,dc=example,dc=com"
ldap_search: No such object (32)
ldap_delete: No such object (32)
	matched DN: dc=example,dc=com

Hence VERIFIED.
Comment 3 errata-xmlrpc 2014-10-14 07:55:31 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1385.html