Bug 1118055

Summary: Add operations rejected by betxn plugins remain in cache
Product: Red Hat Enterprise Linux 7 Reporter: Noriko Hosoi <nhosoi>
Component: 389-ds-baseAssignee: Noriko Hosoi <nhosoi>
Status: CLOSED ERRATA QA Contact: Viktor Ashirov <vashirov>
Severity: unspecified Docs Contact:
Priority: low    
Version: 7.0CC: amsharma, nkinder, rmeggins, spichugi
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 389-ds-base-1.3.3.1-1.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-05 09:36:02 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Noriko Hosoi 2014-07-09 22:24:47 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/389/ticket/47815

Steps to reproduce:

[1]  Enable memberOf plugin (default settings)
[2]  Enable automember plugin
[3]  Enable retro changelog plugin
[4]  Add automember config entry:

dn: cn=group cfg,cn=Auto Membership Plugin,cn=plugins,cn=config
objectClass: autoMemberDefinition
objectClass: top
autoMemberScope: dc=example,dc=com
autoMemberFilter: cn=user
autoMemberDefaultGroup: cn=group,dc=example,dc=com
autoMemberGroupingAttr: member:dn
cn: group cfg

[5] Restart the server
[6] Add automember group:

dn: cn=group,dc=example,dc=com
objectclass: top
objectclass: groupOfNames
cn: group

[7]  Add a user that will trigger the automember plugin

dn: cn=user,dc=example,dc=com
objectclass: person
objectclass: top
cn: user
sn: user

[8]  This add should be rejected with an error 53 (unwilling to perform), as the user does not have the inetuser objectclass that allows "memberOf"

[9]  Attempt to add the same user entry again, but this time an error 68 (entry already exists) is returned.

It is finding the entry in dn2entry_ext().  Stepping through ldbm_back_add() shows the entry is removed from the entry cache, but yet it is still found in the dn cache.
Comment 2 Amita Sharma 2014-12-26 12:51:15 UTC 
[1]  Enable memberOf plugin (default settings)
[2]  Enable automember plugin
[3]  Enable retro changelog plugin

dn: cn=MemberOf Plugin,cn=plugins,cn=config
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
cn: MemberOf Plugin
nsslapd-pluginPath: libmemberof-plugin
nsslapd-pluginInitfunc: memberof_postop_init
nsslapd-pluginType: betxnpostoperation
nsslapd-pluginEnabled: on

dn: cn=Auto Membership Plugin,cn=plugins,cn=config
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
cn: Auto Membership Plugin
nsslapd-pluginPath: libautomember-plugin
nsslapd-pluginInitfunc: automember_init
nsslapd-pluginType: betxnpreoperation
nsslapd-pluginEnabled: on


dn: cn=Retro Changelog Plugin,cn=plugins,cn=config
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
cn: Retro Changelog Plugin
nsslapd-pluginPath: libretrocl-plugin
nsslapd-pluginInitfunc: retrocl_plugin_init
nsslapd-pluginType: object
nsslapd-pluginbetxn: on
nsslapd-pluginEnabled: on

[root@dhcp201-126 pwpolicy]# ldapmodify -a -D "cn=directory manager" -w Secret123 -p 389 -h localhost << EOF
> dn: cn=group cfg,cn=Auto Membership Plugin,cn=plugins,cn=config
> objectClass: autoMemberDefinition
> objectClass: top
> autoMemberScope: dc=example,dc=com
> autoMemberFilter: cn=user
> autoMemberDefaultGroup: cn=group,dc=example,dc=com
> autoMemberGroupingAttr: member:dn
> cn: group cfg
> EOF
adding new entry "cn=group cfg,cn=Auto Membership Plugin,cn=plugins,cn=config"

[root@dhcp201-126 pwpolicy]# /usr/lib64/dirsrv/slapd-dhcp201-126/restart-slapd 
[root@dhcp201-126 pwpolicy]# ldapmodify -a -D "cn=directory manager" -w Secret123 -p 389 -h localhost << EOF
> dn: cn=group,dc=example,dc=com
> objectclass: top
> objectclass: groupOfNames
> cn: group
> EOF
adding new entry "cn=group,dc=example,dc=com"

[root@dhcp201-126 pwpolicy]# ldapmodify -a -D "cn=directory manager" -w Secret123 -p 389 -h localhost << EOF
> dn: cn=user,dc=example,dc=com
> objectclass: person
> objectclass: top
> cn: user
> sn: user
> EOF
adding new entry "cn=user,dc=example,dc=com"
ldap_add: Server is unwilling to perform (53)
	additional info: Automember Plugin update unexpectedly failed.


[root@dhcp201-126 pwpolicy]# ldapmodify -a -D "cn=directory manager" -w Secret123 -p 389 -h localhost << EOF
dn: cn=user,dc=example,dc=com
objectclass: person
objectclass: top
cn: user
sn: user
EOF
adding new entry "cn=user,dc=example,dc=com"
ldap_add: Server is unwilling to perform (53)
	additional info: Automember Plugin update unexpectedly failed.


[root@dhcp201-126 pwpolicy]# ldapmodify -a -D "cn=directory manager" -w Secret123 -p 389 -h localhost << EOF
dn: cn=user,dc=example,dc=com
objectclass: person
objectclass: top
cn: user
sn: user
EOF
adding new entry "cn=user,dc=example,dc=com"
ldap_add: Server is unwilling to perform (53)
	additional info: Automember Plugin update unexpectedly failed.


Getting consistent error message, which is expected, Hence VERIFIED.
Comment 4 errata-xmlrpc 2015-03-05 09:36:02 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0416.html
Comment 5 Simon Pichugin 2017-09-18 09:38:34 UTC 
The test case is automated in https://pagure.io/389-ds-base/blob/master/f/dirsrvtests/tests/tickets/ticket47815_test.py