Bug 1266510

Summary:	Linked Attributes plug-in - wrong behaviour when adding valid and broken links
Product:	Red Hat Enterprise Linux 7	Reporter:	Simon Pichugin <spichugi>
Component:	389-ds-base	Assignee:	Noriko Hosoi <nhosoi>
Status:	CLOSED ERRATA	QA Contact:	Viktor Ashirov <vashirov>
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	7.2	CC:	nkinder, rmeggins
Target Milestone:	rc
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:	389-ds-base-1.3.5.2-1.el7	Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2016-11-03 20:36:05 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Simon Pichugin 2015-09-25 12:55:13 UTC

Description of problem:
When we use one operation to add two(or more) links to some entry, and the value of the first attribute is valid, but other values are unexisting entries, then the managed attribute will be added, but the link attribute won't.

Version-Release number:
389-ds-base-1.3.4.0-18.el7.x86_64

How reproducible:
Always

Steps to Reproduce:
1) Enable Linked Attributes plug-in;
ldapmodify -h localhost -p 389 -D "cn=Directory manager" -w Secret123
cn=Linked Attributes,cn=plugins,cn=config
changetype: modify
replace: nsslapd-pluginEnabled
nsslapd-pluginEnabled: on

2) Create the plug-in instance;
ldapmodify -h localhost -p 389 -D "cn=Directory manager" -w Secret123
dn: cn=Manager Link,cn=Linked Attributes,cn=plugins,cn=config
changetype: add
objectClass: top
objectClass: extensibleObject
cn: Manager Link
linkType: directReport
managedType: manager

3) Add two entries;
ldapmodify -h localhost -p 389 -D "cn=Directory manager" -w Secret123
dn: uid=employee1,ou=People,dc=example,dc=com
changetype: add
objectClass: extensibleobject
objectClass: inetorgperson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: Employee 1
sn: Employee 1
uid: employee1

dn: uid=manager1,ou=People,dc=example,dc=com
changetype: add
objectClass: extensibleobject
objectClass: inetorgperson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: manager 1
sn: manager 1
uid: manager1

4) Execute link operation with existing and unexisting entries;
ldapmodify -h localhost -p 389 -D "cn=Directory manager" -w Secret123
dn: uid=manager1,ou=People,dc=example,dc=com
changetype: modify
add: directreport
directreport: uid=employee1,ou=People,dc=example,dc=com
directreport: uid=doNotExist,ou=People,dc=example,dc=com


Actual results:
ldapsearch -h localhost -p 389 -D "cn=Directory manager" -w Secret123 -b ou=people,dc=example,dc=com
# employee1, people, example.com
dn: uid=employee1,ou=People,dc=example,dc=com
objectClass: extensibleobject
objectClass: inetorgperson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: Employee 1
sn: Employee 1
uid: employee1
manager: uid=manager1,ou=People,dc=example,dc=com

# manager1, people, example.com
dn: uid=manager1,ou=People,dc=example,dc=com
objectClass: extensibleobject
objectClass: inetorgperson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: manager 1
sn: manager 1
uid: manager1

Expected results:
ldapsearch -h localhost -p 389 -D "cn=Directory manager" -w Secret123 -b ou=people,dc=example,dc=com
# employee1, people, example.com
dn: uid=employee1,ou=People,dc=example,dc=com
objectClass: extensibleobject
objectClass: inetorgperson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: Employee 1
sn: Employee 1
uid: employee1
manager: uid=manager1,ou=People,dc=example,dc=com

# manager1, people, example.com
dn: uid=manager1,ou=people,dc=example,dc=com
objectClass: extensibleobject
objectClass: inetorgperson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: manager 1
sn: manager 1
uid: manager1
directreport: uid=employee1,ou=People,dc=example,dc=com

Additional info:
1) If we execute the link operation like this:
ldapmodify -h localhost -p 389 -D "cn=Directory manager" -w Secret123
dn: uid=manager1,ou=People,dc=example,dc=com
changetype: modify
add: directreport
directreport: uid=doNotExist,ou=People,dc=example,dc=com
directreport: uid=employee1,ou=People,dc=example,dc=com

Then nothing will be added.

2) If we try to repair it with fixup-linkedattrs.pl or "cn=fixup linked attributes task", then no directreport attribute will be added to uid=manager1,ou=People,dc=example,dc=com.
Manager attribute will be deleted from uid=employee1,ou=People,dc=example,dc=com.

Comment 2 Noriko Hosoi 2015-09-25 16:50:12 UTC

Upstream ticket:
https://fedorahosted.org/389/ticket/48295

Comment 3 Noriko Hosoi 2015-09-25 16:52:37 UTC

Not a "blocker", push to 7.3...

Comment 4 Mike McCune 2016-03-28 23:12:48 UTC

This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune with any questions

Comment 6 Simon Pichugin 2016-07-12 16:25:01 UTC

Build tested:
389-ds-base-1.3.5.10-3.el7.x86_64

========================== test session starts ==========================
platform linux2 -- Python 2.7.5, pytest-2.9.2, py-1.4.31, pluggy-0.3.1 -- /usr/bin/python
cachedir: dirsrvtests/tests/tickets/.cache
rootdir: /mnt/tests/rhds/tests/upstream/ds/dirsrvtests/tests/tickets, inifile:
plugins: html-1.9.0, cov-2.3.0
collected 1 items

dirsrvtests/tests/tickets/ticket48295_test.py::test_ticket48295 PASSED

======================= 1 passed in 23.08 seconds =======================

Marking as verified.

Comment 7 Simon Pichugin 2016-07-13 07:30:36 UTC

Tests were added to https://git.fedorahosted.org/git/389/ds.git repo:
- dirsrvtests/tests/tickets/ticket48295_test.py

Comment 9 errata-xmlrpc 2016-11-03 20:36:05 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2594.html