Bug 1302823
| Summary: | Crash in slapi_get_object_extension | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | German Parente <gparente> | ||||||
| Component: | 389-ds-base | Assignee: | Noriko Hosoi <nhosoi> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | Viktor Ashirov <vashirov> | ||||||
| Severity: | urgent | Docs Contact: | Petr Bokoc <pbokoc> | ||||||
| Priority: | urgent | ||||||||
| Version: | 7.2 | CC: | aheverle, ekeck, nkinder, pbokoc, pkundal, rmeggins | ||||||
| Target Milestone: | rc | Keywords: | ZStream | ||||||
| Target Release: | --- | ||||||||
| Hardware: | All | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | 389-ds-base-1.3.5.2-1.el7 | Doc Type: | Bug Fix | ||||||
| Doc Text: |
ACL plug-in no longer crashes due to missing `pblock` object
When a persistent search (psearch) was launched by a "bind" user without sufficient permissions, the access permissions object in cache failed to reset to point the initial `pblock` structure to the permanent structure. As a consequence, the access control list (ACL) plug-in could crash the server due to a missing `pblock` object. This update ensures that the initial object is reset to the permanent structure, and Directory Server no longer crashes in this situation.
|
Story Points: | --- | ||||||
| Clone Of: | |||||||||
| : | 1309964 (view as bug list) | Environment: | |||||||
| Last Closed: | 2016-11-03 20:39:01 UTC | Type: | Bug | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | |||||||||
| Bug Blocks: | 1309964 | ||||||||
| Attachments: |
|
||||||||
|
Description
German Parente
2016-01-28 17:27:41 UTC
Created attachment 1119265 [details]
access log buffer
Upstream ticket: https://fedorahosted.org/389/ticket/48536 This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune with any questions RHEL: RHEL 7.3 x86_64 Server DS builds: [root@org47 ~]# rpm -qa | grep 389-ds-base 389-ds-base-1.3.5.10-5.el7.x86_64 389-ds-base-snmp-1.3.5.10-5.el7.x86_64 389-ds-base-libs-1.3.5.10-5.el7.x86_64 Steps Performed: 1. Added 1k users using ldapadd as below [root@org47 python_utilities]# ldapadd -x -D 'cn=Directory Manager' -w secret123 -h localhost -p 389 -f 1kusers.ldif adding new entry "uid=tuser1,ou=people,dc=example,dc=com" adding new entry "uid=tuser2,ou=people,dc=example,dc=com" adding new entry "uid=tuser3,ou=people,dc=example,dc=com" adding new entry "uid=tuser4,ou=people,dc=example,dc=com" adding new entry "uid=tuser5,ou=people,dc=example,dc=com" adding new entry "uid=tuser6,ou=people,dc=example,dc=com" adding new entry "uid=tuser7,ou=people,dc=example,dc=com" adding new entry "uid=tuser8,ou=people,dc=example,dc=com" adding new entry "uid=tuser9,ou=people,dc=example,dc=com" adding new entry "uid=tuser10,ou=people,dc=example,dc=com" 2. Added a static group containing the above 1kusers as its uniquemembers [root@org47 python_utilities]# ldapadd -x -D 'cn=Directory Manager' -w secret123 -h localhost -p 389 -f 1kgroup.ldif adding new entry "cn=test group,ou=Groups,dc=example,dc=com" 3. Verified that the group was added properly [root@org47 python_utilities]# ldapsearch -xLLL -b 'cn=test group,ou=Groups,dc=example,dc=com' -h localhost -p 389 uniquemember dn: cn=test group,ou=Groups,dc=example,dc=com uniquemember: uid=tuser1,ou=people,dc=example,dc=com uniquemember: uid=tuser2,ou=people,dc=example,dc=com uniquemember: uid=tuser3,ou=people,dc=example,dc=com uniquemember: uid=tuser4,ou=people,dc=example,dc=com uniquemember: uid=tuser5,ou=people,dc=example,dc=com uniquemember: uid=tuser6,ou=people,dc=example,dc=com uniquemember: uid=tuser7,ou=people,dc=example,dc=com uniquemember: uid=tuser8,ou=people,dc=example,dc=com uniquemember: uid=tuser9,ou=people,dc=example,dc=com uniquemember: uid=tuser10,ou=people,dc=example,dc=com 4. Ran a python script (please refer next comment for the script) which keeps on modifying the group attributes continuously for 1 hour 5. While the script was working, ran a psearch using mozldap tools as below /usr/lib64/mozldap/ldapsearch -p 389 -D 'uid=tuser100,ou=People,dc=example,dc=com' -w secret123 -b "dc=example,dc=com" -C ps:any "(objectclass=*)" 6. When the script was complete, checked the status of DS instance as below [root@org47 python_utilities]# status-dirsrv ds ● dirsrv - 389 Directory Server ds. Loaded: loaded (/usr/lib/systemd/system/dirsrv@.service; enabled; vendor preset: disabled) Active: active (running) since Wed 2016-07-20 14:13:28 IST; 12min ago Main PID: 3775 (ns-slapd) Status: "slapd started: Ready to process requests" CGroup: /system.slice/system-dirsrv.slice/dirsrv Created attachment 1183616 [details]
Script for modifying group attributes
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2016-2594.html |