| Summary: | It is possible to delete a tombstone entry from a client connection | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Simon Pichugin <spichugi> | ||||
| Component: | 389-ds-base | Assignee: | Noriko Hosoi <nhosoi> | ||||
| Status: | CLOSED NOTABUG | QA Contact: | Viktor Ashirov <vashirov> | ||||
| Severity: | low | Docs Contact: | |||||
| Priority: | low | ||||||
| Version: | 7.3 | CC: | lkrispen, nkinder, rmeggins | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2017-04-07 09:16:43 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Attachments: |
|
||||||
This bug was logged because of unclear communication from DEV to QE. when the patch was implemented to allow the deletion of a tombstone in 7.3 to be compatible to 6.x I said that the behaviour is incorrect, but we should not remove the possibility to directly remove tombstones by external operations. AN admin might want/have to do this. Will close as not a bug |
Created attachment 1200826 [details] Reproducer written in Python and pytest Description of problem: According to the info provided by Ludwig and the information from the documentation (Administration Guide - 11.12. MANAGING DELETED ENTRIES WITH REPLICATION), it should not be possible to delete a tombstone entry from a client connection. Even binding as Directory Manager. Now it is possible. Version-Release number of selected component (if applicable): 389-ds-base-1.3.5.10-10.el7.x86_64 How reproducible: Always Steps to Reproduce: 1. Install an instance of RHDS 2. Enable USN plugin 3. Restart the server 4. Add a user 5. Delete the user 6. Find out the tombstone entry DN for the user: ldapsearch -D "cn=directory manager" -w Secret123 -b "dc=example,dc=com" "(&(objectClass=nstombstone)(cn=testuser))" 7. Try to delete this entry while binding as Directory Manager Actual results: It shouldn't be possible Expected results: It is possible to delete the tombstone entry Additional info: I've written a Python reproducer. Please, find it in the attachment.