Bug 1406835
Summary: | memberOf fixup task does not validate args | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | mreynolds | |
Component: | 389-ds-base | Assignee: | mreynolds | |
Status: | CLOSED ERRATA | QA Contact: | Viktor Ashirov <vashirov> | |
Severity: | high | Docs Contact: | Marc Muehlfeld <mmuehlfe> | |
Priority: | unspecified | |||
Version: | 6.9 | CC: | mreynolds, nhosoi, nkinder, rmeggins, sramling, tlavigne | |
Target Milestone: | rc | |||
Target Release: | --- | |||
Hardware: | All | |||
OS: | All | |||
Whiteboard: | ||||
Fixed In Version: | 389-ds-base-1.2.11.15-87.el6 | Doc Type: | Bug Fix | |
Doc Text: |
The "memberOf" fix-up task now verifies arguments
Previously, if an invalid filter or "basedn" parameter was provided in the "memberOf" fix-up task, and the task failed, no information was logged. A patch has been applied and now, if a problem occurs, an error is logged and the task status is updated. As a result, the administrator is now able to identify if a task failed.
|
Story Points: | --- | |
Clone Of: | ||||
: | 1406838 (view as bug list) | Environment: | ||
Last Closed: | 2017-03-21 10:24:23 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1406838 |
Description
mreynolds
2016-12-21 15:28:01 UTC
Fixed upstream I ran fixup-memberof.pl script to check if it throws error for invalid filters. No errors printed in the DS error logs. It seems like the issue is still present with the latest build of 389-ds-base-1.2.11.15-86. [root@cypher 389ds-replica]# /usr/lib64/dirsrv/slapd-Inst1/fixup-memberof.pl -D "cn=Directory Manager" -w Secret123 -b "dc=xample,dc=com" -f '(|(objectclass=inetuser)(objec' adding new entry "cn=memberOf_fixup_2017_1_11_6_24_8, cn=memberOf task, cn=tasks, cn=config" [root@cypher 389ds-replica]# /usr/lib64/dirsrv/slapd-Inst1/fixup-memberof.pl -D "cn=Directory Manager" -w Secret123 -b "dc=xample,dc=com" -f '(objectclass=person' adding new entry "cn=memberOf_fixup_2017_1_11_6_25_44, cn=memberOf task, cn=tasks, cn=config" [root@cypher export]# tail -f /var/log/dirsrv/slapd-Inst1/errors /var/log/dirsrv/slapd-Inst1/access [11/Jan/2017:06:24:08 -0500] conn=81 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [11/Jan/2017:06:24:08 -0500] conn=81 op=1 ADD dn="cn=memberOf_fixup_2017_1_11_6_24_8,cn=memberOf task,cn=tasks,cn=config" [11/Jan/2017:06:24:08 -0500] conn=81 op=1 RESULT err=0 tag=105 nentries=0 etime=0 [11/Jan/2017:06:24:08 -0500] conn=81 op=2 UNBIND [11/Jan/2017:06:24:08 -0500] conn=81 op=2 fd=110 closed - U1 [11/Jan/2017:06:25:44 -0500] conn=82 fd=80 slot=80 connection from 10.19.34.88 to 10.19.34.88 [11/Jan/2017:06:25:44 -0500] conn=82 op=0 BIND dn="cn=Directory Manager" method=128 version=3 [11/Jan/2017:06:25:44 -0500] conn=82 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [11/Jan/2017:06:25:44 -0500] conn=82 op=1 ADD dn="cn=memberOf_fixup_2017_1_11_6_25_44,cn=memberOf task,cn=tasks,cn=config" [11/Jan/2017:06:25:44 -0500] conn=82 op=1 RESULT err=0 tag=105 nentries=0 etime=0 [11/Jan/2017:06:25:44 -0500] conn=82 op=2 UNBIND [11/Jan/2017:06:25:44 -0500] conn=82 op=2 fd=80 closed - U1 [root@cypher export]# rpm -qa |grep -i 389-ds 389-ds-base-libs-1.2.11.15-86.el6.x86_64 389-ds-base-1.2.11.15-86.el6.x86_64 This works for me on master branch. Note that task will still get successfully added, but it fails afterwards. This is only evident in the errors log: fixup-memberof.pl -D "cn=Directory Manager" -w Secret123 -b "dc=xample,dc=com" -f '(|(objectclass=inetuser)(objec' [11/Jan/2017:12:07:40.015817247 -0500] - INFO - memberof-plugin - memberof_fixup_task_thread - Memberof task starts (filter: "(|(objectclass=inetuser)(objec") ... [11/Jan/2017:12:07:40.018272570 -0500] - ERR - memberof-plugin - memberof_fixup_task_thread - Failed to get be backend from (dc=xample,dc=com) I need to get a beaker box to test 1.2.11... (In reply to mreynolds from comment #6) > This works for me on master branch. > > Note that task will still get successfully added, but it fails afterwards. > This is only evident in the errors log: > > > fixup-memberof.pl -D "cn=Directory Manager" -w Secret123 -b > "dc=xample,dc=com" -f '(|(objectclass=inetuser)(objec' > > > [11/Jan/2017:12:07:40.015817247 -0500] - INFO - memberof-plugin - > memberof_fixup_task_thread - Memberof task starts (filter: > "(|(objectclass=inetuser)(objec") ... > [11/Jan/2017:12:07:40.018272570 -0500] - ERR - memberof-plugin - > memberof_fixup_task_thread - Failed to get be backend from (dc=xample,dc=com) > > I need to get a beaker box to test 1.2.11... Thanks for taking care of the issue, Mark. Just in case, I'm attaching 49072 patches used in the 389-ds-base-1.2.11.15-86.el6 build to this bug. Hopefully, it'd help your investigation... The filter evaluation works correctly on 1.2.11.15-86 # /usr/lib64/dirsrv/slapd-localhost/fixup-memberof.pl -D "cn=Directory Manager" -w Secret123 -b "dc=xample,dc=com" -f '(objectclass=person' adding new entry "cn=memberOf_fixup_2017_1_13_9_37_35, cn=memberOf task, cn=tasks, cn=config" [root@hp-dl2x170g6-02 ~]# tail /var/log/dirsrv/slapd-localhost/errors [13/Jan/2017:09:37:03 -0500] - 389-Directory/1.2.11.15 B2017.010.016 starting up [13/Jan/2017:09:37:03 -0500] - slapd started. Listening on All Interfaces port 389 for LDAP requests [13/Jan/2017:09:37:34 -0500] memberof-plugin - Memberof task starts (filter: "(objectclass=person") ... [13/Jan/2017:09:37:34 -0500] memberof-plugin - memberof_fix_memberof - Failed (Bad search filter) [13/Jan/2017:09:37:34 -0500] memberof-plugin - Memberof task finished (filter: (objectclass=person) result: -1 But I found another bug. The basedn on 1.2.11 is not being validated. I will look into this... Base dn validation fixed upstream [0 root@qeos-87 upstream]# /usr/lib64/dirsrv/slapd-qeos-87/fixup-memberof.pl -D "cn=Directory Manager" -w Secret123 -b "dc=lab,dc=eng,dc=rdu2,dc=redhat,dc=com" -f '(objectclass=person' adding new entry "cn=memberOf_fixup_2017_1_18_3_21_17, cn=memberOf task, cn=tasks, cn=config" [0 root@qeos-87 ~]# tail -18f /var/log/dirsrv/slapd-qeos-87/errors [18/Jan/2017:03:21:16 -0500] memberof-plugin - Memberof task starts (filter: "(objectclass=person") ... [18/Jan/2017:03:21:16 -0500] memberof-plugin - memberof_fix_memberof - Failed (Bad search filter) [18/Jan/2017:03:21:16 -0500] memberof-plugin - Memberof task finished (filter: (objectclass=person) result: -1 [0 root@qeos-87 upstream]# /usr/lib64/dirsrv/slapd-qeos-87/fixup-memberof.pl -D "cn=Directory Manager" -w Secret123 -b "dc=example,dc=com" -f objectclass=person adding new entry "cn=memberOf_fixup_2017_1_18_3_21_28, cn=memberOf task, cn=tasks, cn=config" [0 root@qeos-87 ~]# tail -18f /var/log/dirsrv/slapd-qeos-87/errors [18/Jan/2017:03:21:27 -0500] memberof-plugin - Memberof task starts (filter: "objectclass=person") ... [18/Jan/2017:03:21:27 -0500] memberof-plugin - memberof_fixup_task_thread - Failed to get be backend from (dc=example,dc=com) [18/Jan/2017:03:21:27 -0500] memberof-plugin - Memberof task finished (filter: objectclass=person) result: -1 fixup-memberof.pl script validates both BaseDN as well as the filter. Hence, marking the bug as Verified. [0 root@qeos-87 upstream]# rpm -qa |grep -i 389-ds- 389-ds-base-1.2.11.15-87.el6.x86_64 389-ds-base-libs-1.2.11.15-87.el6.x86_64 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2017-0667.html |