Bug 1533828
Summary: | Server allows to set nsds5replicaid=65535 in the existing replica entry | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Amita Sharma <amsharma> |
Component: | 389-ds-base | Assignee: | mreynolds |
Status: | CLOSED ERRATA | QA Contact: | Viktor Ashirov <vashirov> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.5 | CC: | amsharma, lmiksik, mreynolds, nkinder, rmeggins |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | 389-ds-base-1.3.7.5-15 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-04-10 14:23:50 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Amita Sharma
2018-01-12 10:31:56 UTC
It seems bug was introduced by 0025-Ticket-48393-Improve-replication-config-validation.patch ( https://pagure.io/389-ds-base/issue/48393 ) , fix for https://bugzilla.redhat.com/show_bug.cgi?id=1271208 I tested it on -6 and -7 to confirm :: ========================================= [root@qeos-8 upstream]# rpm -qa | grep 389 389-ds-base-libs-1.3.7.5-6.el7.x86_64 389-ds-base-1.3.7.5-6.el7.x86_64 389-ds-base-snmp-1.3.7.5-6.el7.x86_64 [root@qeos-8 upstream]# [root@qeos-8 upstream]# ldapmodify -a -h localhost -p 389 -D "cn=Directory manager" -w Secret123 << EOF > dn: cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config > cn: replica > nsDS5Flags: 1 > nsDS5ReplicaBindDN: cn=sync user,cn=config > nsDS5ReplicaId: 65535 > nsDS5ReplicaRoot: dc=example,dc=com > nsDS5ReplicaType: 3 > objectClass: top > objectClass: nsDS5Replica > objectClass: extensibleobject > EOF adding new entry "cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config" ldap_add: Operations error (1) additional info: Attribute nsDS5ReplicaId must have a value greater than 0 and less than 65535: entry cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config =============================================================================== [root@qeos-25 upstream]# ldapmodify -a -h localhost -p 389 -D "cn=Directory manager" -w Secret123 << EOF > dn: cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config > cn: replica > nsDS5Flags: 1 > nsDS5ReplicaBindDN: cn=sync user,cn=config > nsDS5ReplicaId: 65535 > nsDS5ReplicaRoot: dc=example,dc=com > nsDS5ReplicaType: 3 > objectClass: top > objectClass: nsDS5Replica > objectClass: extensibleobject > EOF adding new entry "cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config" [root@qeos-25 upstream]# rpm -qa | grep 389 389-ds-base-libs-1.3.7.5-7.el7.x86_64 389-ds-base-1.3.7.5-7.el7.x86_64 389-ds-base-snmp-1.3.7.5-7.el7.x86_64 Upstream ticket: https://pagure.io/389-ds-base/issue/49541 This works fine. [root@qeos-11 upstream]# ldapmodify -a -h localhost -p 389 -D "cn=Directory manager" -w Secret123 << EOF > dn: cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config > cn: replica > nsDS5Flags: 1 > nsDS5ReplicaBindDN: cn=sync user,cn=config > nsDS5ReplicaId: 65535 > nsDS5ReplicaRoot: dc=example,dc=com > nsDS5ReplicaType: 3 > objectClass: top > objectClass: nsDS5Replica > objectClass: extensibleobject > EOF adding new entry "cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config" ldap_add: Operations error (1) additional info: Attribute nsDS5ReplicaId value (65535) is invalid, must be a number between 1 and 65534. But I can modify it like below [root@qeos-11 upstream]# ldapmodify -h localhost -p 389 -D "cn=Directory manager" -w Secret123 << EOF > dn: cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config > changetype: modify > replace: nsDS5ReplicaId > nsDS5ReplicaId: 65535 > EOF modifying entry "cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config" Is it as expected? There is a still a bug that needs to be fixed [root@qeos-34 upstream]# ldapmodify -h localhost -p 39001 -D "cn=Directory manager" -w password << EOF > dn: cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config > changetype: modify > replace: nsDS5ReplicaId > nsDS5ReplicaId: 65535 > EOF modifying entry "cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config" ldap_modify: Server is unwilling to perform (53) additional info: Attribute nsDS5ReplicaId value (65535) is invalid, must be a number between 1 and 65534. [root@qeos-34 upstream]# ldapmodify -a -h localhost -p 389 -D "cn=Directory manager" -w Secret123 << EOF > dn: cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config > cn: replica > nsDS5Flags: 1 > nsDS5ReplicaBindDN: cn=sync user,cn=config > nsDS5ReplicaId: 65535 > nsDS5ReplicaRoot: dc=example,dc=com > nsDS5ReplicaType: 3 > objectClass: top > objectClass: nsDS5Replica > objectClass: extensibleobject > EOF adding new entry "cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config" ldap_add: Operations error (1) additional info: Attribute nsDS5ReplicaId value (65535) is invalid, must be a number between 1 and 65534. This is working fine with new build. Just one query out of curiosity in above two operations we have two different return codes - ldap_modify: Server is unwilling to perform (53) and ldap_add: Operations error (1) , Is it by design? Thanks. Marking this bug as verified as originally reported issue is solve.
>
> This is working fine with new build. Just one query out of curiosity in
> above two operations we have two different return codes - ldap_modify:
> Server is unwilling to perform (53) and ldap_add: Operations error (1) , Is
> it by design?
> Thanks.
It is by design, while the error codes are different from this point of view, they are consistent in the replication code: Add validation uses one error code, while modify validation uses a different error code). We could make them the same, but that's not in the scope of this bug.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:0811 |