Bug 1551071

Summary: memberof fails if group is moved into scope
Product: Red Hat Enterprise Linux 7 Reporter: mreynolds
Component: 389-ds-baseAssignee: Ludwig <lkrispen>
Status: CLOSED ERRATA QA Contact: RHDS QE <ds-qe-bugs>
Severity: medium Docs Contact: Marc Muehlfeld <mmuehlfe>
Priority: high    
Version: 7.4CC: amsharma, msauton, nkinder, pasik, rmeggins
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 389-ds-base-1.3.8.2-1.el7 Doc Type: Bug Fix
Doc Text:
Deleting the "memberOf" attribute in Directory Server works correctly If an administrator moves a group in Directory Server from one subtree to another, the *memberOf* plug-in deletes the "memberOf" attribute with the old value and adds a new "memberOf" attribute with the new group's distinguished name (DN) in affected user entries. Previously, if the old subtree was not within the scope of the *memberOf* plug-in, deleting the old "memberOf" attribute failed because the values did not exist. As a consequence, the plug-in did not add the new "memberOf" value, and the user entry contained an incorrect "memberOf" value. With this update, the plug-in now checks the return code when deleting the old value. If the return code is "no such value", the plug-in only adds the new "memberOf" value. As a result, the "memberOf" attribute information is correct.
 Story Points: ---
Clone Of:
: 1559764 (view as bug list) Environment:
Last Closed: 2018-10-30 10:13:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1559764    

Description mreynolds 2018-03-02 17:00:40 UTC 
This bug is created as a clone of upstream ticket:
https://pagure.io/389-ds-base/issue/49161

#### Issue Description

if a group is moved into a defined memberof scope the memberof attr of its members are not added

#### Package Version and Platform

all

#### Steps to reproduce

will attach CI
Comment 4 Amita Sharma 2018-06-07 10:26:53 UTC 
[root@qeos-46 tickets]# pytest -s memberof.py 
================================================================ test session starts =================================================================
platform linux -- Python 3.6.3, pytest-3.6.1, py-1.5.3, pluggy-0.6.0
389-ds-base: 1.3.8.2-1.el7
nss: 3.34.0-4.el7
nspr: 4.17.0-1.el7
openldap: 2.4.44-13.el7
svrcore: 4.1.3-2.el7
FIPS: 0

rootdir: /export/tests/tickets, inifile:
plugins: metadata-1.7.0, html-1.19.0
collected 1 item                                                                                                                                     

memberof.py OK group dirsrv exists
OK user dirsrv exists
INFO:lib389.topologies:Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
INFO:lib389:!!!!!!! cn=m1,cn=sub1,dc=example,dc=com: memberof->b'cn=g1,cn=sub1,dc=example,dc=com'
INFO:lib389:!!!!!!! cn=m1,cn=sub1,dc=example,dc=com: memberof->b'cn=g1,cn=sub1,dc=example,dc=com'
INFO:lib389:!!!!!!! cn=m1,cn=sub1,dc=example,dc=com: memberof->b'cn=g1,cn=sub1,dc=example,dc=com'
INFO:lib389:!!!!!!! cn=m1,cn=sub1,dc=example,dc=com: memberof->b'cn=g1,cn=sub1,dc=example,dc=com'
CRITICAL:tests.tickets.memberof:Renaming user (cn=g2,cn=sub2,dc=example,dc=com): new cn=g2-new
INFO:lib389:!!!!!!! cn=m1,cn=sub1,dc=example,dc=com: memberof->b'cn=g1,cn=sub1,dc=example,dc=com'
INFO:lib389:!!!!!!! cn=m1,cn=sub1,dc=example,dc=com: memberof->b'cn=g1,cn=sub1,dc=example,dc=com'
INFO:lib389:!!!!!!! cn=m1,cn=sub1,dc=example,dc=com: memberof->b'cn=g1,cn=sub1,dc=example,dc=com'
INFO:lib389:!!!!!!! cn=m1,cn=sub1,dc=example,dc=com: memberof->b'cn=g2-new,cn=sub1,dc=example,dc=com'
INFO:lib389:!!!!!!! cn=m1,cn=sub1,dc=example,dc=com: memberof->b'cn=g1,cn=sub1,dc=example,dc=com'
INFO:lib389:!!!!!!! cn=m1,cn=sub1,dc=example,dc=com: memberof->b'cn=g2-new,cn=sub1,dc=example,dc=com'
.Instance slapd-standalone1 removed.


============================================================= 1 passed in 17.14 seconds ==============================================================
[root@qeos-46 tickets]#
Comment 6 errata-xmlrpc 2018-10-30 10:13:31 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:3127