Bug 1710961

Summary: During MODRDN, memberof may silently fails to update a member
Product: Red Hat Enterprise Linux 7 Reporter: thierry bordaz <tbordaz>
Component: 389-ds-baseAssignee: thierry bordaz <tbordaz>
Status: CLOSED ERRATA QA Contact: RHDS QE <ds-qe-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.4CC: bsmejkal, lkrispen, nkinder, pasik, rmeggins, spichugi, tbordaz, vashirov
Target Milestone: rc   
Target Release: 7.7   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 389-ds-base-1.3.9.1-6.el7 Doc Type: If docs needed, set a value
Doc Text:
Cause: a failure during memberof internal update is not detected Consequence: An operation, that trigger memberof updates, can succeed even some memberof updates fail. values of memberof attribute may not conform the membership of groups/members. Fix: detect failure of internal update and trigger the failure of the all operation. Results: values of memberof attribute conform membership of groups/members
 Story Points: ---
Clone Of: Environment:
Last Closed: 2019-08-06 12:59:38 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description thierry bordaz 2019-05-16 16:12:11 UTC 
This bug is created as a clone of upstream ticket:
https://pagure.io/389-ds-base/issue/49985

#### Issue Description
Memberof plugin updates group members to add 'memberof' attribute.
It case of schema violation, it adds the 'memberOfAutoAddOC' objectclass to the member and retry. If after adding 'memberOfAutoAddOC' it fails again it propagates the schema violation but at some point the return code is lost and not reported.
As a consequence not all members have 'memberof' attribute



#### Package Version and Platform
At least since 1.3.6


#### Steps to reproduce

testcase provided
#### Actual results
When the update on members is failing, the triggering update of the group succeeds


#### Expected results
When the update on members is failing, the triggering update of the group should fail
Comment 2 thierry bordaz 2019-05-16 16:14:25 UTC 
Note that upstream ticket is already pushed. Easy to backport
Comment 6 bsmejkal 2019-06-05 13:56:59 UTC 
=============================================================================================== test session starts ===============================================================================================
platform linux -- Python 3.6.3, pytest-4.6.2, py-1.8.0, pluggy-0.12.0 -- /opt/rh/rh-python36/root/usr/bin/python3
cachedir: .pytest_cache
metadata: {'Python': '3.6.3', 'Platform': 'Linux-3.10.0-1049.el7.x86_64-x86_64-with-redhat-7.7-Maipo', 'Packages': {'pytest': '4.6.2', 'py': '1.8.0', 'pluggy': '0.12.0'}, 'Plugins': {'metadata': '1.8.0', 'html': '1.20.0'}}
389-ds-base: 1.3.9.1-7.el7
nss: 3.43.0-7.el7
nspr: 4.21.0-1.el7
openldap: 2.4.44-21.el7_6
cyrus-sasl: 2.1.26-23.el7
FIPS: disabled
rootdir: /mnt/tests/rhds/tests/upstream/ds/dirsrvtests, inifile: pytest.ini
plugins: metadata-1.8.0, html-1.20.0
collected 6 items                                                                                                                                                                                                 

regression_test.py::test_memberof_with_repl PASSED                                                                                                                                                          [ 16%]
regression_test.py::test_scheme_violation_errors_logged PASSED                                                                                                                                              [ 33%]
regression_test.py::test_memberof_with_changelog_reset PASSED                                                                                                                                               [ 50%]
regression_test.py::test_memberof_group PASSED                                                                                                                                                              [ 66%]
regression_test.py::test_entrycache_on_modrdn_failure PASSED                                                                                                                                                [ 83%]
regression_test.py::test_silent_memberof_failure PASSED                                                                                                                                                     [100%]
===================================================================================== 6 passed in 269.11 seconds ==================================================================================================


Marking as VERIFIED.
Comment 8 errata-xmlrpc 2019-08-06 12:59:38 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:2152