Bug 1983921

Summary: persistent search returns entries even when an error is returned by content-sync-plugin
Product: Red Hat Enterprise Linux 8 Reporter: sgouvern
Component: 389-ds-baseAssignee: LDAP Maintainers <ldap-maint>
Status: CLOSED ERRATA QA Contact: RHDS QE <ds-qe-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.5CC: afarley, ldap-maint, mreynolds, tbordaz
Target Milestone: betaKeywords: Triaged, ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 389-ds-1.4-8050020210726200935.1a75f91c Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1984091 1993266 (view as bug list) Environment:
Last Closed: 2021-11-09 18:12:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1984091, 1993266    

Description sgouvern 2021-07-20 07:46:46 UTC 
Description of problem:

With rhel 8.5 build, a persistent search on "cn=monitor" can be proceed and entries are returned, even if errors log shows :
"sync-plugin - sync_create_state_control - Entries are missing nsuniqueid. Unable to proceed"

With rhel 9.0, the same persistent search won't return any entry, because additional checking is done on sync_create_state_control :
[19/Jul/2021:11:45:30.174646214 -0400] - ERR - content-sync-plugin - sync_create_state_control - Entries are missing nsuniqueid. Unable to proceed.
[19/Jul/2021:11:45:30.179232382 -0400] - ERR - send_ldap_search_entry_ext - Error 1 returned by pre entry plugins for entry cn=monitor 

We should have the same level of control in RHEL 8.5 and persistent search should be interrupted when sync_repl control can't be performed on the requested entries.



Version-Release number of selected component (if applicable):
89-ds-base-0:1.4.3.23-4.module+el8.5.0+11627+16aed726


How reproducible:
Always

Steps to Reproduce:

- Create an instance with sample entries
- Enabled Content Synchronization and Retro Changelog Plugin
- Restarted the instance
- Performed a persistent search on cn=monitor :
# ldapsearch -LLL -h localhost -p 1389 -D "cn=directory manager" -w secret12 -E sync=rp -b 'cn=monitor'


Actual results:
Entries are returned :
dn: cn=monitor
...

dn: cn=counters,cn=monitor
...

dn: cn=disk space,cn=monitor
...

dn: cn=snmp,cn=monitor
...


Expected results:
No entry is returned 
An ERR message is displayed in errors log showing the issue

Additional info:
Comment 3 sgouvern 2021-08-06 10:12:03 UTC 
With 389-ds-base-1.4.3.23-7.module+el8.5.0+11979+655d714b.x86_64

Manual steps performed (see https://bugzilla.redhat.com/show_bug.cgi?id=1960723#c1) for details:
- Create an instance with sample entries
- Enabled Content Synchronization and Retro Changelog Plugin
- Restart the instance
- Perform a persistent search on cn=monitor :
# ldapsearch -LLL -h localhost -p 1389 -D "cn=directory manager" -w secret12 -E sync=rp -b 'cn=monitor'
SyncInfo Received

^C

No entry is returned 
In errors log :
[06/Aug/2021:06:06:56.633142659 -0400] - ERR - content-sync-plugin - sync_create_state_control - Entries are missing nsuniqueid. Unable to proceed.
[06/Aug/2021:06:06:56.640760793 -0400] - ERR - send_ldap_search_entry_ext - Error 1 returned by pre entry plugins for entry cn=snmp,cn=monitor


Marking as verified:tested
Comment 7 sgouvern 2021-08-09 14:17:44 UTC 
As per comment 3 moving to VERIFIED
Comment 10 errata-xmlrpc 2021-11-09 18:12:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (389-ds-base bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:4203