Bug 229824

Summary: aci with bogus uid= dn created by ds_newinst
Product: [Retired] 389 Reporter: Rich Megginson <rmeggins>
Component: Directory ServerAssignee: Rich Megginson <rmeggins>
Status: CLOSED CURRENTRELEASE QA Contact: Viktor Ashirov <vashirov>
Severity: medium Docs Contact:
Priority: medium    
Version: 1.0.4   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-12-07 16:40:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 152373, 240316, 427409    
Attachments:
Description Flags
diffs
none
minimum setup inf file none

Description Rich Megginson 2007-02-23 17:43:55 UTC
If you run ds_newinst.pl with a bare minimum .inf file, you will see the
following aci created in cn=config:
aci: (targetattr="*")(version 3.0; acl "Configuration Administrator"; allow (a
 ll) userdn="ldap:///uid=,ou=Administrators, ou=TopologyManagement, o=Netscap
 eRoot";)
We should not create this aci, as we do not have a configuration DS if we are
creating a minimal fedora-ds-base.

Comment 1 Rich Megginson 2007-02-23 17:43:56 UTC
Created attachment 148686 [details]
diffs

Comment 2 Rich Megginson 2007-03-16 02:46:08 UTC
Reviewed by: nhosoi (Thanks!)
Fix Description: Unknown to me until just now, PL_strdup(NULL) will return "" -
the empty string.  The code in config_suitespot() expects that empty or unused
fields are NULL.  The solution is to create a create_instance_strdup() wrapper
around PL_strdup() and use that in cases where the argument may be NULL.  I
checked create_instance.c.  Every other place where PL_strdup is used, the
argument is checked for NULL first.  So these are the only places affected. 
Instance creation works fine after this change and does not create the offending
aci.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no

ldapserver/ldap/admin/src/create_instance.c Revision 1.47

Comment 3 Yi Zhang 2007-11-30 00:27:29 UTC
Created attachment 273451 [details]
minimum setup inf file

this is setup inf file used to customize the installation of DS

Comment 4 Yi Zhang 2007-11-30 00:28:20 UTC
verified. PASS
Test machine: neo.dsdev.sjc.redhat.com (RHEL5 32bit)

Test steps:
1. remove all previously installed DS instance
2. do yum install a fresh copy of DS
3. use setup.ini file (see attachment) to customizer the installation
4. do db2ldap to dump all records under userRoot
5. verify there is no "ldap:///uid=," records anymore

Actual test output:
[root@neo dirsrv]# /usr/sbin/setup-ds-admin.pl -s -f ./setup.ini 
Creating directory server . . .
Your new DS instance 'neo.dsdev.sjc.redhat.com' was successfully created.
Creating the configuration directory server . . .
The server 'ldap://neo.dsdev.sjc.redhat.com:389/o=NetscapeRoot' is not
reachable.  Error: unknown error

Could not register the directory server with the configuration directory server.
Exiting . . .
Log file is '/tmp/setupX7XjoF.log'

[root@neo dirsrv]# ps -elf | grep slapd
1 S nobody    5305     1  1  75   0 - 110793 stext 16:15 ?        00:00:00
./ns-slapd -D /tmp/ds80/server/slapd-neo -i
/tmp/ds80/server/slapd-neo/logs/slapd-neo.dsdev.sjc.redhat.com.pid -w
/tmp/ds80/server/slapd-neo/logs/slapd-neo.dsdev.sjc.redhat.com.startpid

[root@neo slapd-neo]# ./db2ldif -n UserRoot
Exported ldif file:
/tmp/ds80/server/slapd-neo/ldif/neo.dsdev.sjc.redhat.com-UserRoot-2007_11_29_161603.ldif
ldiffile:
/tmp/ds80/server/slapd-neo/ldif/neo.dsdev.sjc.redhat.com-UserRoot-2007_11_29_161603.ldif
[29/Nov/2007:16:16:03 -0800] - export userRoot: Processed 9 entries (100%).
[29/Nov/2007:16:16:03 -0800] - All database threads now stopped
[root@neo slapd-neo]# vi
/tmp/ds80/server/slapd-neo/ldif/neo.dsdev.sjc.redhat.com-UserRoot-2007_11_29_161603.ldif
[root@neo slapd-neo]# grep "uid="
/tmp/ds80/server/slapd-neo/ldif/neo.dsdev.sjc.redhat.com-UserRoot-2007_11_29_161603.ldif
[root@neo slapd-neo]# grep "ldap:///"
/tmp/ds80/server/slapd-neo/ldif/neo.dsdev.sjc.redhat.com-UserRoot-2007_11_29_161603.ldif
 allow (read, search, compare) userdn="ldap:///anyone";)
  common attributes"; allow (write) userdn="ldap:///self";)
 (all) (groupdn = "ldap:///cn=Directory Administrators, o=my.com");)
 rsion 3.0;acl "HR Group Permissions";allow (write)(groupdn = "ldap:///cn=HR 
 sion 3.0;acl "QA Group Permissions";allow (write)(groupdn = "ldap:///cn=QA M