| Summary: | memberOf: Delete of all present member values not handled correctly | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Retired] 389 | Reporter: | Nathan Kinder <nkinder> | ||||
| Component: | Server - memberOf Plug-in | Assignee: | Nathan Kinder <nkinder> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Chandrasekar Kannan <ckannan> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | high | ||||||
| Version: | 1.1.0 | CC: | andrey.ivanov, benl | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | 8.1 | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2009-04-29 23:03:24 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Bug Depends On: | |||||||
| Bug Blocks: | 249650, 429034, 493682 | ||||||
| Attachments: |
|
||||||
|
Description
Nathan Kinder
2008-03-26 22:40:13 UTC
Another thing to note is that this only occurs when you delete all member values. If you specify the value you want to delete (even if it's the only value), then it is handled correctly. For example, this modify works fine in the above case: dn: cn=group1,dc=example,dc=com changetype: modify delete: member member: uid=user1,dc=example,dc=com A replace of all present member attributes with no new value also works fine: dn: cn=group1,dc=example,dc=com changetype: modify replace: member Created attachment 299482 [details]
CVS Diffs
The code that deals with modify operations that delete member values was not
properly handling the case where there are no values specified for deletion.
This code would go through member entries specified in the member values to be
deleted, but nothing would happen since no values were specified.
The code that deals with replace modify operations just compares the
pre-operation copy of the group entry with the post-operation copy to see what
member attributes have been changed. It can then figure out what member
entries need to be updated. This approach is what we need to use for the
delete all values case as well.
The fix is to check if we have any values specified when dealing with a delete
modify operation, and if not, just call the replace function.
Checked into ldapserver (HEAD). Thanks to Simo for his review! Checking in memberof.c; /cvs/dirsec/ldapserver/ldap/servers/plugins/memberof/memberof.c,v <-- memberof.c new revision: 1.3; previous revision: 1.2 done Checked into FreeIPA as changeset 744. changeset: 744:c5834dc6ed37 tag: tip user: Nathan Kinder <nkinder@redhat.com> date: Fri Mar 28 08:56:06 2008 -0700 summary: Fixed handling of modify operations that delete all present member An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2009-0455.html |