Bug 464188
Summary: | RFE: Need Validation for DNA attributes on Startup of Services | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Directory Server | Reporter: | Jenny Severance <jgalipea> | ||||
Component: | Server - DNA Plug-in | Assignee: | Nathan Kinder <nkinder> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Chandrasekar Kannan <ckannan> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 8.1 | CC: | benl, nhosoi | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | All | ||||||
Whiteboard: | |||||||
Fixed In Version: | 8.1 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2009-04-29 23:06:45 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 249650, 493682 | ||||||
Attachments: |
|
Description
Jenny Severance
2008-09-26 15:55:22 UTC
To clarify, we need to prevent one from adding invalid configuration dynamically over LDAP at the pre-operation phase. If we detect invalid config, we can refuse it before storing it. We currently do all validation in the post-op phase. At server startup, we do validate config and should print messages to the error log at the default log level when we detect something invalid. Some config errors are non-fatal though (such as the shared config DN not existing). Created attachment 319306 [details]
CVS Diffs
These diffs add additional DNA configuration validation. More detailed log messages will be written describing why a particular configuration entry is invalid. I also added some checks for things like the dnaNextRange overlapping with the currently active range.
To check if dynamic configuration changes are valid, I made the pre-op callback validate cojnfig changes and reject them if they are found to be invalid. TO do this, I exposed a private function that applies an array of LDAPMod objects to a Slapi_Entry. This seems like a good general purpose helper function.
Checked into ldapserver (HEAD). Thanks to Noriko for her review! Checking in ldap/servers/plugins/dna/dna.c; /cvs/dirsec/ldapserver/ldap/servers/plugins/dna/dna.c,v <-- dna.c new revision: 1.10; previous revision: 1.9 done Checking in ldap/servers/slapd/entry.c; /cvs/dirsec/ldapserver/ldap/servers/slapd/entry.c,v <-- entry.c new revision: 1.18; previous revision: 1.17 done Checking in ldap/servers/slapd/slapi-plugin.h; /cvs/dirsec/ldapserver/ldap/servers/slapd/slapi-plugin.h,v <-- slapi-plugin.h new revision: 1.31; previous revision: 1.30 done Checking in ldap/servers/slapd/slapi-private.h; /cvs/dirsec/ldapserver/ldap/servers/slapd/slapi-private.h,v <-- slapi-private.h new revision: 1.27; previous revision: 1.26 done Nathan: Can you be more specific as to what you are validating? The only missing required attributes seem to be erroring out and logging error messages. Thanks Here are some details on how a DNA config entry is validated: Required Attributes: - dnaType - dnaNextValue - dnaFilter - dnaScope Other Validation: - The filter specified in dnaFilter must be a valid LDAP filter. - The entry that dnaSharedCfgDn points to must exist. - The value of dnaNextRange must be in the form "<lower>-<upper>", where "<lower>" and "<upper>" are replace with the numeric values defining the range. The upper value must be greater than the lower value. In addition, the range specified by dnaNextRange must not overlap with the active range that is defined by dnaNextvalue and dnaMaxValue. thank you fix verified and being regression tested by automated DNA acceptance testing An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2009-0455.html |