Bug 497439

Summary: attribute uniqueness plugin: modrdn with deleteoldrdn=0 allows the entry to keep multiple attribute values even though the attribute uniqueness plugin is set agaist the attribute
Product: [Retired] 389 Reporter: Noriko Hosoi <nhosoi>
Component: Server - PluginsAssignee: Noriko Hosoi <nhosoi>
Status: CLOSED WORKSFORME QA Contact: Chandrasekar Kannan <ckannan>
Severity: medium Docs Contact:
Priority: high    
Version: 1.2.0CC: benl, rmeggins, vtsuryawanshi
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-08-03 21:30:30 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 434915, 495079    

Description Noriko Hosoi 2009-04-23 21:37:19 UTC 
Description of problem:

I enabled the attribute uniqueness plugin.  Now, you cannot add another uid value.  It fails with "ldap_add: Already exists".  But you could do modrdn with delelteoldrdn=0, which allows the entry having multiple uid values even if the uniqueness plugin is on.  I think this is a bug of attribute uniqueness plugin, which most likely does not prevent the add from some internal operation.
Comment 1 Noriko Hosoi 2010-08-03 21:30:30 UTC 
The report is based upon misunderstanding the attribute uniqueness plugin, which is supposed to enforce unique attribute values.

dn: cn=attribute uniqueness,cn=plugins,cn=config
nsslapd-pluginEnabled: on

Having these 2 entries in DB:
  dn: uid=nuuser0,ou=newOU,dc=example,dc=com
  uid: uuser0
  uid: uuser1
  uid: nuuser0
  givenName: new
  objectClass: top
  objectClass: person
  objectClass: organizationalPerson
  objectClass: inetorgperson
  sn: user0
  cn: uniq user0
 
  dn: uid=uuser2,ou=newOU,dc=example,dc=com
  uid: uuser2
  givenName: new
  objectClass: top
  objectClass: person
  objectClass: organizationalPerson
  objectClass: inetorgperson
  sn: user2
  cn: uniq user2

Modrdn the second entry to one of the UIDs in the first entry:
  dn: uid=uuser2,ou=newOU,dc=example,dc=com
  changetype: modrdn
  newrdn: uid=uuser0
  deleteoldrdn: 0
 
  modifying RDN of entry uid=uuser2,ou=newOU,dc=example,dc=com
  ldap_rename: Constraint violation
  ldap_rename: additional info: Another entry with the same attribute value already exists