Bug 559016

Summary: Attempting to rename suffix returns inappropriate errors
Product: [Retired] 389 Reporter: Noriko Hosoi <nhosoi>
Component: Directory ServerAssignee: Noriko Hosoi <nhosoi>
Status: CLOSED CURRENTRELEASE QA Contact: Viktor Ashirov <vashirov>
Severity: medium Docs Contact:
Priority: low    
Version: 1.3.0CC: amsharma
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-12-07 16:43:40 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 639035    
Attachments:
Description Flags
git patch file
nkinder: review+
DS-Console_SS none

Description Noriko Hosoi 2010-01-26 22:01:48 UTC
Description of problem:
$ ldapmodify -D 'cn=directory manager' -w pw
dn: dc=example,dc=com
changetype: modrdn
newrdn: dc=new,dc=com
deleteoldrdn: -1

modifying RDN of entry dc=example,dc=com
ldap_rename: Invalid DN syntax
ldap_rename: additional info: invalid RDN

$ ldapmodify -D 'cn=directory manager' -w pw
dn: dc=example,dc=com
changetype: modrdn
newrdn: dc=new
deleteoldrdn: -1

modifying RDN of entry dc=example,dc=com
ldap_rename: DSA is unwilling to perform
ldap_rename: additional info: Cannot move entries accross backends

The right error code/message should be
ldap_rename: DSA is unwilling to perform
ldap_rename: additional info: Renaming suffix is not allowed

Comment 1 Noriko Hosoi 2010-01-28 23:45:27 UTC
(In reply to comment #0)
> Description of problem:
> $ ldapmodify -D 'cn=directory manager' -w pw
> dn: dc=example,dc=com
> changetype: modrdn
> newrdn: dc=new,dc=com
> deleteoldrdn: -1
> 
> modifying RDN of entry dc=example,dc=com
> ldap_rename: Invalid DN syntax
> ldap_rename: additional info: invalid RDN

This case is failing since "dc=new,dc=com" is NOT a valid RDN.  There is no way to specify new suffix separated with comma.

> $ ldapmodify -D 'cn=directory manager' -w pw
> dn: dc=example,dc=com
> changetype: modrdn
> newrdn: dc=new
> deleteoldrdn: -1
> 
> modifying RDN of entry dc=example,dc=com
> ldap_rename: DSA is unwilling to perform
> ldap_rename: additional info: Cannot move entries accross backends

This error is detected in mapping_tree.c:
2226 int slapi_mapping_tree_select_and_check(Slapi_PBlock *pb,char *newdn, Slapi     _Backend **be, Slapi_Entry **referral, char *errorbuf)
    [...]
2265     if ((*be) && ((*be != new_be) || mtn_sdn_has_child(target_sdn)))
2266     {
2267         ret = LDAP_UNWILLING_TO_PERFORM;
2268         PR_snprintf(errorbuf, BUFSIZ, "Cannot move entries accross backends     \n");
2269         goto unlock_and_return;
2270     }

Backend for the new suffix "dc=new,dc=com" has not been created, "new_be" is almost an empty backend.  LDAP_UNWILLING_TO_PERFORM is a proper error code, but "Cannot move entries across backends" does not describe the cause of the error correctly.

Comment 3 Noriko Hosoi 2010-01-30 01:36:17 UTC
Created attachment 387689 [details]
git patch file

[Fix Description] If the target dn of the modrdn operation is a suffix,
check if the new dn already exists or not.  If it exists, it returns
LDAP_ALREADY_EXISTS.  If the backend associated with the new dn does
not exist, it returns LDAP_NO_SUCH_OBJECT.  Otherwise, it returns
LDAP_NAMING_VIOLATION.

If the target dn of the modrdn is attempted to move across backends,
it returns LDAP_AFFECTS_MULTIPLE_DSAS instead of LDAP_UNWILLING_TO_PERFORM.

Modrdn (op_shared_rename) was logging the parameter errors in the
clients request as SLAPI_LOG_FATAL.  Reduced the level to SLAPI_LOG_ARGS.
Also, replaced ldap_explode_dn with slapi_dn_syntax_check to verify
the newsuperior.

By the replacement, 2 bugs in slapi_dn_syntax_check were found.
1) The key for the DN in the hashtable of the attribute syntax has
to be "distinguishedName".  2) Argument type for plg_syntax_validate
was not correct.

[Test Results]
1. Suffix dc=com (backend "com")
1-1. Sub suffix dc=example,dc=com (independent backend "example")
       Sub suffix dc=test,dc=com (independent backend "test")
a) rename dc=example to existing RDN dc=test

    dn: dc=example,dc=com
    changetype: modrdn
    newrdn: dc=test
    deleteoldrdn: -1

    modifying RDN of entry dc=example,dc=com
    ldap_rename: Already exists
    ldap_rename: additional info: Suffix "dc=test,dc=com" already exists

b) rename dc=example to non-existing RDN dc=bogus

    dn: dc=example,dc=com
    changetype: modrdn
    newrdn: dc=bogus
    deleteoldrdn: -1

    modifying RDN of entry dc=example,dc=com
    ldap_rename: Naming violation
    ldap_rename: additional info: Cannot rename suffix "dc=example,dc=com"

1-2. Both dc=example,dc=com and dc=test,dc=com are in the backend "com"
a) rename dc=example to existing RDN dc=test

    dn: dc=example,dc=com
    changetype: modrdn
    newrdn: dc=test
    deleteoldrdn: -1

    modifying RDN of entry dc=example,dc=com
    ldap_rename: Already exists

b) rename dc=example to non-existing RDN dc=bogus

    dn: dc=example,dc=com
    changetype: modrdn
    newrdn: dc=bogus
    deleteoldrdn: -1

    modifying RDN of entry dc=example,dc=com
    # SUCCESS

1-3. Sub suffix dc=example,dc=com (independent backend "example")
       dc=test,dc=com is in the backend "com"
a) rename dc=example to existing RDN dc=test

    dn: dc=example,dc=com
    changetype: modrdn
    newrdn: dc=test
    deleteoldrdn: -1

    modifying RDN of entry dc=example,dc=com
    ldap_rename: Naming violation
    ldap_rename: additional info: Cannot rename suffix "dc=example,dc=com"

b) rename dc=example to non-existing RDN dc=bogus

    dn: dc=example,dc=com
    changetype: modrdn
    newrdn: dc=bogus
    deleteoldrdn: -1

    modifying RDN of entry dc=example,dc=com
    ldap_rename: Naming violation
    ldap_rename: additional info: Cannot rename suffix "dc=example,dc=com"

2. dc=com does not exist
    Suffix dc=example,dc=com (independent backend "example")
    Suffix dc=test,dc=com (independent backend "test")
a) rename dc=example to existing RDN dc=test

    dn: dc=example,dc=com
    changetype: modrdn
    newrdn: dc=test
    deleteoldrdn: -1

    modifying RDN of entry dc=example,dc=com
    ldap_rename: Already exists
    ldap_rename: additional info: Suffix "dc=test,dc=com" already exists

b) rename dc=example to non-existing RDN dc=bogus

    dn: dc=example,dc=com
    changetype: modrdn
    newrdn: dc=bogus
    deleteoldrdn: -1

    modifying RDN of entry dc=example,dc=com
    ldap_rename: No such object
    ldap_rename: additional info: Backend for suffix "dc=bogus,dc=com" does not exist

3. Attempt to move an entry across the backend
    Suffix dc=example,dc=com (independent backend "example")
    Suffix dc=test,dc=com (independent backend "test")

    dn: uid=LNestor999,ou=Product Development,dc=example,dc=com
    changetype: modrdn
    newrdn: uid=LNestor999
    deleteoldrdn: -1
    newsuperior: dc=test,dc=com

    modifying RDN of entry uid=LNestor999,ou=Product Development,dc=example,dc=com and/or moving it beneath a new parent

    ldap_rename: Affects multiple servers
    ldap_rename: additional info: Cannot move entries accross backends

Comment 4 Noriko Hosoi 2010-02-01 17:12:27 UTC
Reviewed by Nathan (Thank you!!!)

Pushed to master.

$ git merge work
Updating 246527f..1378b05
Fast forward
 ldap/servers/slapd/mapping_tree.c  |   51 +++++++++++++++++++++++++++++++++---
 ldap/servers/slapd/modrdn.c        |   25 ++++++++----------
 ldap/servers/slapd/plugin_syntax.c |    4 +-
 3 files changed, 60 insertions(+), 20 deletions(-)
$ git push
Counting objects: 15, done.
Delta compression using 4 threads.
Compressing objects: 100% (8/8), done.
Writing objects: 100% (8/8), 1.98 KiB, done.
Total 8 (delta 6), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
   246527f..1378b05  master -> master

Comment 5 Amita Sharma 2011-07-08 11:46:51 UTC
Created attachment 511922 [details]
DS-Console_SS

Hi Noriko,

Currently, I am having two sub suffixes with same name with different backed:
namingContexts: dc=simplepaged,dc=com - simpledDB
namingContexts: dc=SubSuffix,dc=simplepaged,dc=com - simpleSubnewDB
namingContexts: dc=SubSufix,dc=simplepaged,dc=com -simpleSubDB

Is it correct?

Also when I am trying the first test scenario in comment#3, I am facing issue like :

1. I have added in DIT as :
1. Suffix dc=com (backend "com")	
1-1. Sub suffix dc=example,dc=com (independent backend "example")
       Sub suffix dc=test,dc=com (independent backend "test")

2. When I am doing 
[root@rhel61 home]# ldapmodify -x -h localhost -p 1389 -D "cn=Directory Manager" -w Secret123 << EOF                       
dn: dc=example,dc=com
changetype: modrdn
newrdn: dc=test
deleteoldrdn: -1
EOF

It is giving me below error 
=============================
modifying rdn of entry "dc=example,dc=com"
ldap_rename: Naming violation (64)
	additional info: Cannot rename suffix "dc=example,dc=com"

Instead of 
==========
modifying RDN of entry dc=example,dc=com
    ldap_rename: Already exists
    ldap_rename: additional info: Suffix "dc=test,dc=com" already exists

and When I am checking the existence of suffix by 
ldapsearch -x -p 1389 -h localhost -D "cn=Directory Manager" -w Secret123 -b "" -s base "objectclass=*"

This also gives me :
dn:
objectClass: top
namingContexts: dc=com
namingContexts: dc=example,dc=com
namingContexts: dc=simplepaged,dc=com
namingContexts: dc=SubSuffix,dc=simplepaged,dc=com
namingContexts: dc=SubSufix,dc=simplepaged,dc=com
namingContexts: o=netscaperoot

NOTE :dc=test,dc=com is missing here above.

But check the DS CONSOLE screen shot, PFA for the screen shot, It shows the sub-suffix dc=test,dc=com.

Note: I have added the suffix and sub-suffixes using console, but that should not be an issue.

Comment 6 Noriko Hosoi 2011-07-08 17:28:19 UTC
It works for me.

$ ldapsearch -LLLx -D 'cn=directory manager' -w pw -b "" -s base namingContexts
dn:
namingContexts: dc=com
namingContexts: dc=test,dc=com
namingContexts: dc=example,dc=com
namingContexts: o=netscaperoot


$ ldapmodify -x -D 'cn=directory manager' -w pw
dn: dc=example,dc=com
changetype: modrdn
newrdn: dc=test
deleteoldrdn: -1

modifying rdn of entry "dc=example,dc=com"
ldap_rename: Already exists (68)
	additional info: Suffix "dc=test,dc=com" already exists

If your server is the same one as you attached the screenshot, you don't have dc=test,dc=com (but dc=test,dc=com,dc=com).

Comment 7 Amita Sharma 2011-07-11 05:37:12 UTC
Based on comment#6, marking the bug as VERIFIED.