Bug 583652

Summary: Console caches magic numbers instead of DNA-generated values
Product: [Retired] 389 Reporter: dan <dma+redhat>
Component: Directory ConsoleAssignee: Nathan Kinder <nkinder>
Status: CLOSED CURRENTRELEASE QA Contact: Viktor Ashirov <vashirov>
Severity: low Docs Contact:
Priority: medium    
Version: 1.2.5CC: amsharma, jgalipea, nkinder
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-12-07 16:58:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On:    
Bug Blocks: 434915    
Attachments:
Description Flags
Patch nhosoi: review+

Description dan 2010-04-19 10:29:43 UTC
User-Agent:       Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.342.9 Safari/533.2

As per :
http://lists.fedoraproject.org/pipermail/389-users/2010-April/011425.html

With the DNA plug-in activated and configured, it is possible to create user entries with automagically-generated values by entering a pre-defined « magic number » in the appropriate fields (uid and gid, commonly).  However, once the user has been created, if you open the user entry in the console directly after creating it, the magic number will be listed instead of the actual value(s).

Completely re-starting the console fixes this behaviour, thus i am lead to believe it is a caching issue.  It is not a particularly severe bug, but there it is...

Reproducible: Always

Steps to Reproduce:
1. Activate and configure DNA plug-in
2. Create user in console using magic number
3. Open user entry in console
Actual Results:  
Magic number is shown instead of actual value.

Expected Results:  
Actual value is shown instead of magic number.

Comment 3 Nathan Kinder 2011-02-04 22:38:11 UTC
I ran some tests using the following packages on F14:

389-adminutil-devel-1.1.13-1.fc14.x86_64
389-admin-1.1.14-1.fc14.x86_64
389-console-1.1.4-1.fc14.noarch
389-ds-console-1.2.3-1.fc14.noarch
389-admin-console-1.1.5-1.fc14.noarch
389-ds-base-1.2.8-0.1.a1.fc14.x86_64
389-adminutil-1.1.13-1.fc14.x86_64

After running setup-ds-admin.pl, I stopped my 389-ds instance and added the following DNA configuration entry:

dn: cn=uids,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
objectClass: top
objectClass: extensibleObject
cn: uids
dnatype: uidNumber
dnamaxvalue: 10000
dnamagicregen: 0
dnafilter: (objectclass=posixAccount)
dnascope: dc=example,dc=com
dnanextvalue: 500

After restarting my 389-ds instance, I logged into Console as "cn=directory manager" and performed the following steps:

- Open the Directory Server instance.
- Select the "Directory" tab.
- Right click on the "dc=example,dc=com" node and choose "New->User"
- Fill in the "First Name", "Last Name", "Common Name", and "User ID" fields under the "User" tab on the left.
- Select the "Posix User" tab on the left.
- Check the "Enable Posix User Attributes" checkbox.
- Fill in the "UID Number" field with a value of "0".
- Fill in the "GID Number" and "Home Directory" fields.
- Click OK.

At this point a dialog is raised stating that a UID Number of "0" is for privileged users only.  I select "Yes" to go ahead and use the value.  The user is then created.  If you open the user entry up and choose the "Posix User" tab on the left, the "UID Number value is "500", which is the value assigned from DNA.

I also tried setting the DNA config to use a magic value other than 0 to avoid the warning dialog in Console, and the proper value is still displayed.  I even configured DNA to assign a value for the gidNumber attribute instead of the uidNumber attribute and the assigned value was still displayed.

If I create the entry using the "Users & Groups" tab in the main Console instead of using the "Directory" tab inside the the Directory Console, I am able to reproduce the issue.  It seems that "Users and Groups" simply needs to refresh an entry by searching for it after creation.

Comment 4 Nathan Kinder 2011-02-04 22:39:47 UTC
One other thing to note is that you can click on the "Search" button to find the entry just after creating it to refresh the values.  If this is done, the generated values are displayed for the recently created entry.

Comment 5 Nathan Kinder 2011-02-07 19:32:21 UTC
Created attachment 477488 [details]
Patch

This patch simply refreshes a newly added/modified entry from the DS in the "Users and Groups" tab in Console.

Comment 6 Nathan Kinder 2011-02-07 19:50:21 UTC
Checked into HEAD.  Thanks to Noriko for her review!

Checking in src/com/netscape/management/client/ug/ResourcePageObservable.java;
/cvs/dirsec/console/src/com/netscape/management/client/ug/ResourcePageObservable.java,v  <--  ResourcePageObservable.java
new revision: 1.3; previous revision: 1.2
done

Comment 7 Amita Sharma 2011-07-18 10:16:52 UTC
I followed the steps from comment#3..

If I create the entry using the "Users & Groups" tab in the main Console
instead of using the "Directory" tab inside the the Directory Console, I am
able to reproduce the issue.  It seems that "Users and Groups" simply needs to
refresh an entry by searching for it after creation. --

dn: cn=uids,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
objectClass: top
objectClass: extensibleObject
cn: uids
dnatype: uidNumber
dnamaxvalue: 10000
dnamagicregen: 0
dnafilter: (objectclass=posixAccount)
dnascope: dc=pnq,dc=redhat,dc=com
dnanextvalue: 500

It displayed : uidnumber=0 (is that fine)?

also I observed one thing which is odd :
==============================================
The warning screen : At this point a dialogue is raised stating that a UID Number of "0" is for privileged users only.  I select "Yes" to go ahead .. again it popped up.. everytime It is coming twice, be it the "Users & Groups" tab in the main Console Or from "Directory" tab.

Please guide?

Comment 8 Nathan Kinder 2011-07-18 15:29:22 UTC
(In reply to comment #7)
> It displayed : uidnumber=0 (is that fine)?
> 

Did you set nsslapd-pluginEnabled to "on" for the DNA plug-in?  The reproduction steps comment#3 did not mention this, but the plug-in needs to be enabled.

> also I observed one thing which is odd :
> ==============================================
> The warning screen : At this point a dialogue is raised stating that a UID
> Number of "0" is for privileged users only.  I select "Yes" to go ahead ..
> again it popped up.. everytime It is coming twice, be it the "Users & Groups"
> tab in the main Console Or from "Directory" tab.
> 
> Please guide?

This warning is fine.  Console has no way of knowing if DNA is being used, and you usually do not want to set someone's uidNumber to 0.

Comment 9 Amita Sharma 2011-07-19 06:18:23 UTC
ahhh .. how can I miss that :)
yeah it is working fine now. giving 0 for uid and getting 501, 502 ....

Hence marking as VERIFIED.