Bug 723514
| Summary: | DDS overlay tolerance parametr doesn't function and breakes default ttl | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | David Spurek <dspurek> | ||||||
| Component: | openldap | Assignee: | Jan Vcelak <jvcelak> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | BaseOS QE Security Team <qe-baseos-security> | ||||||
| Severity: | medium | Docs Contact: | |||||||
| Priority: | medium | ||||||||
| Version: | 6.1 | CC: | dspurek, ebenes, jplans, jvcelak, omoris, ovasik, tsmetana | ||||||
| Target Milestone: | rc | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | All | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | openldap-2.4.23-17.el6 | Doc Type: | Bug Fix | ||||||
| Doc Text: |
- OpenLDAP server with 'dds' overlay configured and olcDDStolerance is set.
- The dynamic entries are deleted before their TTL is expired. olcDDStolerance is shortening dynamic entries TTL, instead of its prolonging.
- The patch was applied to correctly evaluate real time of dynamic entries deletion.
- The dynamic entries real lifetime is entry's entryTtl + olcDDStolerance as described in documentation
|
Story Points: | --- | ||||||
| Clone Of: | |||||||||
| : | 733069 (view as bug list) | Environment: | |||||||
| Last Closed: | 2011-12-06 12:13:04 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | |||||||||
| Bug Blocks: | 733069 | ||||||||
| Attachments: |
|
||||||||
Created attachment 517864 [details]
proposed patch
olcDDStolerance setting had inverse effect and in fact was shortening entries real TTL. Attaching patch. It will be submitted upstream.
Resolved in openldap-2.4.23-17.el6
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
New Contents:
- OpenLDAP server with 'dds' overlay configured and olcDDStolerance is set.
- The dynamic entries are deleted before their TTL is expired. olcDDStolerance is shortening dynamic entries TTL, instead of its prolonging.
- The patch was applied to correctly evaluate real time of dynamic entries deletion.
- The dynamic entries real lifetime is entry's entryTtl + olcDDStolerance as described in documentation
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2011-1514.html |
Created attachment 513997 [details] Slapd configuration file Description of problem: DDS overlay tolerance parametr doesn't function. Default ttl parametr work bad with set dds-tolerance. EntryTtl attribute has right value, but entry is delete before ttl expiration. Version-Release number of selected component (if applicable): openldap-servers-2.4.23-15.el6 How reproducible: always Steps to Reproduce: 1.slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/ (slapd.conf is in attachement) 2.add entry dn: cn=OpenLDAP Documentation Meeting,ou=Meetings,dc=my-domain,dc=com objectClass: groupOfNames objectClass: dynamicObject cn: OpenLDAP Documentation Meeting member: cn=testusr1, dc=my-domain,dc=com member: cn=testusr2, dc=my-domain,dc=com 3.sleep 120 4. ldapsearch -LLL -x -b 'cn=OpenLDAP Documentation Meeting,ou=Meetings,dc=my-domain,dc=com' \"(objectClass=dynamicObject)\" Actual results: Entry cn=OpenLDAP Documentation Meeting,ou=Meetings,dc=my-domain,dc=com doesn't exist after 120s (lifetime should be entryTtl + tolerance = 240s). Even entry doesn't exist after 30s. Expected results: Entry should be exist after 120s.