Bug 723514
Summary: | DDS overlay tolerance parametr doesn't function and breakes default ttl | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | David Spurek <dspurek> | ||||||
Component: | openldap | Assignee: | Jan Vcelak <jvcelak> | ||||||
Status: | CLOSED ERRATA | QA Contact: | BaseOS QE Security Team <qe-baseos-security> | ||||||
Severity: | medium | Docs Contact: | |||||||
Priority: | medium | ||||||||
Version: | 6.1 | CC: | dspurek, ebenes, jplans, jvcelak, omoris, ovasik, tsmetana | ||||||
Target Milestone: | rc | ||||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | openldap-2.4.23-17.el6 | Doc Type: | Bug Fix | ||||||
Doc Text: |
- OpenLDAP server with 'dds' overlay configured and olcDDStolerance is set.
- The dynamic entries are deleted before their TTL is expired. olcDDStolerance is shortening dynamic entries TTL, instead of its prolonging.
- The patch was applied to correctly evaluate real time of dynamic entries deletion.
- The dynamic entries real lifetime is entry's entryTtl + olcDDStolerance as described in documentation
|
Story Points: | --- | ||||||
Clone Of: | |||||||||
: | 733069 (view as bug list) | Environment: | |||||||
Last Closed: | 2011-12-06 12:13:04 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | |||||||||
Bug Blocks: | 733069 | ||||||||
Attachments: |
|
Created attachment 517864 [details]
proposed patch
olcDDStolerance setting had inverse effect and in fact was shortening entries real TTL. Attaching patch. It will be submitted upstream.
Resolved in openldap-2.4.23-17.el6 Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: - OpenLDAP server with 'dds' overlay configured and olcDDStolerance is set. - The dynamic entries are deleted before their TTL is expired. olcDDStolerance is shortening dynamic entries TTL, instead of its prolonging. - The patch was applied to correctly evaluate real time of dynamic entries deletion. - The dynamic entries real lifetime is entry's entryTtl + olcDDStolerance as described in documentation Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2011-1514.html |
Created attachment 513997 [details] Slapd configuration file Description of problem: DDS overlay tolerance parametr doesn't function. Default ttl parametr work bad with set dds-tolerance. EntryTtl attribute has right value, but entry is delete before ttl expiration. Version-Release number of selected component (if applicable): openldap-servers-2.4.23-15.el6 How reproducible: always Steps to Reproduce: 1.slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/ (slapd.conf is in attachement) 2.add entry dn: cn=OpenLDAP Documentation Meeting,ou=Meetings,dc=my-domain,dc=com objectClass: groupOfNames objectClass: dynamicObject cn: OpenLDAP Documentation Meeting member: cn=testusr1, dc=my-domain,dc=com member: cn=testusr2, dc=my-domain,dc=com 3.sleep 120 4. ldapsearch -LLL -x -b 'cn=OpenLDAP Documentation Meeting,ou=Meetings,dc=my-domain,dc=com' \"(objectClass=dynamicObject)\" Actual results: Entry cn=OpenLDAP Documentation Meeting,ou=Meetings,dc=my-domain,dc=com doesn't exist after 120s (lifetime should be entryTtl + tolerance = 240s). Even entry doesn't exist after 30s. Expected results: Entry should be exist after 120s.