Bug 725479

Summary: Overlay refint option refint_nothing doesn't function correctly
Product: Red Hat Enterprise Linux 6 Reporter: David Spurek <dspurek>
Component: openldapAssignee: Jan Vcelak <jvcelak>
Status: CLOSED ERRATA QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: medium Docs Contact:
Priority: low    
Version: 6.1CC: ebenes, jplans, jvcelak, ksrot, omoris, ovasik, tsmetana
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openldap-2.4.23-18.el6 Doc Type: Bug Fix
Doc Text:
- openldap-servers package installed, refint overlay set up, refint_nothing option used - when an entry which is referenced by some of refint_attributes is deleted, the value of the attribute is not replaced by the value in refint_nothing option, but is left untouched - upstream patch applied to target this issue - refint_nothing option works as described in documentation
Story Points: ---
Clone Of:
: 733072 (view as bug list) Environment:
Last Closed: 2011-12-06 11:49:22 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 733072    
Attachments:
Description Flags
Slapd configuration file none

Description David Spurek 2011-07-25 15:23:30 UTC
Created attachment 515097 [details]
Slapd configuration file

Description of problem:
Overlay refint option refint_nothing doesn't function correctly. After delete the last value, an arbitrary value should be used as a placeholder. Attribute doesn't have an arbitrary value, but last value before delete.

Version-Release number of selected component (if applicable):
openldap-servers-2.4.23-15.el6

How reproducible:
always

Steps to Reproduce:
1.slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/
(slapd.conf is in attachement)
2.add entry
dn: dc=my-domain,dc=com
objectClass: dcObject
objectClass: organization
dc: my-domain
o: my-domain
description: my-domain

dn: cn=Manager,dc=my-domain,dc=com
objectClass: organizationalRole
cn: Manager
description: Directory Manager

dn: ou=People,dc=my-domain,dc=com
objectClass: organizationalUnit
ou: People

dn: uid=ldap1,ou=People,dc=my-domain,dc=com
cn: ldap1
objectClass: account
objectClass: posixAccount
objectClass: top
uid: ldap1
uidNumber: 10001
gidNumber: 10001
homeDirectory: /home/ldap/ldap1
gecos: ldap1_user
loginShell: /bin/sh
userPassword: {SSHA}vXxC+eHHxf4p16273jJfK1xGrMSn+aUT

dn: uid=ldap2,ou=People,dc=my-domain,dc=com
cn: ldap2
objectClass: account
objectClass: posixAccount
objectClass: top
uid: ldap2
uidNumber: 10002
gidNumber: 10002
homeDirectory: /home/ldap/ldap2
gecos: uid=ldap1,ou=People,dc=my-domain,dc=com
loginShell: /bin/sh
userPassword: {SSHA}vXxC+eHHxf4p16273jJfK1xGrMSn+aUT
3.ldapdelete -x -D cn=Manager,dc=my-domain,dc=com -w x uid=ldap1,ou=People,dc=my-domain,dc=com
4.ldapsearch -LLL -b dc=my-domain,dc=com -x "(uid=ldap2)" gecos
  
Actual results:
dn: uid=ldap2,ou=People,dc=my-domain,dc=com
gecos: uid=ldap1,ou=People,dc=my-domain,dc=com

Expected results:
dn: uid=ldap2,ou=People,dc=my-domain,dc=com
gecos: cn=missing,dc=my-domain,dc=com

Additional info:
When option refint_nothing missing, the attribute gecos is correctly missing in entry uid=ldap2,ou=People,dc=my-domain,dc=com.

Comment 1 Jan Vcelak 2011-08-12 11:34:40 UTC
I found the problem, working on resolution.

bdb_modify: uid=ldap2,ou=People,dc=my-domain,dc=com
bdb_dn2entry("uid=ldap2,ou=people,dc=my-domain,dc=com")
bdb_modify_internal: 0x00000005: uid=ldap2,ou=People,dc=my-domain,dc=com
bdb_modify_internal: delete gecos
bdb_modify_internal: replace modifiersName
bdb_modify_internal: delete gecos
bdb_modify_internal: 16 modify/delete: gecos: no such attribute
bdb_modify: modify failed (16)
send_ldap_result: conn=-1 op=0 p=0
send_ldap_result: err=16 matched="" text="modify/delete: gecos: no such attribute"
refint_repair: dependent modify failed: 16

Comment 2 Jan Vcelak 2011-08-16 11:57:48 UTC
Upstream report:
http://www.openldap.org/its/index.cgi?findid=6663

Upstream resolution:
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=4ce7f5d

Tested, the fix works.

Comment 5 Jan Vcelak 2011-08-26 11:05:46 UTC
Fixed in openldap-2.4.23-18.el6

Comment 8 Jan Vcelak 2011-08-26 13:14:21 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
- openldap-servers package installed, refint overlay set up, refint_nothing option used
- when an entry which is referenced by some of refint_attributes is deleted, the value of the attribute is not replaced by the value in refint_nothing option, but is left untouched
- upstream patch applied to target this issue
- refint_nothing option works as described in documentation

Comment 10 errata-xmlrpc 2011-12-06 11:49:22 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1514.html