Bug 732541

Summary: Ignore an error 32 in this case since we're adding a new AutoMember definition
Product: [Retired] 389 Reporter: Jr Aquino <jr.aquino>
Component: Server - PluginsAssignee: Rich Megginson <rmeggins>
Status: CLOSED CURRENTRELEASE QA Contact: Viktor Ashirov <vashirov>
Severity: low Docs Contact:
Priority: unspecified    
Version: 1.2.9CC: amsharma, nhosoi, nkinder, rmeggins
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 733442 (view as bug list) Environment:
Last Closed: 2015-12-07 16:33:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 690318, 708096, 733442    
Attachments:
Description Flags
test ldif (ldif1)
none
test ldif (ldif2)
none
Patch nkinder: review?, rmeggins: review+

Description Jr Aquino 2011-08-22 20:31:07 UTC 
Description of problem:
When adding an AutoMember definition, it is possible to receive an error 32 because the plugin is searching for children prior to the definition existing.

Error Message:
auto-membership-plugin - automember_parse_config_entry: Error searching for child rule entries for config "cn=hostgroup,cn=automember,cn=etc,dc=example,dc=com" (err=32)

How reproducible:
The problem seems to manifest itself when you use 2 separate LDIFs.  
1st LDIF contains the cn=config modification to point at cn=config
2d LDIF contains the cn=Hostgroup/cn=Group,cn=automember,cn=etc,$SUFFIX

Steps to Reproduce:
1. Install FreeIPA
2. Insert modification to cn=config to point to cn=automember,cn=etc,$SUFFIX
3. Insert modification to add cn=Hostgroup/cn=Group,cn=automember,cn=etc,$SUFFIX
  
Actual results:
Error Message:
auto-membership-plugin - automember_parse_config_entry: Error searching for child rule entries for config "cn=hostgroup,cn=automember,cn=etc,dc=example,dc=com" (err=32)

Expected results:
Expected that the definitions get created successfully without having to search for children prior to their own existence.
Comment 1 Nathan Kinder 2011-08-24 17:18:23 UTC 
To reproduce without having to install/setup FreeIPA, do the following:

- Run setup-ds.pl to create a new DS instance with a suffix of 
  'dc=example,dc=com'.

- Use ldapmodify to apply the operations in ldif1.ldif (attached).

- Do a 'service dirsrv restart' to apply the config area change from ldif1.ldif.

- Use ldapmodify to apply the operations in ldif2.ldif (attached).  This will
  fail with an err=53.

The fix should cause the second ldif to apply with no errors.
Comment 2 Nathan Kinder 2011-08-24 17:38:51 UTC 
Created attachment 519675 [details]
test ldif (ldif1)
Comment 3 Nathan Kinder 2011-08-24 17:39:14 UTC 
Created attachment 519676 [details]
test ldif (ldif2)
Comment 4 Nathan Kinder 2011-08-24 17:43:28 UTC 
Created attachment 519679 [details]
Patch
Comment 5 Nathan Kinder 2011-08-24 20:11:45 UTC 
Checked into master and 389-ds-base-1.2.9 branch.  Thanks to Rich for his review!

Counting objects: 13, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (7/7), done.
Writing objects: 100% (7/7), 1.10 KiB, done.
Total 7 (delta 4), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
   971dded..7e43a28  master -> master

Counting objects: 13, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (7/7), done.
Writing objects: 100% (7/7), 1.12 KiB, done.
Total 7 (delta 4), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
   5ff4af3..6ceca02  129-local -> 389-ds-base-1.2.9
Comment 6 Amita Sharma 2011-09-26 13:42:45 UTC 
[root@snmaptest ~]# netstat -nlp | grep 389
tcp        0      0 :::389                      :::*                        LISTEN      3455/ns-slapd       
[root@snmaptest ~]# 
[root@snmaptest ~]# ldapmodify -x -h localhost -p 389 -D "cn=Directory Manager" -w Secret123  << EOF
> dn: ou=etc,dc=example,dc=com
> changetype: add
> objectclass: organizationalUnit
> ou: etc
> 
> dn: cn=Auto Membership Plugin,cn=plugins,cn=config
> changetype: modify
> replace: nsslapd-pluginConfigArea
> nsslapd-pluginConfigArea: ou=etc,dc=example,dc=com
> EOF
adding new entry "ou=etc,dc=example,dc=com"

modifying entry "cn=Auto Membership Plugin,cn=plugins,cn=config"

[root@snmaptest ~]# service dirsrv restart
Shutting down dirsrv: 
    M1...                                                  [  OK  ]
    M2...                                                  [  OK  ]
    M3...                                                  [  OK  ]
    M4...                                                  [  OK  ]
    snmaptest...                                           [  OK  ]
    snmaptest1...                                          [  OK  ]
Starting dirsrv: 
    M1...                                                  [  OK  ]
    M2...                                                  [  OK  ]
    M3...                                                  [  OK  ]
    M4...                                                  [  OK  ]
    snmaptest...                                           [  OK  ]
    snmaptest1...                                          [  OK  ]
[root@snmaptest ~]# ldapmodify -x -h localhost -p 389 -D "cn=Directory Manager" -w Secret123  << EOF
> dn: cn=Hostgroups,ou=etc,dc=example,dc=com
> changetype: add
> objectclass: autoMemberDefinition
> cn: Hostgroups
> autoMemberScope: dc=example,dc=com
> autoMemberFilter: objectclass=posixAccount
> autoMemberDefaultGroup: cn=orphans,cn=hostgroups,dc=example,dc=com
> autoMemberGroupingAttr: member:dn
> EOF
adding new entry "cn=Hostgroups,ou=etc,dc=example,dc=com"

Hence VERIFIED.