Bug 733442

Summary: Ignore an error 32 in this case since we're adding a new AutoMember definition
Product: Red Hat Enterprise Linux 6 Reporter: Rich Megginson <rmeggins>
Component: 389-ds-baseAssignee: Rich Megginson <rmeggins>
Status: CLOSED ERRATA QA Contact: Chandrasekar Kannan <ckannan>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.2CC: amsharma, benl, dpal, jgalipea, jr.aquino, nhosoi, nkinder, rmeggins
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: 389-ds-base-1.2.9.8-1.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 732541 Environment:
Last Closed: 2011-12-06 17:56:12 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 732541    
Bug Blocks: 690318, 708096    

Description Rich Megginson 2011-08-25 17:40:23 UTC 
This bug is targeted for DSIPA21 but fixed after 1.2.9.6 so not included in the rebase, so cloning.

+++ This bug was initially created as a clone of Bug #732541 +++

Description of problem:
When adding an AutoMember definition, it is possible to receive an error 32 because the plugin is searching for children prior to the definition existing.

Error Message:
auto-membership-plugin - automember_parse_config_entry: Error searching for child rule entries for config "cn=hostgroup,cn=automember,cn=etc,dc=example,dc=com" (err=32)

How reproducible:
The problem seems to manifest itself when you use 2 separate LDIFs.  
1st LDIF contains the cn=config modification to point at cn=config
2d LDIF contains the cn=Hostgroup/cn=Group,cn=automember,cn=etc,$SUFFIX

Steps to Reproduce:
1. Install FreeIPA
2. Insert modification to cn=config to point to cn=automember,cn=etc,$SUFFIX
3. Insert modification to add cn=Hostgroup/cn=Group,cn=automember,cn=etc,$SUFFIX
  
Actual results:
Error Message:
auto-membership-plugin - automember_parse_config_entry: Error searching for child rule entries for config "cn=hostgroup,cn=automember,cn=etc,dc=example,dc=com" (err=32)

Expected results:
Expected that the definitions get created successfully without having to search for children prior to their own existence.

--- Additional comment from nkinder on 2011-08-24 13:18:23 EDT ---

To reproduce without having to install/setup FreeIPA, do the following:

- Run setup-ds.pl to create a new DS instance with a suffix of 
  'dc=example,dc=com'.

- Use ldapmodify to apply the operations in ldif1.ldif (attached).

- Do a 'service dirsrv restart' to apply the config area change from ldif1.ldif.

- Use ldapmodify to apply the operations in ldif2.ldif (attached).  This will
  fail with an err=53.

The fix should cause the second ldif to apply with no errors.

--- Additional comment from nkinder on 2011-08-24 13:38:51 EDT ---

Created attachment 519675 [details]
test ldif (ldif1)

--- Additional comment from nkinder on 2011-08-24 13:39:14 EDT ---

Created attachment 519676 [details]
test ldif (ldif2)

--- Additional comment from nkinder on 2011-08-24 13:43:28 EDT ---

Created attachment 519679 [details]
Patch

--- Additional comment from nkinder on 2011-08-24 16:11:45 EDT ---

Checked into master and 389-ds-base-1.2.9 branch.  Thanks to Rich for his review!

Counting objects: 13, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (7/7), done.
Writing objects: 100% (7/7), 1.10 KiB, done.
Total 7 (delta 4), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
   971dded..7e43a28  master -> master

Counting objects: 13, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (7/7), done.
Writing objects: 100% (7/7), 1.12 KiB, done.
Total 7 (delta 4), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
   5ff4af3..6ceca02  129-local -> 389-ds-base-1.2.9
Comment 3 Amita Sharma 2011-09-26 13:43:02 UTC 
[root@snmaptest ~]# netstat -nlp | grep 389
tcp        0      0 :::389                      :::*                        LISTEN      3455/ns-slapd       
[root@snmaptest ~]# 
[root@snmaptest ~]# ldapmodify -x -h localhost -p 389 -D "cn=Directory Manager" -w Secret123  << EOF
> dn: ou=etc,dc=example,dc=com
> changetype: add
> objectclass: organizationalUnit
> ou: etc
> 
> dn: cn=Auto Membership Plugin,cn=plugins,cn=config
> changetype: modify
> replace: nsslapd-pluginConfigArea
> nsslapd-pluginConfigArea: ou=etc,dc=example,dc=com
> EOF
adding new entry "ou=etc,dc=example,dc=com"

modifying entry "cn=Auto Membership Plugin,cn=plugins,cn=config"

[root@snmaptest ~]# service dirsrv restart
Shutting down dirsrv: 
    M1...                                                  [  OK  ]
    M2...                                                  [  OK  ]
    M3...                                                  [  OK  ]
    M4...                                                  [  OK  ]
    snmaptest...                                           [  OK  ]
    snmaptest1...                                          [  OK  ]
Starting dirsrv: 
    M1...                                                  [  OK  ]
    M2...                                                  [  OK  ]
    M3...                                                  [  OK  ]
    M4...                                                  [  OK  ]
    snmaptest...                                           [  OK  ]
    snmaptest1...                                          [  OK  ]
[root@snmaptest ~]# ldapmodify -x -h localhost -p 389 -D "cn=Directory Manager" -w Secret123  << EOF
> dn: cn=Hostgroups,ou=etc,dc=example,dc=com
> changetype: add
> objectclass: autoMemberDefinition
> cn: Hostgroups
> autoMemberScope: dc=example,dc=com
> autoMemberFilter: objectclass=posixAccount
> autoMemberDefaultGroup: cn=orphans,cn=hostgroups,dc=example,dc=com
> autoMemberGroupingAttr: member:dn
> EOF
adding new entry "cn=Hostgroups,ou=etc,dc=example,dc=com"

Hence VERIFIED.
Comment 4 errata-xmlrpc 2011-12-06 17:56:12 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2011-1711.html