Bug 830342

Summary: cannot delete tombstone entries
Product: Red Hat Enterprise Linux 7 Reporter: Nathan Kinder <nkinder>
Component: 389-ds-baseAssignee: Rich Megginson <rmeggins>
Status: CLOSED WONTFIX QA Contact: IDM QE LIST <seceng-idm-qe-list>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 7.0CC: jgalipea, nhosoi
Target Milestone: rc   
Target Release: 7.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-12-18 15:56:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Nathan Kinder 2012-06-08 21:30:58 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/389/ticket/376

An attempt to delete a tombstone entry gives err=32 - no such entry:

{{{
17/May/2012:01:41:35 +0000] conn=947 fd=80 slot=80 SSL connection from
::1 to ::1
[17/May/2012:01:41:35 +0000] conn=947 SSL 256-bit AES
[17/May/2012:01:41:35 +0000] conn=947 op=0 BIND dn="cn=Directory
Manager" method=128 version=3
[17/May/2012:01:41:35 +0000] conn=947 op=0 RESULT err=0 tag=97
nentries=0 etime=0 dn="cn=directory manager"
[17/May/2012:01:41:35 +0000] conn=947 op=1 DEL
dn="nsuniqueid=14403301-1dd211b2-9635fc8a-5f520000,uid=username,ou=people,dc=example,dc=com"
[17/May/2012:01:41:35 +0000] conn=947 op=1 RESULT err=32 tag=107
nentries=0 etime=0
[17/May/2012:01:41:35 +0000] conn=947 op=1 RESULT err=32 tag=107
nentries=0 etime=0
[17/May/2012:01:41:35 +0000] conn=947 op=2 UNBIND
[17/May/2012:01:41:35 +0000] conn=947 op=2 fd=80 closed - U1
}}}

Note there are two result lines - this is bad.
Comment 1 Jenny Severance 2012-06-19 17:23:07 UTC 
please add steps to reproduce/verify this bug
Comment 2 Noriko Hosoi 2012-07-09 18:10:26 UTC 
The target milestone is 389-ds-base-1.3/RHEL7 or FUTURE.
Comment 4 Nathan Kinder 2013-03-08 18:46:29 UTC 
This is not going to be implemented for RHEL 7.0.  Pushing it out to RHEL 7.1 for now, but we might push it out even further than that.
Comment 5 Nathan Kinder 2013-12-18 15:56:59 UTC 
The upstream ticket for this was closed as WONTFIX.  Here is the explanation from the upstream ticket:

 Before I forget, here was the latest status...

If a tombstone entry is in the cache, you can delete it, but when it's not, you can not delete the tombstone(error 32).

Stack trace:

ldbm_entryrdn.c:3245: _entryrdn_get_elem returns -30988

#0 _entryrdn_index_read (be=0xfef0a0, cursor=0x108ea60, srdn=0x7f04a25f3700, elem=0x7f04a25f3740, parentelem=0x0, childelems=0x0, flags=0, db_txn=0x0) at ../ds/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c:3247
#1 entryrdn_index_read_ext (be=0xfef0a0, sdn=0x7f04680008c0, id=0x7f04a25f380c, flags=0, txn=0x7f04a25f3b30) at ../ds/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c:439
#2 dn2entry_ext (be=0xfef0a0, sdn=0x7f04680008c0, txn=0x7f04a25f3b30, flags=0, err=0x7f04a25f38a8) at ../ds/ldap/servers/slapd/back-ldbm/dn2entry.c:92
#3 find_entry_internal_dn (pb=0x11c8660, be=0xfef0a0, sdn=0x7f04680008c0, lock=1, txn=0x7f04a25f3b30, flags=0) at ../ds/ldap/servers/slapd/back-ldbm/findentry.c:130
#4 find_entry_internal (pb=0x11c8660, be=0xfef0a0, addr=0x11c89e8, lock=1, txn=0x7f04a25f3b30, flags=0) at ../ds/ldap/servers/slapd/back-ldbm/findentry.c:293
#5 find_entry2modify (pb=0x11c8660, be=0xfef0a0, addr=0x11c89e8, txn=0x7f04a25f3b30) at ../ds/ldap/servers/slapd/back-ldbm/findentry.c:324
#6 ldbm_back_delete (pb=0x11c8660) at ../ds/ldap/servers/slapd/back-ldbm/ldbm_delete.c:185

The problem why it fails is that entryrdn_index_read_ext() strips off the tombstone flag so it ignores the tombstone rdns:

    dn2entry.c:92 *err = entryrdn_index_read_ext(be, sdn, &id, flags & TOMBSTONE_INCLUDED, txn);

This was apparently stripped off to improve performance. Needs more investigation...

Manual tombstone deletion is not recommended/supported.
. As described in comment 6, the operation is only allowed when the tombstone entry is in entry cache.
. Even if a tombstone entry is deleted on a master, the operation is not replicated to the consumers.
. The same symptom is observed on RHDS8.2, as well.
. We strongly recommend to use tombstone reap to clean up tombstone entries. A doc bug was filed for that: Bug 974695 - Adding tombstone entry and how to delete it to Admin Guide.