Bug 840153

Summary: Impossible to rename entry (modrdn) with Attribute Uniqueness plugin enabled
Product: Red Hat Enterprise Linux 6 Reporter: Rich Megginson <rmeggins>
Component: 389-ds-baseAssignee: Rich Megginson <rmeggins>
Status: CLOSED ERRATA QA Contact: Sankar Ramalingam <sramling>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 6.4CC: amsharma, jgalipea, nkinder
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 389-ds-base-1.2.11.12-1.el6 Doc Type: Bug Fix
Doc Text:
Cause: Using the Attribute Uniqueness plugin and performing an LDAP RENAME operation on an entry containing one of the attributes being tested for uniqueness by the plugin. Consequence: LDAP RENAME operation fails with err 19 Constraint Violation - Another entry with the same attribute value already exists. Fix: The Attribute Uniqueness code was doing comparisons of un-normalized values. The fix is to make sure comparisons are done between values normalized the same way. Result: LDAP RENAME operations do not return err 19 when there is no conflict.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2013-02-21 08:20:06 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Rich Megginson 2012-07-13 22:03:03 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/389/ticket/406

I'm testing 389 v1.2.10.12 on CentOS 5.8 x86_64. With Attribute Uniqueness plugin enabled for one of the attributes of the entry (not the naming attribute) modrdn operation for this entry fails with:

ldap_rename: Constraint violation (19)
        additional info: Another entry with the same attribute value already exists (attribute: "X-UniqueId")

In our case we need the uniqueness of the X-UniqueId attribute. The modrdn was changing the uid attribute. In the latest version of 1.2.9.x this problem did not exist.

It's a blocking issue for the upgrade 1.2.9.x->1.2.10x on our production servers.

Typical log trace:
''[11/Jul/2012:16:20:40 +0200] conn=5 op=6 MODRDN dn="uid=somelogin,ou=Personnel,ou=Utilisateurs,dc=id,dc=polytechnique,dc=edu" newrdn="uid=somelogin.test" newsuperior="ou=Personnel,ou=Utilisateurs,dc=id,dc=polytechnique,dc=edu"
[11/Jul/2012:16:20:41 +0200] conn=5 op=6 RESULT err=19 tag=109 nentries=0 etime=0.012000
''
Comment 1 Rich Megginson 2012-07-13 22:06:12 UTC 
r6731 | rmeggins | 2012-07-13 16:05:21 -0600 (Fri, 13 Jul 2012) | 5 lines

Bug 840153 - Impossible to rename entry (modrdn) with Attribute Uniqueness plugin enabled

Added tests - the tests are the ic5X tests - these tests verify the bug is
fixed and test other aspects of modrdn with attribute uniqueness enabled

Sending        uid/tet_scen.sh
Sending        uid/uid.sh
Comment 3 Amita Sharma 2013-01-29 06:46:52 UTC 
Uid startup 	100% (1/1) 	  	 
Uid run 	100% (9/9) 	  	 
Uid cleanup 	100% (1/1)
All tests passed in the acceptance with 389-ds-base.x86_64 0:1.2.11.15-10.el6 build on rhel64.

Hence marking bug as VERIFIED.
Comment 4 Amita Sharma 2013-01-29 06:51:33 UTC 
Uid startup 	100% (1/1) 	  	 
Uid run 	100% (9/9) 	  	 
Uid cleanup 	100% (1/1)
All tests passed in the acceptance with 389-ds-base.x86_64 0:1.2.11.15-10.el6 build on rhel64.

Hence marking bug as VERIFIED.
Comment 5 errata-xmlrpc 2013-02-21 08:20:06 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0503.html