Bug 853355
Summary: | Possible to add invalid attribute to nsslapd-allowed-to-delete-attrs | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Ján Rusnačko <jrusnack> |
Component: | 389-ds-base | Assignee: | Rich Megginson <rmeggins> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Sankar Ramalingam <sramling> |
Severity: | unspecified | Docs Contact: | |
Priority: | medium | ||
Version: | 7.0 | CC: | amsharma, jgalipea, nhosoi, nkinder |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | 389-ds-base-1.3.1.6-15.el7 | Doc Type: | Bug Fix |
Doc Text: |
Cause: There was no code to check if the values of nsslapd-allowed-to-delete-attrs are the valid configuration attribute or not.
Consequence: Invalid configuration attributes were silently accepted.
Fix: Code to check the validity of the configuration attribute.
Result: If the value of nsslapd-allowed-to-delete-attrs contains invalid configuration parameters, they are not stored in the configuration entry and it logs in the error log as "nsslapd-allowed-to-delete-attrs: Unknown attribute bogus will be ignored".
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2014-06-13 10:36:34 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ján Rusnačko
2012-08-31 08:30:33 UTC
Upstream ticket: https://fedorahosted.org/389/ticket/447 moving all ON_QA bugs to MODIFIED in order to add them to the errata (can't add bugs in the ON_QA state to an errata). When the errata is created, the bugs should be automatically moved back to ON_QA. Hi Noriko,
Following is the execution done for testing ::
[root@dhcp201-149 ~]# rpm -qa | grep 389
389-adminutil-1.1.15-3.fc19.1.x86_64
389-admin-1.1.31-1.fc19.2.x86_64
389-admin-console-doc-1.1.8-5.fc19.noarch
389-console-1.1.7-4.fc19.noarch
389-ds-base-1.3.1.6-12.el7.x86_64
389-admin-console-1.1.8-5.fc19.noarch
389-ds-console-doc-1.2.7-2.fc19.noarch
389-dsgw-1.1.10-1.fc19.x86_64
389-ds-base-libs-1.3.1.6-12.el7.x86_64
389-ds-console-1.2.7-2.fc19.noarch
389-ds-1.2.2-4.fc19.noarch
[root@dhcp201-149 ~]# ldapmodify -h localhost -p 389 -D "cn=directory manager" -w Secret123 <<EOF
> dn: cn=config
> changetype: modify
> replace: nsslapd-allowed-to-delete-attrs
> nsslapd-allowed-to-delete-attrs: invalid-attr
> EOF
modifying entry "cn=config"
[root@dhcp201-149 ~]# systemctl restart dirsrv@dhcp201-149
[root@dhcp201-149 ~]# tail -f /var/log/dirsrv/slapd-dhcp201-149/errors
[07/Jan/2014:11:55:52 +051800] config - nsslapd-allowed-to-delete-attrs: Unknown attribute invalid-attr will be ignored
[07/Jan/2014:11:56:09 +051800] - slapd shutting down - signaling operation threads
[07/Jan/2014:11:56:09 +051800] - slapd shutting down - waiting for 17 threads to terminate
[07/Jan/2014:11:56:09 +051800] - slapd shutting down - closing down internal subsystems and plugins
[07/Jan/2014:11:56:09 +051800] - Waiting for 4 database threads to stop
[07/Jan/2014:11:56:09 +051800] - All database threads now stopped
[07/Jan/2014:11:56:09 +051800] - slapd stopped.
[07/Jan/2014:11:56:10 +051800] config - nsslapd-allowed-to-delete-attrs: Unknown attribute invalid-attr will be ignored
[07/Jan/2014:11:56:10 +051800] - 389-Directory/1.3.1.6 B2013.344.2051 starting up
[07/Jan/2014:11:56:10 +051800] - slapd started. Listening on All Interfaces port 389 for LDAP requests
^C
[root@dhcp201-149 ~]# ldapsearch -x -h localhost -p 389 -D "cn=Directory Manager" -w Secret123 -b "cn=config" | grep -i "nsslapd-allowed-to-delete-attrs"
nsslapd-allowed-to-delete-attrs: invalid-attr
Issues ::
==========
1. Although the error message is logged in the error logs, the following search returns the invalid value assigned to the attribute nsslapd-allowed-to-delete-attrs. which is not correct.
2. The error should be given as the output of one of these operations ::
a. while setting the invalid value of the attribute using ldapmodify.
b. Restarting the server after setting the invalid value.
Acceptance results are also failing :: http://dhcp201-149.englab.pnq.redhat.com/qa/archive/ds/90/acceptance/output/Linux/20140107-154306/acceptance/basic.run.out.17579 Automated under -- /acceptance/basic/config.sh - test case bug602456_13 Committed revision https://engineering.redhat.com/trac/DStetframework/changeset/8268 [root@dhcp201-149 ~]# rpm -qa | grep 389 389-adminutil-1.1.15-3.fc19.1.x86_64 389-console-1.1.7-4.fc19.noarch 389-ds-base-libs-1.3.1.6-14.el7.x86_64 389-ds-base-1.3.1.6-14.el7.x86_64 Acceptance Results :: http://dhcp201-149.englab.pnq.redhat.com/qa/archive/ds/90/acceptance/output/Linux/20140109-122004/acceptance/basic.run.out.14411 ----------------- Starting Test bug602456_13 ------------------------- Adding a new invalid attribute to nsslapd-allwed-to-delete-attrs at runtime to cn=config Adding the nsslapd-invalidhost-attr attribute to nsslapd-allowed-to-delete-attrs ldap_modify: DSA is unwilling to perform modifying entry cn=config [09/Jan/2014:12:21:45 +051800] config - nsslapd-allowed-to-delete-attrs: Unknown attribute nsslapd-invalidhost-attr will be ignored bug602456_13: error log logged expected error. TestCase [bug602456_13] result-> [PASS] /usr/lib64/mozldap/ldapsearch -1 -p 24372 -h dhcp201-149.englab.pnq.redhat.com -D cn=directory manager -w Secret123 -b cn=config -s base objectclass=* | grep nsslapd-allowed-to-delete-attrs: | grep nsslapd-invalidhost-attr Test result for bug602456_13, Adding a new invalid attribute to nsslapd-allwed-to-delete-attrs at runtime to cn=config, Actual_Result=1, Expected_Result=1 TestCase [bug602456_13] result-> [PASS] ------------------Test bug602456_13 Completed------------------------- Manual execution ================ [root@dhcp201-149 ~]# ldapmodify -h localhost -p 24372 -D "cn=directory manager" -w Secret123 <<EOF dn: cn=config changetype: modify replace: nsslapd-allowed-to-delete-attrs nsslapd-allowed-to-delete-attrs: invalid-attr EOF modifying entry "cn=config" ldap_modify: Server is unwilling to perform (53) [root@dhcp201-149 ~]# ldapsearch -x -h localhost -p 24372 -D "cn=Directory Manager" -w Secret123 -b "cn=config" | grep -i "nsslapd-allowed-to-delete-attrs" nsslapd-allowed-to-delete-attrs: nsslapd-listenhost nsslapd-securelistenhost n Logs :: [09/Jan/2014:12:27:38 +051800] config - nsslapd-allowed-to-delete-attrs: Unknown attribute invalid-attr will be ignored [09/Jan/2014:12:27:39 +051800] config - nsslapd-allowed-to-delete-attrs: Given attributes are all invalid. No effects. Hence marking VERIFIED. Sorry, 2 valgrind errors were found (DS 47660). Reopening this bug. ############## Result for backend test : Basic run Basic run elapse time : 00:03:04 Basic run Tests PASS : 100% (63/63) All test cases in basic acceptance tests passed. Hence, marking it as verified. Build tested - 389-ds-base-1.3.1.6-15 This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |