Bug 864013

Summary: nsslapd-enablePlugin should not be multivalued
Product: Red Hat Enterprise Linux 7 Reporter: Ján Rusnačko <jrusnack>
Component: 389-ds-baseAssignee: Rich Megginson <rmeggins>
Status: CLOSED CURRENTRELEASE QA Contact: Sankar Ramalingam <sramling>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 7.0CC: jgalipea, jrusnack, mreynolds, nhosoi, nkinder
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 389-ds-base-1.3.1.2-1.el7 Doc Type: Bug Fix
Doc Text:
Cause: Adding multiple plugin configuration attributes. Consequence: Some plugin configuration attributes are not designed to multi-valued. This can lead unexpected results. Fix: Updated the core server schema to include these attributes, and set their proper syntax. Result: Plugin configuration updates comply with expected schema syntax.
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-13 09:33:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ján Rusnačko 2012-10-08 11:17:33 UTC
Description of problem:

nsslapd-pluginEnabled attribute present in plugin configuration determines whether plugin is enabled or not. This attribute seems to be multivalued - so it is possible to add new value that contradicts original one.

Version-Release number of selected component (if applicable):


How reproducible:
always

Steps to Reproduce:
ldapmodify ....<<EOF
dn: cn=PAM Pass Through Auth,cn=plugins,cn=config
changetype: modify
add: nsslapd-pluginEnabled
nsslapd-pluginEnabled: on
EOF

ldapsearch ... -b "cn=PAM Pass Through Auth,cn=plugins,cn=config" nsslapd-pluginEnabled
dn: cn=PAM Pass Through Auth,cn=plugins,cn=config
nsslapd-pluginEnabled: on
nsslapd-pluginEnabled: off


Actual results:
Succceeds and plugin is both enabled and disabled.


Expected results:
Should fail.


Additional info:
This problem seems to be present for all plugins, not just PAM PTA plugin.

Comment 2 Rich Megginson 2012-10-08 15:11:57 UTC
Upstream ticket:
https://fedorahosted.org/389/ticket/486

Comment 6 Ján Rusnačko 2013-06-10 13:25:32 UTC
Automated in pam_passthrough testsuite.

Comment 7 Rich Megginson 2013-10-01 23:26:24 UTC
moving all ON_QA bugs to MODIFIED in order to add them to the errata (can't add bugs in the ON_QA state to an errata).  When the errata is created, the bugs should be automatically moved back to ON_QA.

Comment 9 Ján Rusnačko 2013-11-12 12:57:17 UTC
Automated in pampassthrough as Bug864013. Passing on RHEL 7 daily acceptance for 389-ds-base-1.3.1.6-8.el7 :

----------------- Starting Test Bug864013 -------------------------
nsslapd-enablePlugin should not be multivalued
                                                                  
Set nsslapd-pluginEnabled to off
modifying entry cn=PAM Pass Through Auth,cn=plugins,cn=config

bug864013: expect=0 actual=0
PASS
Try to add new nsslapd-pluginEnabled attribute with value "on"
ldap_modify: Object class violation
ldap_modify: additional info: single-valued attribute "nsslapd-pluginEnabled" has multiple values

modifying entry cn=PAM Pass Through Auth,cn=plugins,cn=config

bug864013: expect=65 actual=65
PASS

Comment 10 Ludek Smid 2014-06-13 09:33:03 UTC
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.