Bug 982597
| Summary: | Some attributes in cn=config should not be multivalued | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Ján Rusnačko <jrusnack> |
| Component: | 389-ds-base | Assignee: | Rich Megginson <rmeggins> |
| Status: | CLOSED ERRATA | QA Contact: | Viktor Ashirov <vashirov> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | low | ||
| Version: | 7.0 | CC: | amsharma, mkubik, mreynolds, nhosoi, nkinder |
| Target Milestone: | rc | ||
| Target Release: | 7.1 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | 389-ds-base-1.3.3.1-1.el7 | Doc Type: | Bug Fix |
| Doc Text: |
Cause: Adding multiple configuration attributes for a single configuration setting
Consequence: Only the last attribute value processed for that attribute is used. This can have unexpected results.
Fix: Add the configuration attributes to the server's core schema definitions.
Result: The schema definitions are enforced, and single valued attributes will be guaranteed.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-03-05 09:30:55 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Ján Rusnačko
2013-07-09 11:39:23 UTC
Many attributes in cn=config are not even defined in the schema. The "cn=config" entry uses the "extensibleObject" objectclass to allow undefined attributes to be set. This means that there is no syntax enforcement or single-valued vs. multi-valued enforcement. The list of attributes like this is large. This is a very low priority to address. I'm pushing this out to RHEL 7.1 for the time being, but it will likely be something that we decide to push out even further. Upstream ticket: https://fedorahosted.org/389/ticket/47437 The remaining configuration attributes in cn=config have been added to the core schema. This addresses duplicate attributes(where defined) and syntax enforcement. Fixed upstream (1.3.3) *** Bug 1058656 has been marked as a duplicate of this bug. *** [root@vm-idm-035 slapd-test3]# /usr/bin/ldapmodify -x -h localhost -p 1189 -D "cn=Directory Manager" -w Secret123 << EOF dn: cn=config changetype: modify add: nsslapd-disk-monitoring nsslapd-disk-monitoring: off EOF modifying entry "cn=config" ldap_modify: Type or value exists (20) [root@vm-idm-035 slapd-test3]# /usr/bin/ldapmodify -x -h localhost -p 1189 -D "cn=Directory Manager" -w Secret123 << EOF dn: cn=config changetype: modify replace: nsslapd-disk-monitoring nsslapd-disk-monitoring: off EOF modifying entry "cn=config" [root@vm-idm-035 slapd-test3]# ldapsearch -LLL -x -p 1189 -h localhost -D "cn=Directory Manager" -w Secret123 -b "cn=config" |grep -i nsslapd-disk-monitoring: nsslapd-disk-monitoring: off I checked the same for nsslapd-disk-monitoring-threshold attribute. It works fine. I was not allowed to add multiple values. Hence, marking the bug as Verified. Build tested: [root@vm-idm-035 slapd-test3]# rpm -qa |egrep '389-ds-base' 389-ds-base-libs-1.3.3.1-9.el7.x86_64 389-ds-base-1.3.3.1-9.el7.x86_64 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-0416.html *** Bug 1048116 has been marked as a duplicate of this bug. *** |