Red Hat Bugzilla – Bug 1014831
slapo-constraint causes modify operations to fail
Last modified: 2015-03-02 00:28:11 EST
Description of problem:
When the constraint overlay is enabled and the restrict parameter is configured, this can cause all modify operations to fail on the affected entries.
Version-Release number of selected component (if applicable):
Steps to reproduce:
- install openldap-servers-2.4.23-26 or later
- enable the constraint overlay
- configure a constraint attribute with the restrict parameter set. Example:
uid regex ^[[:alnum:]-]+$ restrict="ldap:///ou=people,dc=example,dc=com??sub?(objectClass=inetOrgPerson)"
- add an entry which is included in the restriction set in the constraint, and which contains the attribute (uid in the example). Example: uid=tuser,ou=people,dc=exanoke,dc=com
- try to add a different attribute. I have tested with carLicense. Adding the attribute fails.
- if the constraint is removed, carLicense is added and the constraint on uid is enabled again, carLicense cannot be modified.
all modify options fails.
Created attachment 823337 [details]
Patch slapo-constraint -- include upstream fixes
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.