Hide Forgot
Description of problem: From RHEL 7 most DS plugins are converted to be betxn - if their operation fails, whole transaction should fail and not be comitted to database. In case of Linked Attributes plugin, we can create a situation where plugin fails to create linked attribute in managed entry, e.g. due to non-existent managed entry. Version-Release number of selected component (if applicable): 389-ds-base-1.3.1.6-8.el7.x86_64 How reproducible: always Steps to Reproduce: # Enable plugin [jrusnack@localhost slapd-dstet]$ ldapmodify -h $HOST -p $PORT -D "cn=directory manager" -w Secret123 -a <<EOF > dn: cn=Linked Attributes,cn=plugins,cn=config > changetype: modify > replace: nsslapd-pluginEnabled > nsslapd-pluginEnabled: on > EOF modifying entry "cn=Linked Attributes,cn=plugins,cn=config" # Set up new linked attribute seeAlso [jrusnack@localhost slapd-dstet]$ ldapmodify -h $HOST -p $PORT -D "cn=directory manager" -w Secret123 -a <<EOF > dn: cn=Manager Link,cn=Linked Attributes,cn=plugins,cn=config > changetype: add > objectClass: top > objectClass: extensibleObject > cn: Manager Link > linkType: seeAlso > managedType: seeAlso > EOF adding new entry "cn=Manager Link,cn=Linked Attributes,cn=plugins,cn=config" # Restart DS to apply changes [jrusnack@localhost slapd-dstet]$ sudo systemctl restart dirsrv.target # Add manager entry, which links to non-existent uid=user [jrusnack@localhost slapd-dstet]$ ldapmodify -h $HOST -p $PORT -D "cn=directory manager" -w Secret123 -a <<EOF > dn: uid=manager,ou=people,dc=example,dc=com > objectclass: person > objectclass: inetOrgPerson > objectclass: top > cn: manager > sn: manager > uid: manager > seeAlso: uid=user,ou=people,dc=example,dc=com > EOF adding new entry "uid=manager,ou=people,dc=example,dc=com" [jrusnack@localhost slapd-dstet]$ ldapsearch -h $HOST -p $PORT -D "cn=directory manager" -w Secret123 -b "uid=manager,ou=people,dc=example,dc=com" -LLL dn: uid=manager,ou=People,dc=example,dc=com objectClass: person objectClass: inetOrgPerson objectClass: top objectClass: organizationalPerson cn: manager sn: manager uid: manager seeAlso: uid=user,ou=people,dc=example,dc=com [jrusnack@localhost slapd-dstet]$ ldapsearch -h $HOST -p $PORT -D "cn=directory manager" -w Secret123 -b "uid=user,ou=people,dc=example,dc=com" -LLL No such object (32) Matched DN: ou=people,dc=example,dc=com Actual results: Manager entry is created even though creating linked attribute in entry uid=user failed (uid=user does not exist).
Moving to RHEL 7.1. This plug-in isn't used by IPA, so we don't need to address this until RHEL 7.1 since 389-ds-base is only supported for use by IPA in RHEL 7.0.
Upstream ticket: https://fedorahosted.org/389/ticket/47640
Note: changing the behaviour is okay. We need to doc it in the rel-notes.
Fixed upstream
INFO:ticket47640_test:Testcase PASSED PASSED ========================================== 2 passed in 44.65 seconds =========================================== wrote pytestdebug information to /export/ds/dirsrvtests/tickets/pytestdebug.log [root@dhcp201-167 tickets]# rpm -qa | grep 389 389-ds-base-devel-1.3.4.0-14.el7.x86_64 389-ds-base-libs-1.3.4.0-14.el7.x86_64 389-ds-base-debuginfo-1.3.4.0-14.el7.x86_64 389-ds-base-1.3.4.0-14.el7.x86_64 Hence marking as VERIFIED.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-2351.html