1062763 – single valued attribute replicated ADD does not work

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1062763 - single valued attribute replicated ADD does not work

Summary: single valued attribute replicated ADD does not work

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	389-ds-base
Sub Component:
Version:	6.5
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Rich Megginson
QA Contact:	Sankar Ramalingam
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1063990 1108909
TreeView+	depends on / blocked

Reported:	2014-02-07 22:59 UTC by Rich Megginson
Modified:	2020-09-13 20:56 UTC (History)
CC List:	8 users (show)
Fixed In Version:	389-ds-base-1.2.11.15-39.el6
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	1063990 1108909 (view as bug list)
Environment:
Last Closed:	2014-10-14 07:53:01 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	389ds 389-ds-base issues 1028	0	None	closed	single valued attribute replicated ADD does not work	2020-09-24 14:45:26 UTC
Red Hat Product Errata	RHBA-2014:1385	0	normal	SHIPPED_LIVE	389-ds-base bug fix and enhancement update	2014-10-14 01:27:42 UTC

Description Rich Megginson 2014-02-07 22:59:57 UTC

This bug is created as a clone of upstream ticket:
https://fedorahosted.org/389/ticket/47692

Consider the case where you have a single valued attribute that is loaded in from a db2ldif -r file that looks like this:
{{{
dn: some entry
...
svattr;adcsn-XXXX;vdcsn-XXXX;deletedattribute;deleted:
}}}
Note - there is nothing after the ":" above, just a new line.

Load this in on both a master and a replica.  Next, do an ADD operation to svattr on the master - it will work fine.  However, the ADD operation will not be replicated to the replica.

Comment 1 Rich Megginson 2014-02-11 21:52:35 UTC

Hot fix is now available:
http://download.devel.redhat.com/brewroot/packages/389-ds-base/1.2.11.15/31.3.7p.el6_5/

Comment 6 Ludwig 2014-07-07 12:54:47 UTC

no, you need to import a manipulated ldif file on both masters,
setup replication and do some modifications aón a single valued attribute eg employeenumber 
get a basic ldif file by db2ldif -r

edit one entry to have
svattr;adcsn-XXXX;vdcsn-XXXX;deletedattribute;deleted:

NOTE: svattr is just the placeholder forthe type of the single valued attr, eg employeenumber
XXXX is just a placeholder for a valid CSN, you will find some in your export ldif file

Comment 7 Rich Megginson 2014-07-07 14:14:51 UTC

Don't use ldapadd.  You'll have to have an LDIF file created by using db2ldif -r.  Then add an entry with the deleted attribute, then use ldif2db to load it.

Comment 8 Amita Sharma 2014-07-08 07:37:26 UTC

0. MMR setup
[root@dhcp201-155 ~]# ps -aef | grep slapd
svrbld    1508     1  0 Jul07 ?        00:00:23 ./ns-slapd -D /etc/dirsrv/slapd-dhcp201-155 -i /var/run/dirsrv/slapd-dhcp201-155.pid -w /var/run/dirsrv/slapd-dhcp201-155.startpid
svrbld    5542     1  0 Jul07 ?        00:00:25 ./ns-slapd -D /etc/dirsrv/slapd-M1 -i /var/run/dirsrv/slapd-M1.pid -w /var/run/dirsrv/slapd-M1.startpid
svrbld    6023     1  0 Jul07 ?        00:00:25 ./ns-slapd -D /etc/dirsrv/slapd-M2 -i /var/run/dirsrv/slapd-M2.pid -w /var/run/dirsrv/slapd-M2.startpid
svrbld    6506     1  0 Jul07 ?        00:00:24 ./ns-slapd -D /etc/dirsrv/slapd-M3 -i /var/run/dirsrv/slapd-M3.pid -w /var/run/dirsrv/slapd-M3.startpid
svrbld    6987     1  0 Jul07 ?        00:00:28 ./ns-slapd -D /etc/dirsrv/slapd-M4 -i /var/run/dirsrv/slapd-M4.pid -w /var/run/dirsrv/slapd-M4.startpid
root     21464 21405  0 02:26 pts/0    00:00:00 grep slapd

[root@dhcp201-155 ~]# netstat -nlp | grep slapd
tcp        0      0 :::35920                    :::*                        LISTEN      1508/./ns-slapd     
tcp        0      0 :::30100                    :::*                        LISTEN      5542/./ns-slapd     
tcp        0      0 :::30101                    :::*                        LISTEN      5542/./ns-slapd     
tcp        0      0 :::30102                    :::*                        LISTEN      6023/./ns-slapd     
tcp        0      0 :::30103                    :::*                        LISTEN      6023/./ns-slapd     
tcp        0      0 :::30104                    :::*                        LISTEN      6506/./ns-slapd     
tcp        0      0 :::30105                    :::*                        LISTEN      6506/./ns-slapd     
tcp        0      0 :::30106                    :::*                        LISTEN      6987/./ns-slapd     
tcp        0      0 :::30107                    :::*                        LISTEN      6987/./ns-slapd    

1. ldapadd having employeenumber(svattr)
ldapadd -x -h localhost -p 30100 -D "cn=Directory Manager" -w Secret123  << EOF
dn: uid=sghai,ou=people,dc=example,dc=com
cn: sghai
sn: sgahi
givenname: sghai
employeeNumber: 117
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
uid: sghai
mail: sghai
userpassword: Secret123
EOF

2. do some modifications and then db2ldif -r
ldapmodify -a -h localhost -p 30100 -D "cn=directory manager" -w Secret123 << EOF
dn: uid=sghai,ou=people,dc=example,dc=com
changetype: modify
replace: employeeNumber
employeeNumber: 117117
EOF

[root@dhcp201-155 ~]# service dirsrv stop
Shutting down dirsrv: 
    dhcp201-155...                                         [  OK  ]
    M1...                                                  [  OK  ]
    M2...                                                  [  OK  ]
    M3...                                                  [  OK  ]
    M4...                                                  [  OK  ]
[root@dhcp201-155 ~]# /usr/lib64/dirsrv/slapd-M1/db2ldif -r -s "dc=example,dc=com"
Exported ldif file: /var/lib/dirsrv/slapd-M1/ldif/M1-example-2014_07_08_024107.ldif
[08/Jul/2014:02:41:07 -0400] - Backend Instance(s): 
[08/Jul/2014:02:41:07 -0400] - 	userRoot
ldiffile: /var/lib/dirsrv/slapd-M1/ldif/M1-example-2014_07_08_024107.ldif
[08/Jul/2014:02:41:08 -0400] - export userRoot: Processed 163 entries (100%).
[08/Jul/2014:02:41:08 -0400] - Waiting for 4 database threads to stop
[08/Jul/2014:02:41:08 -0400] - All database threads now stopped


3. edit ldif to have svattr;adcsn-XXXX;vdcsn-XXXX;deletedattribute;deleted:
# entry-id: 163
dn: uid=amita,ou=People,dc=example,dc=com
modifyTimestamp;adcsn-53bb9121000000010000;vucsn-53bb9121000000010000: 2014070
 8063511Z
modifiersName;adcsn-53bb9121000000010000;vucsn-53bb9121000000010000: cn=direct
 ory manager

REPLACED
========
employeeNumber;adcsn-53bb9121000000010000;vucsn-53bb9121000000010000: 117117
WITH
======
employeeNumber;adcsn-53bb982f000000010000;deletedattribute;deleted:

cn;vucsn-53bb905e000000010000: amita
sn;vucsn-53bb905e000000010000: amita
givenName;vucsn-53bb905e000000010000: amita
objectClass;vucsn-53bb905e000000010000: top
objectClass;vucsn-53bb905e000000010000: person
objectClass;vucsn-53bb905e000000010000: organizationalPerson
objectClass;vucsn-53bb905e000000010000: inetOrgPerson
uid;vucsn-53bb905e000000010000;mdcsn-53bb905e000000010000: amita
mail;vucsn-53bb905e000000010000: amita
userPassword;vucsn-53bb905e000000010000: {SSHA}WIy6RNZHrw0oXRHWFzuznotRhGFZt+J
 QGFVkFQ==
creatorsName;vucsn-53bb905e000000010000: cn=directory manager
createTimestamp;vucsn-53bb905e000000010000: 20140708063156Z
nsUniqueId: 87584801-066911e4-99b5e021-e73f64cf

4. then import using ldif2db
[root@dhcp201-155 ~]# /usr/lib64/dirsrv/slapd-M1/ldif2db -s "dc=example,dc=com" -i "/var/lib/dirsrv/slapd-M1/ldif/M1-example-2014_07_08_024107.ldif"
importing data ...
[08/Jul/2014:02:46:35 -0400] - Backend Instance: userRoot
[08/Jul/2014:02:46:36 -0400] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database
[08/Jul/2014:02:46:36 -0400] - check_and_set_import_cache: pagesize: 4096, pages: 255092, procpages: 52144
[08/Jul/2014:02:46:36 -0400] - WARNING: After allocating import cache 408144KB, the available memory is 612224KB, which is less than the soft limit 1048576KB. You may want to decrease the import cache size and rerun import.
[08/Jul/2014:02:46:36 -0400] - Import allocates 408144KB import cache.
[08/Jul/2014:02:46:36 -0400] - import userRoot: Beginning import job...
[08/Jul/2014:02:46:36 -0400] - import userRoot: Index buffering enabled with bucket size 100
[08/Jul/2014:02:46:36 -0400] - import userRoot: Processing file "/var/lib/dirsrv/slapd-M1/ldif/M1-example-2014_07_08_024107.ldif"
[08/Jul/2014:02:46:36 -0400] - import userRoot: Finished scanning file "/var/lib/dirsrv/slapd-M1/ldif/M1-example-2014_07_08_024107.ldif" (163 entries)
[08/Jul/2014:02:46:37 -0400] - import userRoot: Workers finished; cleaning up...
[08/Jul/2014:02:46:37 -0400] - import userRoot: Workers cleaned up.
[08/Jul/2014:02:46:37 -0400] - import userRoot: Cleaning up producer thread...
[08/Jul/2014:02:46:37 -0400] - import userRoot: Indexing complete.  Post-processing...
[08/Jul/2014:02:46:37 -0400] - import userRoot: Generating numSubordinates complete.
[08/Jul/2014:02:46:37 -0400] - import userRoot: Flushing caches...
[08/Jul/2014:02:46:37 -0400] - import userRoot: Closing files...
[08/Jul/2014:02:46:37 -0400] - All database threads now stopped
[08/Jul/2014:02:46:37 -0400] - import userRoot: Import complete.  Processed 163 entries in 1 seconds. (163.00 entries/sec)

5. [root@dhcp201-155 ~]# service dirsrv start
Starting dirsrv: 
    dhcp201-155...                                         [  OK  ]
    M1...                                                  [  OK  ]
    M2...                                                  [  OK  ]
    M3...                                                  [  OK  ]
    M4...                                                  [  OK  ]

6. ldapsearch M1
# sghai, People, example.com
dn: uid=sghai,ou=People,dc=example,dc=com
cn: sghai
sn: sgahi
givenName: sghai
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: sghai
mail: sghai
userPassword:: e1NTSEF9Zlk4MTVkNk56OE91dUMrdjgxMlVZcXVOaHdUTG1yMUpSZldDb3c9PQ=
 =

# search result
search: 2
result: 0 Success

7. ldapsearch M2
# sghai, People, example.com
dn: uid=sghai,ou=People,dc=example,dc=com
employeeNumber: 117117
cn: sghai
sn: sgahi
givenName: sghai
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: sghai
mail: sghai
userPassword:: e1NTSEF9Zlk4MTVkNk56OE91dUMrdjgxMlVZcXVOaHdUTG1yMUpSZldDb3c9PQ=

8. ldapmodify -a -h localhost -p 30100 -D "cn=directory manager" -w Secret123 << EOF
dn: uid=sghai,ou=people,dc=example,dc=com
changetype: modify
add: employeeNumber
employeeNumber: 117117
EOF

Search on both masters M1 and M2 returns accurate results
============================================================
# sghai, People, example.com
dn: uid=sghai,ou=People,dc=example,dc=com
employeeNumber: 117117
cn: sghai
sn: sgahi
givenName: sghai
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: sghai
mail: sghai
userPassword:: e1NTSEF9Zlk4MTVkNk56OE91dUMrdjgxMlVZcXVOaHdUTG1yMUpSZldDb3c9PQ

# sghai, People, example.com
dn: uid=sghai,ou=People,dc=example,dc=com
employeeNumber: 117117
cn: sghai
sn: sgahi
givenName: sghai
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: sghai
mail: sghai
userPassword:: e1NTSEF9Zlk4MTVkNk56OE91dUMrdjgxMlVZcXVOaHdUTG1yMUpSZldDb3c9PQ=

HENCE VERIFIED.

Comment 9 Ludwig 2014-07-08 08:08:14 UTC

you need to reimport the manipulated ldif on BOTH masters before adding a new value and you should also keep the vdcsn. Your replace should look like:

REPLACED
========
employeeNumber;adcsn-53bb9121000000010000;vucsn-53bb9121000000010000: 117117
WITH
======
employeeNumber;adcsn-53bb9121000000010000;vucsn-53bb9121000000010000;deletedattribute;deleted:

Comment 10 Amita Sharma 2014-07-08 10:39:41 UTC

Hey Ludwig,

Thanks for your comment, It does not work with this method.
I want to understand one thing here.
Why we need to reimport manipulated ldif on BOTH masters when they are in sync via replication?
[root@dhcp201-155 export]# rpm -qa | grep 389
389-ds-base-1.2.11.15-38.el6.x86_64
389-ds-base-debuginfo-1.2.11.15-36.el6.x86_64
389-adminutil-1.1.17-1.el6.x86_64
389-ds-base-libs-1.2.11.15-38.el6.x86_64


Here I follow you::
After modifying ::
===============
# entry-id: 162
dn: uid=sghai,ou=People,dc=example,dc=com
modifyTimestamp;adcsn-53bbc254000000010000;vucsn-53bbc254000000010000: 2014070
 8100507Z
modifiersName;adcsn-53bbc254000000010000;vucsn-53bbc254000000010000: cn=direct
 ory manager
employeeNumber;adcsn-53bbc254000000010000;vucsn-53bbc254000000010000;deletedattribute;deleted:
cn;vucsn-53bbc24b000000010000: sghai
sn;vucsn-53bbc24b000000010000: sgahi
givenName;vucsn-53bbc24b000000010000: sghai
objectClass;vucsn-53bbc24b000000010000: top
objectClass;vucsn-53bbc24b000000010000: person
objectClass;vucsn-53bbc24b000000010000: organizationalPerson
objectClass;vucsn-53bbc24b000000010000: inetOrgPerson
uid;vucsn-53bbc24b000000010000;mdcsn-53bbc24b000000010000: sghai
mail;vucsn-53bbc24b000000010000: sghai
userPassword;vucsn-53bbc24b000000010000: {SSHA}+N+PJugarEASBZxedcvlCT85Kt+ootr
 WIxRREQ==
creatorsName;vucsn-53bbc24b000000010000: cn=directory manager
createTimestamp;vucsn-53bbc24b000000010000: 20140708100459Z
nsUniqueId: 3b1c0081-068711e4-b947a0de-71e47b6f

reimported to both masters::
=============================
[root@dhcp201-155 export]# /usr/lib64/dirsrv/slapd-M1/ldif2db -s "dc=example,dc=com" -i "/var/lib/dirsrv/slapd-M1/ldif/M1-example-2014_07_08_060527.ldif"
importing data ...
[08/Jul/2014:06:07:32 -0400] - Backend Instance: userRoot
[08/Jul/2014:06:07:32 -0400] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database
[08/Jul/2014:06:07:32 -0400] - check_and_set_import_cache: pagesize: 4096, pages: 255092, procpages: 52145
[08/Jul/2014:06:07:32 -0400] - WARNING: After allocating import cache 408144KB, the available memory is 612224KB, which is less than the soft limit 1048576KB. You may want to decrease the import cache size and rerun import.
[08/Jul/2014:06:07:32 -0400] - Import allocates 408144KB import cache.
[08/Jul/2014:06:07:32 -0400] - import userRoot: Beginning import job...
[08/Jul/2014:06:07:32 -0400] - import userRoot: Index buffering enabled with bucket size 100
[08/Jul/2014:06:07:32 -0400] - import userRoot: Processing file "/var/lib/dirsrv/slapd-M1/ldif/M1-example-2014_07_08_060527.ldif"
[08/Jul/2014:06:07:32 -0400] - import userRoot: Finished scanning file "/var/lib/dirsrv/slapd-M1/ldif/M1-example-2014_07_08_060527.ldif" (162 entries)
[08/Jul/2014:06:07:33 -0400] - import userRoot: Workers finished; cleaning up...
[08/Jul/2014:06:07:33 -0400] - import userRoot: Workers cleaned up.
[08/Jul/2014:06:07:33 -0400] - import userRoot: Cleaning up producer thread...
[08/Jul/2014:06:07:33 -0400] - import userRoot: Indexing complete.  Post-processing...
[08/Jul/2014:06:07:34 -0400] - import userRoot: Generating numSubordinates complete.
[08/Jul/2014:06:07:34 -0400] - import userRoot: Flushing caches...
[08/Jul/2014:06:07:34 -0400] - import userRoot: Closing files...
[08/Jul/2014:06:07:34 -0400] - All database threads now stopped
[08/Jul/2014:06:07:34 -0400] - import userRoot: Import complete.  Processed 162 entries in 2 seconds. (81.00 entries/sec)

[root@dhcp201-155 export]# /usr/lib64/dirsrv/slapd-M2/ldif2db -s "dc=example,dc=com" -i "/var/lib/dirsrv/slapd-M1/ldif/M1-example-2014_07_08_060527.ldif"
importing data ...
[08/Jul/2014:06:07:53 -0400] - Backend Instance: userRoot
[08/Jul/2014:06:07:53 -0400] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database
[08/Jul/2014:06:07:53 -0400] - check_and_set_import_cache: pagesize: 4096, pages: 255092, procpages: 52143
[08/Jul/2014:06:07:53 -0400] - WARNING: After allocating import cache 408144KB, the available memory is 612224KB, which is less than the soft limit 1048576KB. You may want to decrease the import cache size and rerun import.
[08/Jul/2014:06:07:53 -0400] - Import allocates 408144KB import cache.
[08/Jul/2014:06:07:53 -0400] - import userRoot: Beginning import job...
[08/Jul/2014:06:07:53 -0400] - import userRoot: Index buffering enabled with bucket size 100
[08/Jul/2014:06:07:53 -0400] - import userRoot: Processing file "/var/lib/dirsrv/slapd-M1/ldif/M1-example-2014_07_08_060527.ldif"
[08/Jul/2014:06:07:53 -0400] - import userRoot: Finished scanning file "/var/lib/dirsrv/slapd-M1/ldif/M1-example-2014_07_08_060527.ldif" (162 entries)
[08/Jul/2014:06:07:54 -0400] - import userRoot: Workers finished; cleaning up...
[08/Jul/2014:06:07:54 -0400] - import userRoot: Workers cleaned up.
[08/Jul/2014:06:07:54 -0400] - import userRoot: Cleaning up producer thread...
[08/Jul/2014:06:07:54 -0400] - import userRoot: Indexing complete.  Post-processing...
[08/Jul/2014:06:07:54 -0400] - import userRoot: Generating numSubordinates complete.
[08/Jul/2014:06:07:54 -0400] - import userRoot: Flushing caches...
[08/Jul/2014:06:07:54 -0400] - import userRoot: Closing files...
[08/Jul/2014:06:07:55 -0400] - All database threads now stopped
[08/Jul/2014:06:07:55 -0400] - import userRoot: Import complete.  Processed 162 entries in 2 seconds. (81.00 entries/sec)

[root@dhcp201-155 export]# service dirsrv start
Starting dirsrv: 
    dhcp201-155...                                         [  OK  ]
    M1...                                                  [  OK  ]
    M2...                                                  [  OK  ]
    M3...                                                  [  OK  ]
    M4...                                                  [  OK  ]

search on M1
================
# sghai, People, example.com
dn: uid=sghai,ou=People,dc=example,dc=com
cn: sghai
sn: sgahi
givenName: sghai
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: sghai
mail: sghai
userPassword:: e1NTSEF9K04rUEp1Z2FyRUFTQlp4ZWRjdmxDVDg1S3Qrb290cldJeFJSRVE9PQ=
 =

search on M2
================
# sghai, People, example.com
dn: uid=sghai,ou=People,dc=example,dc=com
cn: sghai
sn: sgahi
givenName: sghai
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: sghai
mail: sghai
userPassword:: e1NTSEF9K04rUEp1Z2FyRUFTQlp4ZWRjdmxDVDg1S3Qrb290cldJeFJSRVE9PQ=


[root@dhcp201-155 export]# ldapmodify -a -h localhost -p 30100 -D "cn=directory manager" -w Secret123 << EOF
> dn: uid=sghai,ou=people,dc=example,dc=com
> changetype: modify
> add: employeeNumber
> employeeNumber: 117117
> EOF
modifying entry "uid=sghai,ou=people,dc=example,dc=com"

search on M1
================
# sghai, People, example.com
dn: uid=sghai,ou=People,dc=example,dc=com
employeeNumber: 117117
cn: sghai
sn: sgahi
givenName: sghai
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: sghai
mail: sghai
userPassword:: e1NTSEF9K04rUEp1Z2FyRUFTQlp4ZWRjdmxDVDg1S3Qrb290cldJeFJSRVE9PQ=
 =


search on M2
===============
# sghai, People, example.com
dn: uid=sghai,ou=People,dc=example,dc=com
employeeNumber:
cn: sghai
sn: sgahi
givenName: sghai
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: sghai
mail: sghai
userPassword:: e1NTSEF9K04rUEp1Z2FyRUFTQlp4ZWRjdmxDVDg1S3Qrb290cldJeFJSRVE9PQ=
 =

Please let me know in case you need more info.
I am moving bug to on qa.

Comment 11 Ludwig 2014-07-08 10:48:54 UTC

if you manipulate an ldif and import it on only one server they no longer have the same data. So you need to import it on all servers.

The method of manipulating the ldif is necessary as this use case cannot be triggered in RHDS alone. It shows up if an ldif was imported from another Directory server like SunDS

Comment 13 Ludwig 2014-07-08 11:23:11 UTC

Your steps look good now, we need to check the fix again.
Which version of DS were you testing ?

Comment 14 Amita Sharma 2014-07-08 11:30:04 UTC

its is mentioned in https://bugzilla.redhat.com/show_bug.cgi?id=1062763#c10

[root@dhcp201-155 export]# rpm -qa | grep 389
389-ds-base-1.2.11.15-38.el6.x86_64
389-ds-base-libs-1.2.11.15-38.el6.x86_64

https://errata.devel.redhat.com/advisory/18069/builds

Moving back to dev.

Thanks Ludwig

Comment 15 Rich Megginson 2014-07-08 13:59:56 UTC

(In reply to Ludwig from comment #9)
> you need to reimport the manipulated ldif on BOTH masters before adding a
> new value and you should also keep the vdcsn. Your replace should look like:
> 
> REPLACED
> ========
> employeeNumber;adcsn-53bb9121000000010000;vucsn-53bb9121000000010000: 117117
> WITH
> ======
> employeeNumber;adcsn-53bb9121000000010000;vucsn-53bb9121000000010000;
> deletedattribute;deleted:

you need to use vdcsn, not vucsn, above.  See the original comment: https://bugzilla.redhat.com/show_bug.cgi?id=1062763#c0

Comment 18 Amita Sharma 2014-07-09 13:06:08 UTC

Hi Rich,

After importing with this ldif to both masters, M1 and M2::
# entry-id: 162
dn: uid=sghai,ou=People,dc=example,dc=com
modifyTimestamp;adcsn-53bd3639000400010000;vucsn-53bd3639000400010000: 2014070
 9123152Z
modifiersName;adcsn-53bd3639000400010000;vucsn-53bd3639000400010000: cn=direct
 ory manager
employeeNumber;adcsn-53bd3639000400010000;vdcsn-53bd3639000400010000: 117117
cn;vucsn-53bd3634000000010000: sghai
sn;vucsn-53bd3634000000010000: sgahi
givenName;vucsn-53bd3634000000010000: sghai
objectClass;vucsn-53bd3634000000010000: top
objectClass;vucsn-53bd3634000000010000: person
objectClass;vucsn-53bd3634000000010000: organizationalPerson
objectClass;vucsn-53bd3634000000010000: inetOrgPerson
uid;vucsn-53bd3634000000010000;mdcsn-53bd3634000000010000: sghai
mail;vucsn-53bd3634000000010000: sghai
userPassword;vucsn-53bd3634000000010000: {SSHA}YUnRpJelKBVsVWKUFonSs1rlGwiUVrA
 8rXkj/w==
creatorsName;vucsn-53bd3634000000010000: cn=directory manager
createTimestamp;vucsn-53bd3634000000010000: 20140709123148Z
nsUniqueId: eea6f281-076411e4-af01bf62-fa96966c

They give me search results as::
# sghai, People, example.com
dn: uid=sghai,ou=People,dc=example,dc=com
employeeNumber: 117117
cn: sghai
sn: sgahi
givenName: sghai
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: sghai
mail: sghai
userPassword:: e1NTSEF9WVVuUnBKZWxLQlZzVldLVUZvblNzMXJsR3dpVVZyQThyWGtqL3c9PQ=

So the employeeNumber: does not get deleted. No add operation required?
Is it what is expected?

Comment 19 Ludwig 2014-07-09 13:21:45 UTC

your import file should contain a record like this, as Rich said:

employeeNumber;adcsn-53bb9121000000010000;vdcsn-53bb9121000000010000;
deletedattribute;deleted: 

vDcsn and deletedattribute;deleted:

Comment 20 Amita Sharma 2014-07-09 13:42:10 UTC

Not working for me::
Ldif..
# entry-id: 162
dn: uid=sghai,ou=People,dc=example,dc=com
modifyTimestamp;adcsn-53bd3639000400010000;vucsn-53bd3639000400010000: 2014070
 9123152Z
modifiersName;adcsn-53bd3639000400010000;vucsn-53bd3639000400010000: cn=direct
 ory manager
employeeNumber;adcsn-53bd3639000400010000;vdcsn-53bd3639000400010000;deletedattribute;deleted:
cn;vucsn-53bd3634000000010000: sghai
sn;vucsn-53bd3634000000010000: sgahi
givenName;vucsn-53bd3634000000010000: sghai
objectClass;vucsn-53bd3634000000010000: top
objectClass;vucsn-53bd3634000000010000: person
objectClass;vucsn-53bd3634000000010000: organizationalPerson
objectClass;vucsn-53bd3634000000010000: inetOrgPerson
uid;vucsn-53bd3634000000010000;mdcsn-53bd3634000000010000: sghai
mail;vucsn-53bd3634000000010000: sghai
userPassword;vucsn-53bd3634000000010000: {SSHA}YUnRpJelKBVsVWKUFonSs1rlGwiUVrA
 8rXkj/w==
creatorsName;vucsn-53bd3634000000010000: cn=directory manager
createTimestamp;vucsn-53bd3634000000010000: 20140709123148Z
nsUniqueId: eea6f281-076411e4-af01bf62-fa96966c

[root@dhcp201-155 ~]# ldapmodify -a -h localhost -p 30100 -D "cn=directory manager" -w Secret123 << EOF
dn: uid=sghai,ou=people,dc=example,dc=com
changetype: modify
add: employeeNumber
employeeNumber: 117117
EOF

 ldapsearch -x -h localhost -p 30100 -D "cn=Directory Manager" -w Secret123 -b "ou=people,dc=example,dc=com"
# sghai, People, example.com
dn: uid=sghai,ou=People,dc=example,dc=com
employeeNumber: 117117
cn: sghai
sn: sgahi
givenName: sghai
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: sghai
mail: sghai
userPassword:: e1NTSEF9WVVuUnBKZWxLQlZzVldLVUZvblNzMXJsR3dpVVZyQThyWGtqL3c9PQ=

 ldapsearch -x -h localhost -p 30102 -D "cn=Directory Manager" -w Secret123 -b "ou=people,dc=example,dc=com"
# sghai, People, example.com
dn: uid=sghai,ou=People,dc=example,dc=com
cn: sghai
sn: sgahi
givenName: sghai
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: sghai
mail: sghai
userPassword:: e1NTSEF9WVVuUnBKZWxLQlZzVldLVUZvblNzMXJsR3dpVVZyQThyWGtqL3c9PQ=

Comment 21 Rich Megginson 2014-07-09 13:58:35 UTC

Yes, looks like you have reproduced the problem.  You are using 389-ds-base-1.2.11.15-34.el6?

Comment 22 Amita Sharma 2014-07-10 08:39:00 UTC

No, I as I mentioned before https://bugzilla.redhat.com/show_bug.cgi?id=1062763#c14 ::
[root@dhcp201-155 export]# rpm -qa | grep 389
389-ds-base-1.2.11.15-38.el6.x86_64
389-ds-base-libs-1.2.11.15-38.el6.x86_64

It looks like issue is not fixed, I am moving it back to Assigned.
Also, I would like to know is it worth opening separate bug for the case ::
> 3. And also Is it acceptable/expected to get an empty empno. on second
> master when it is coming properly on M1 with the value, even with the vucsn?

Comment 23 Rich Megginson 2014-07-10 21:11:49 UTC

fixed upstream

Comment 25 Amita Sharma 2014-08-13 12:20:50 UTC

[root@dhcp201-155 ~]# rpm -qa | grep 389
389-ds-base-libs-1.2.11.15-39.el6.x86_64
389-admin-debuginfo-1.1.34-1.el6.x86_64
389-ds-base-debuginfo-1.2.11.15-36.el6.x86_64
389-adminutil-1.1.17-1.el6.x86_64
389-adminutil-debuginfo-1.1.17-1.el6.x86_64
389-console-1.1.7-1.el6.noarch
389-ds-base-1.2.11.15-39.el6.x86_64

[root@dhcp201-155 ~]# ps -aef | grep dirsrv
svrbld     967     1  0 07:54 ?        00:00:00 ./ns-slapd -D /etc/dirsrv/slapd-M1 -i /var/run/dirsrv/slapd-M1.pid -w /var/run/dirsrv/slapd-M1.startpid
svrbld    1377     1  0 07:55 ?        00:00:01 ./ns-slapd -D /etc/dirsrv/slapd-M2 -i /var/run/dirsrv/slapd-M2.pid -w /var/run/dirsrv/slapd-M2.startpid
svrbld    1792     1  0 07:56 ?        00:00:01 ./ns-slapd -D /etc/dirsrv/slapd-M3 -i /var/run/dirsrv/slapd-M3.pid -w /var/run/dirsrv/slapd-M3.startpid
svrbld    2201     1  0 07:57 ?        00:00:00 ./ns-slapd -D /etc/dirsrv/slapd-M4 -i /var/run/dirsrv/slapd-M4.pid -w /var/run/dirsrv/slapd-M4.startpid
root      3124 25056  0 08:10 pts/0    00:00:00 grep dirsrv
svrbld   30603     1  0 07:50 ?        00:00:00 ./ns-slapd -D /etc/dirsrv/slapd-dhcp201-155 -i /var/run/dirsrv/slapd-dhcp201-155.pid -w /var/run/dirsrv/slapd-dhcp201-155.startpid
[root@dhcp201-155 ~]# ldapadd -x -h localhost -p 30100 -D "cn=Directory Manager" -w Secret123  << EOF
> dn: uid=sghai,ou=people,dc=example,dc=com
> cn: sghai
> sn: sgahi
> givenname: sghai
> employeeNumber: 117
> objectclass: top
> objectclass: person
> objectclass: organizationalPerson
> objectclass: inetOrgPerson
> uid: sghai
> mail: sghai
> userpassword: Secret123
> EOF
adding new entry "uid=sghai,ou=people,dc=example,dc=com"

[root@dhcp201-155 ~]# ldapmodify -a -h localhost -p 30100 -D "cn=directory manager" -w Secret123 << EOF
> dn: uid=sghai,ou=people,dc=example,dc=com
> changetype: modify
> replace: employeeNumber
> employeeNumber: 117117
> EOF
modifying entry "uid=sghai,ou=people,dc=example,dc=com"

[root@dhcp201-155 ~]#  service dirsrv stop
Shutting down dirsrv: 
    dhcp201-155...                                         [  OK  ]
    M1...                                                  [  OK  ]
    M2...                                                  [  OK  ]
    M3...                                                  [  OK  ]
    M4...                                                  [  OK  ]
[root@dhcp201-155 ~]# /usr/lib64/dirsrv/slapd-M1/db2ldif -r -s "dc=example,dc=com"
Exported ldif file: /var/lib/dirsrv/slapd-M1/ldif/M1-example-2014_08_13_081122.ldif
[13/Aug/2014:08:11:22 -0400] - Backend Instance(s): 
[13/Aug/2014:08:11:22 -0400] - 	userRoot
ldiffile: /var/lib/dirsrv/slapd-M1/ldif/M1-example-2014_08_13_081122.ldif
[13/Aug/2014:08:11:22 -0400] - export userRoot: Processed 162 entries (100%).
[13/Aug/2014:08:11:22 -0400] - Waiting for 4 database threads to stop
[13/Aug/2014:08:11:23 -0400] - All database threads now stopped
[root@dhcp201-155 ~]# vim /var/lib/dirsrv/slapd-M1/ldif/M1-example-2014_08_13_081122.ldif
[root@dhcp201-155 ~]# /usr/lib64/dirsrv/slapd-M1/ldif2db -s "dc=example,dc=com" -i "/var/lib/dirsrv/slapd-M1/ldif/M1-example-2014_08_13_081122.ldif"
importing data ...
[13/Aug/2014:08:15:22 -0400] - Backend Instance: userRoot
[13/Aug/2014:08:15:22 -0400] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database
[13/Aug/2014:08:15:22 -0400] - check_and_set_import_cache: pagesize: 4096, pages: 255090, procpages: 51631
[13/Aug/2014:08:15:22 -0400] - WARNING: After allocating import cache 408144KB, the available memory is 612216KB, which is less than the soft limit 1048576KB. You may want to decrease the import cache size and rerun import.
[13/Aug/2014:08:15:22 -0400] - Import allocates 408144KB import cache.
[13/Aug/2014:08:15:22 -0400] - import userRoot: Beginning import job...
[13/Aug/2014:08:15:22 -0400] - import userRoot: Index buffering enabled with bucket size 100
[13/Aug/2014:08:15:22 -0400] - import userRoot: Processing file "/var/lib/dirsrv/slapd-M1/ldif/M1-example-2014_08_13_081122.ldif"
[13/Aug/2014:08:15:22 -0400] - import userRoot: Finished scanning file "/var/lib/dirsrv/slapd-M1/ldif/M1-example-2014_08_13_081122.ldif" (162 entries)
[13/Aug/2014:08:15:23 -0400] - import userRoot: Workers finished; cleaning up...
[13/Aug/2014:08:15:23 -0400] - import userRoot: Workers cleaned up.
[13/Aug/2014:08:15:23 -0400] - import userRoot: Cleaning up producer thread...
[13/Aug/2014:08:15:23 -0400] - import userRoot: Indexing complete.  Post-processing...
[13/Aug/2014:08:15:23 -0400] - import userRoot: Generating numSubordinates complete.
[13/Aug/2014:08:15:23 -0400] - import userRoot: Flushing caches...
[13/Aug/2014:08:15:23 -0400] - import userRoot: Closing files...
[13/Aug/2014:08:15:23 -0400] - All database threads now stopped
[13/Aug/2014:08:15:23 -0400] - import userRoot: Import complete.  Processed 162 entries in 1 seconds. (162.00 entries/sec)
[root@dhcp201-155 ~]# /usr/lib64/dirsrv/slapd-M2/ldif2db -s "dc=example,dc=com" -i "/var/lib/dirsrv/slapd-M1/ldif/M1-example-2014_08_13_081122.ldif"
importing data ...
[13/Aug/2014:08:15:35 -0400] - Backend Instance: userRoot
[13/Aug/2014:08:15:35 -0400] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database
[13/Aug/2014:08:15:35 -0400] - check_and_set_import_cache: pagesize: 4096, pages: 255090, procpages: 51630
[13/Aug/2014:08:15:35 -0400] - WARNING: After allocating import cache 408144KB, the available memory is 612216KB, which is less than the soft limit 1048576KB. You may want to decrease the import cache size and rerun import.
[13/Aug/2014:08:15:35 -0400] - Import allocates 408144KB import cache.
[13/Aug/2014:08:15:36 -0400] - import userRoot: Beginning import job...
[13/Aug/2014:08:15:36 -0400] - import userRoot: Index buffering enabled with bucket size 100
[13/Aug/2014:08:15:36 -0400] - import userRoot: Processing file "/var/lib/dirsrv/slapd-M1/ldif/M1-example-2014_08_13_081122.ldif"
[13/Aug/2014:08:15:36 -0400] - import userRoot: Finished scanning file "/var/lib/dirsrv/slapd-M1/ldif/M1-example-2014_08_13_081122.ldif" (162 entries)
[13/Aug/2014:08:15:36 -0400] - import userRoot: Workers finished; cleaning up...
[13/Aug/2014:08:15:37 -0400] - import userRoot: Workers cleaned up.
[13/Aug/2014:08:15:37 -0400] - import userRoot: Cleaning up producer thread...
[13/Aug/2014:08:15:37 -0400] - import userRoot: Indexing complete.  Post-processing...
[13/Aug/2014:08:15:37 -0400] - import userRoot: Generating numSubordinates complete.
[13/Aug/2014:08:15:37 -0400] - import userRoot: Flushing caches...
[13/Aug/2014:08:15:37 -0400] - import userRoot: Closing files...
[13/Aug/2014:08:15:37 -0400] - All database threads now stopped
[13/Aug/2014:08:15:37 -0400] - import userRoot: Import complete.  Processed 162 entries in 1 seconds. (162.00 entries/sec)
[root@dhcp201-155 ~]# service dirsrv start
Starting dirsrv: 
    dhcp201-155...                                         [  OK  ]
    M1...                                                  [  OK  ]
    M2...                                                  [  OK  ]
    M3...                                                  [  OK  ]
    M4...                                                  [  OK  ]
[root@dhcp201-155 ~]# 
Search on M1::
===============
# sghai, People, example.com
dn: uid=sghai,ou=People,dc=example,dc=com
cn: sghai
sn: sgahi
givenName: sghai
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: sghai
mail: sghai
userPassword:: e1NTSEF9ZXVLWGV5Z3E1YWVUWlZhSWFwM3ZpaFlqNndteWkxT2Jjdnp1SUE9PQ=

Search on M2::
===============
# sghai, People, example.com
dn: uid=sghai,ou=People,dc=example,dc=com
cn: sghai
sn: sgahi
givenName: sghai
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: sghai
mail: sghai
userPassword:: e1NTSEF9ZXVLWGV5Z3E1YWVUWlZhSWFwM3ZpaFlqNndteWkxT2Jjdnp1SUE9PQ=

 ldapmodify -a -h localhost -p 30100 -D "cn=directory manager" -w Secret123 << EOF
dn: uid=sghai,ou=people,dc=example,dc=com
changetype: modify
add: employeeNumber
employeeNumber: 117117
EOF

M1
==
# sghai, People, example.com
dn: uid=sghai,ou=People,dc=example,dc=com
employeeNumber: 117117
cn: sghai
sn: sgahi
givenName: sghai
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: sghai
mail: sghai
userPassword:: e1NTSEF9ZXVLWGV5Z3E1YWVUWlZhSWFwM3ZpaFlqNndteWkxT2Jjdnp1SUE9PQ=

M2
==
# sghai, People, example.com
dn: uid=sghai,ou=People,dc=example,dc=com
employeeNumber: 117117
cn: sghai
sn: sgahi
givenName: sghai
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: sghai
mail: sghai
userPassword:: e1NTSEF9ZXVLWGV5Z3E1YWVUWlZhSWFwM3ZpaFlqNndteWkxT2Jjdnp1SUE9PQ=

Hence VERIFIED.

Comment 26 errata-xmlrpc 2014-10-14 07:53:01 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1385.html

Note You need to log in before you can comment on or make changes to this bug.