Bug 1118055 - Add operations rejected by betxn plugins remain in cache
Summary: Add operations rejected by betxn plugins remain in cache
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: 389-ds-base
Version: 7.0
Hardware: Unspecified
OS: Unspecified
low
unspecified
Target Milestone: rc
: ---
Assignee: Noriko Hosoi
QA Contact: Viktor Ashirov
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-07-09 22:24 UTC by Noriko Hosoi
Modified: 2017-09-18 09:38 UTC (History)
4 users (show)

Fixed In Version: 389-ds-base-1.3.3.1-1.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-03-05 09:36:02 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:0416 normal SHIPPED_LIVE Important: 389-ds-base security, bug fix, and enhancement update 2015-03-05 14:26:33 UTC

Description Noriko Hosoi 2014-07-09 22:24:47 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/389/ticket/47815

Steps to reproduce:

[1]  Enable memberOf plugin (default settings)
[2]  Enable automember plugin
[3]  Enable retro changelog plugin
[4]  Add automember config entry:

dn: cn=group cfg,cn=Auto Membership Plugin,cn=plugins,cn=config
objectClass: autoMemberDefinition
objectClass: top
autoMemberScope: dc=example,dc=com
autoMemberFilter: cn=user
autoMemberDefaultGroup: cn=group,dc=example,dc=com
autoMemberGroupingAttr: member:dn
cn: group cfg

[5] Restart the server
[6] Add automember group:

dn: cn=group,dc=example,dc=com
objectclass: top
objectclass: groupOfNames
cn: group

[7]  Add a user that will trigger the automember plugin

dn: cn=user,dc=example,dc=com
objectclass: person
objectclass: top
cn: user
sn: user

[8]  This add should be rejected with an error 53 (unwilling to perform), as the user does not have the inetuser objectclass that allows "memberOf"

[9]  Attempt to add the same user entry again, but this time an error 68 (entry already exists) is returned.

It is finding the entry in dn2entry_ext().  Stepping through ldbm_back_add() shows the entry is removed from the entry cache, but yet it is still found in the dn cache.
Comment 2 Amita Sharma 2014-12-26 12:51:15 UTC 
[1]  Enable memberOf plugin (default settings)
[2]  Enable automember plugin
[3]  Enable retro changelog plugin

dn: cn=MemberOf Plugin,cn=plugins,cn=config
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
cn: MemberOf Plugin
nsslapd-pluginPath: libmemberof-plugin
nsslapd-pluginInitfunc: memberof_postop_init
nsslapd-pluginType: betxnpostoperation
nsslapd-pluginEnabled: on

dn: cn=Auto Membership Plugin,cn=plugins,cn=config
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
cn: Auto Membership Plugin
nsslapd-pluginPath: libautomember-plugin
nsslapd-pluginInitfunc: automember_init
nsslapd-pluginType: betxnpreoperation
nsslapd-pluginEnabled: on


dn: cn=Retro Changelog Plugin,cn=plugins,cn=config
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
cn: Retro Changelog Plugin
nsslapd-pluginPath: libretrocl-plugin
nsslapd-pluginInitfunc: retrocl_plugin_init
nsslapd-pluginType: object
nsslapd-pluginbetxn: on
nsslapd-pluginEnabled: on

[root@dhcp201-126 pwpolicy]# ldapmodify -a -D "cn=directory manager" -w Secret123 -p 389 -h localhost << EOF
> dn: cn=group cfg,cn=Auto Membership Plugin,cn=plugins,cn=config
> objectClass: autoMemberDefinition
> objectClass: top
> autoMemberScope: dc=example,dc=com
> autoMemberFilter: cn=user
> autoMemberDefaultGroup: cn=group,dc=example,dc=com
> autoMemberGroupingAttr: member:dn
> cn: group cfg
> EOF
adding new entry "cn=group cfg,cn=Auto Membership Plugin,cn=plugins,cn=config"

[root@dhcp201-126 pwpolicy]# /usr/lib64/dirsrv/slapd-dhcp201-126/restart-slapd 
[root@dhcp201-126 pwpolicy]# ldapmodify -a -D "cn=directory manager" -w Secret123 -p 389 -h localhost << EOF
> dn: cn=group,dc=example,dc=com
> objectclass: top
> objectclass: groupOfNames
> cn: group
> EOF
adding new entry "cn=group,dc=example,dc=com"

[root@dhcp201-126 pwpolicy]# ldapmodify -a -D "cn=directory manager" -w Secret123 -p 389 -h localhost << EOF
> dn: cn=user,dc=example,dc=com
> objectclass: person
> objectclass: top
> cn: user
> sn: user
> EOF
adding new entry "cn=user,dc=example,dc=com"
ldap_add: Server is unwilling to perform (53)
	additional info: Automember Plugin update unexpectedly failed.


[root@dhcp201-126 pwpolicy]# ldapmodify -a -D "cn=directory manager" -w Secret123 -p 389 -h localhost << EOF
dn: cn=user,dc=example,dc=com
objectclass: person
objectclass: top
cn: user
sn: user
EOF
adding new entry "cn=user,dc=example,dc=com"
ldap_add: Server is unwilling to perform (53)
	additional info: Automember Plugin update unexpectedly failed.


[root@dhcp201-126 pwpolicy]# ldapmodify -a -D "cn=directory manager" -w Secret123 -p 389 -h localhost << EOF
dn: cn=user,dc=example,dc=com
objectclass: person
objectclass: top
cn: user
sn: user
EOF
adding new entry "cn=user,dc=example,dc=com"
ldap_add: Server is unwilling to perform (53)
	additional info: Automember Plugin update unexpectedly failed.


Getting consistent error message, which is expected, Hence VERIFIED.
Comment 4 errata-xmlrpc 2015-03-05 09:36:02 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0416.html
Comment 5 Simon Pichugin 2017-09-18 09:38:34 UTC 
The test case is automated in https://pagure.io/389-ds-base/blob/master/f/dirsrvtests/tests/tickets/ticket47815_test.py
Note You need to log in before you can comment on or make changes to this bug.