Hide Forgot
This bug is created as a clone of upstream ticket: https://fedorahosted.org/389/ticket/47815 Steps to reproduce: [1] Enable memberOf plugin (default settings) [2] Enable automember plugin [3] Enable retro changelog plugin [4] Add automember config entry: dn: cn=group cfg,cn=Auto Membership Plugin,cn=plugins,cn=config objectClass: autoMemberDefinition objectClass: top autoMemberScope: dc=example,dc=com autoMemberFilter: cn=user autoMemberDefaultGroup: cn=group,dc=example,dc=com autoMemberGroupingAttr: member:dn cn: group cfg [5] Restart the server [6] Add automember group: dn: cn=group,dc=example,dc=com objectclass: top objectclass: groupOfNames cn: group [7] Add a user that will trigger the automember plugin dn: cn=user,dc=example,dc=com objectclass: person objectclass: top cn: user sn: user [8] This add should be rejected with an error 53 (unwilling to perform), as the user does not have the inetuser objectclass that allows "memberOf" [9] Attempt to add the same user entry again, but this time an error 68 (entry already exists) is returned. It is finding the entry in dn2entry_ext(). Stepping through ldbm_back_add() shows the entry is removed from the entry cache, but yet it is still found in the dn cache.
[1] Enable memberOf plugin (default settings) [2] Enable automember plugin [3] Enable retro changelog plugin dn: cn=MemberOf Plugin,cn=plugins,cn=config objectClass: top objectClass: nsSlapdPlugin objectClass: extensibleObject cn: MemberOf Plugin nsslapd-pluginPath: libmemberof-plugin nsslapd-pluginInitfunc: memberof_postop_init nsslapd-pluginType: betxnpostoperation nsslapd-pluginEnabled: on dn: cn=Auto Membership Plugin,cn=plugins,cn=config objectClass: top objectClass: nsSlapdPlugin objectClass: extensibleObject cn: Auto Membership Plugin nsslapd-pluginPath: libautomember-plugin nsslapd-pluginInitfunc: automember_init nsslapd-pluginType: betxnpreoperation nsslapd-pluginEnabled: on dn: cn=Retro Changelog Plugin,cn=plugins,cn=config objectClass: top objectClass: nsSlapdPlugin objectClass: extensibleObject cn: Retro Changelog Plugin nsslapd-pluginPath: libretrocl-plugin nsslapd-pluginInitfunc: retrocl_plugin_init nsslapd-pluginType: object nsslapd-pluginbetxn: on nsslapd-pluginEnabled: on [root@dhcp201-126 pwpolicy]# ldapmodify -a -D "cn=directory manager" -w Secret123 -p 389 -h localhost << EOF > dn: cn=group cfg,cn=Auto Membership Plugin,cn=plugins,cn=config > objectClass: autoMemberDefinition > objectClass: top > autoMemberScope: dc=example,dc=com > autoMemberFilter: cn=user > autoMemberDefaultGroup: cn=group,dc=example,dc=com > autoMemberGroupingAttr: member:dn > cn: group cfg > EOF adding new entry "cn=group cfg,cn=Auto Membership Plugin,cn=plugins,cn=config" [root@dhcp201-126 pwpolicy]# /usr/lib64/dirsrv/slapd-dhcp201-126/restart-slapd [root@dhcp201-126 pwpolicy]# ldapmodify -a -D "cn=directory manager" -w Secret123 -p 389 -h localhost << EOF > dn: cn=group,dc=example,dc=com > objectclass: top > objectclass: groupOfNames > cn: group > EOF adding new entry "cn=group,dc=example,dc=com" [root@dhcp201-126 pwpolicy]# ldapmodify -a -D "cn=directory manager" -w Secret123 -p 389 -h localhost << EOF > dn: cn=user,dc=example,dc=com > objectclass: person > objectclass: top > cn: user > sn: user > EOF adding new entry "cn=user,dc=example,dc=com" ldap_add: Server is unwilling to perform (53) additional info: Automember Plugin update unexpectedly failed. [root@dhcp201-126 pwpolicy]# ldapmodify -a -D "cn=directory manager" -w Secret123 -p 389 -h localhost << EOF dn: cn=user,dc=example,dc=com objectclass: person objectclass: top cn: user sn: user EOF adding new entry "cn=user,dc=example,dc=com" ldap_add: Server is unwilling to perform (53) additional info: Automember Plugin update unexpectedly failed. [root@dhcp201-126 pwpolicy]# ldapmodify -a -D "cn=directory manager" -w Secret123 -p 389 -h localhost << EOF dn: cn=user,dc=example,dc=com objectclass: person objectclass: top cn: user sn: user EOF adding new entry "cn=user,dc=example,dc=com" ldap_add: Server is unwilling to perform (53) additional info: Automember Plugin update unexpectedly failed. Getting consistent error message, which is expected, Hence VERIFIED.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-0416.html
The test case is automated in https://pagure.io/389-ds-base/blob/master/f/dirsrvtests/tests/tickets/ticket47815_test.py