Hide Forgot
This bug is created as a clone of upstream ticket: https://fedorahosted.org/389/ticket/47810 Some betxn plugins did not return error codes(they always return success). This was because before there were betxn plugins, their returns codes did not affect the if the operation was accepted or aborted. Now those errors do matter, and we need to make sure all the plugins are behaving correctly.
https://fedorahosted.org/389/ticket/47853 was created in addition to 47810
Verification Steps [1] Install DS using "dc=example,dc=com" [2] Configure the memberOf plugin # ldapmodify ... dn: cn=MemberOf Plugin,cn=plugins,cn=config changetype: modify replace: nsslapd-pluginEnabled nsslapd-pluginEnabled: on - add: memberofgroupattr memberofgroupattr: uniquemember [3] Restart the server [4] Add a group # ldapmodify ... dn: cn=group,dc=example,dc=com changetype: add objectClass: top objectClass: groupofuniquenames cn: group [5] Add a user, and add it to group # ldapmodify ... dn: uid=user,dc=example,dc=com changetype: add uid: user givenName: user objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson sn: user cn: user --> Note this user entry does not have the "inetuser" objectclass that allows the "memberOf" attribute [6] Add the user to the group, which should fail (err=65) because the memberOf plugin will not be able to update the user entry with the memberOf attribute: # ldapmodify... dn: cn=group,dc=example,dc=com changetype: modify add: uniquemember uniquemember: uid=user,dc=example,dc=com modifying entry "cn=group,dc=example,dc=com" ldap_modify: Object class violation (65) [7] Done!
[root@dhcp201-126 ~]# ldapmodify -p 389 -h localhost -D "cn=Directory Manager" -w Secret123 << EOF> dn: cn=MemberOf Plugin,cn=plugins,cn=config > changetype: modify > replace: nsslapd-pluginEnabled > nsslapd-pluginEnabled: on > - > add: memberofgroupattr > memberofgroupattr: uniquemember > EOF modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config" [root@dhcp201-126 ~]# /usr/lib64/dirsrv/slapd-dhcp201-126/stop-slapd [root@dhcp201-126 ~]# /usr/lib64/dirsrv/slapd-dhcp201-126/start-slapd [root@dhcp201-126 ~]# ldapmodify -p 389 -h localhost -D "cn=Directory Manager" -w Secret123 << EOF > dn: cn=group,dc=example,dc=com > changetype: add > objectClass: top > objectClass: groupofuniquenames > cn: group > EOF adding new entry "cn=group,dc=example,dc=com" [root@dhcp201-126 ~]# [root@dhcp201-126 ~]# ldapmodify -p 389 -h localhost -D "cn=Directory Manager" -w Secret123 << EOF > dn: uid=user,dc=example,dc=com > changetype: add > uid: user > givenName: user > objectClass: top > objectClass: person > objectClass: organizationalPerson > objectClass: inetorgperson > sn: user > cn: user > EOF adding new entry "uid=user,dc=example,dc=com" [root@dhcp201-126 ~]# [root@dhcp201-126 ~]# ldapmodify -p 389 -h localhost -D "cn=Directory Manager" -w Secret123 << EOF > dn: cn=group,dc=example,dc=com > changetype: modify > add: uniquemember > uniquemember: uid=user,dc=example,dc=com > EOF modifying entry "cn=group,dc=example,dc=com" ldap_modify: Object class violation (65) Hence VERIFIED.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-0416.html