Hide Forgot
This bug is created as a clone of upstream ticket: https://fedorahosted.org/389/ticket/47817 Its possible that backend plugins can set the error text, which frees the existing result text(if any). The problem is that in the backend we grab a pointer to the result text before we call the backend postop plugins. If a plugin sets the result text we will get invalid read errors reported by valgrind.
Verification steps: [1] install DS [2] Enable the memberOf plugin # ldapmodify ... dn: cn=MemberOf Plugin,cn=plugins,cn=config changetype: modify replace: nsslapd-pluginEnabled nsslapd-pluginEnabled: on [3] Restart the server [4] Misconfigure the memberOf plugin, which will reject the update operation and return an error string describing the problem: # ldapmodify ... dn: cn=MemberOf Plugin,cn=plugins,cn=config changetype: modify replace: memberofattr memberofattr: cn modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config" ldap_modify: Server is unwilling to perform (53) additional info: The cn configuration attribute must be set to an attribute defined to use the Distinguished Name syntax. (illegal value: memberOfAttr) [5] Done!
[root@dhcp201-126 ~]# ldapmodify -x -D "cn=directory manager" -w Secret123 -p 389 -h localhost << EOF dn: cn=MemberOf Plugin,cn=plugins,cn=config changetype: modify replace: memberOfAttr > memberOfAttr: cn > EOF modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config" ldap_modify: Server is unwilling to perform (53) additional info: The cn configuration attribute must be set to an attribute defined to use the Distinguished Name syntax. (illegal value: memberOfAttr) Hence marking as VERIFIED.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-0416.html