Bug 1202062 - Non tombstone entry which dn starting with "nsuniqueid=...," cannot be deleted
Summary: Non tombstone entry which dn starting with "nsuniqueid=...," cannot be deleted
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: 389-ds-base
Version: 6.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Noriko Hosoi
QA Contact: Viktor Ashirov
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-03-14 22:22 UTC by Noriko Hosoi
Modified: 2016-11-02 01:04 UTC (History)
7 users (show)

Fixed In Version: 389-ds-base-1.2.11.15-53.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-07-22 06:37:02 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:1326 normal SHIPPED_LIVE 389-ds-base bug fix and enhancement update 2015-07-20 17:53:07 UTC

Description Noriko Hosoi 2015-03-14 22:22:10 UTC
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/389/ticket/48133

Comment 1 Noriko Hosoi 2015-03-14 22:23:57 UTC
Unfortunately, without rebuilding the server with the code change, there is no easy way to verify.

https://fedorahosted.org/389/ticket/48133#comment:1

Dev would verify this bug.

Comment 6 Amita Sharma 2015-06-18 09:54:36 UTC
Thanks Noriko and Rich for steps.

0) [root@dhcp201-138 export]# rpm -qa | grep 389
389-ds-base-1.2.11.15-60.el6.x86_64
389-ds-base-debuginfo-1.2.11.15-60.el6.x86_64
389-admin-1.1.41-1.el6dsrv.x86_64
389-admin-console-doc-1.1.10-2.el6dsrv.noarch
389-console-1.1.8-1.el6dsrv.noarch
389-adminutil-1.1.22-1.el6dsrv.x86_64
389-admin-console-1.1.10-2.el6dsrv.noarch
389-dsgw-1.1.11-1.el6.x86_64
389-ds-1.2.2-1.el6.noarch
389-ds-base-libs-1.2.11.15-60.el6.x86_64
389-ds-console-1.2.12-1.el6dsrv.noarch
389-ds-base-devel-1.2.11.15-60.el6.x86_64
389-ds-console-doc-1.2.12-1.el6dsrv.noarch

1) set up 2 servers with MMR between them

2) disable the replication agreements

[root@dhcp201-138 export]# ldapmodify -x -h localhost -p 389 -D "cn=Directory Manager" -w Secret123  << EOF
dn: cn=mmr,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
changetype: modify
replace: nsds5replicaenabled
nsds5replicaenabled: off
EOF
modifying entry "cn=mmr,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config"

[root@dhcp201-138 export]# ldapmodify -x -h localhost -p 3892 -D "cn=Directory Manager" -w Secret123  << EOF
> dn: cn=mmr,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
> changetype: modify
> replace: nsds5replicaenabled
> nsds5replicaenabled: off
> EOF
modifying entry "cn=mmr,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config"

[root@dhcp201-138 export]# service dirsrv restart
Shutting down dirsrv: 
    dhcp201-138...                                         [  OK  ]
    dhcp201-1382...                                        [  OK  ]
Starting dirsrv: 
    dhcp201-138...                                         [  OK  ]
    dhcp201-1382...                                        [  OK  ]
================================================================================

3) add an entry with the same DN to both servers

[root@dhcp201-138 export]# ldapmodify -x -h localhost -p 389 -D "cn=Directory Manager" -w Secret123 << EOF
> dn: uid=amita,ou=people,dc=example,dc=com
> changetype: add
> objectClass: top
> objectClass: person
> objectClass: inetorgperson
> sn: sharma
> cn: amita
> userPassword: redhat
> EOF
adding new entry "uid=amita,ou=people,dc=example,dc=com"

[root@dhcp201-138 export]# ldapmodify -x -h localhost -p 3892 -D "cn=Directory Manager" -w Secret123 << EOF
> dn: uid=amita,ou=people,dc=example,dc=com
> changetype: add
> objectClass: top
> objectClass: person
> objectClass: inetorgperson
> sn: sharma
> cn: amita
> userPassword: redhat
> EOF
adding new entry "uid=amita,ou=people,dc=example,dc=com"

================================================================================
4) enable replication

[root@dhcp201-138 export]# ldapmodify -x -h localhost -p 389 -D "cn=Directory Manager" -w Secret123  << EOF
> dn: cn=mmr,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
> changetype: modify
> replace: nsds5replicaenabled
> nsds5replicaenabled: on
> EOF
modifying entry "cn=mmr,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config"

[root@dhcp201-138 export]# ldapmodify -x -h localhost -p 3892 -D "cn=Directory Manager" -w Secret123  << EOF
> dn: cn=mmr,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
> changetype: modify
> replace: nsds5replicaenabled
> nsds5replicaenabled: on
> EOF
modifying entry "cn=mmr,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config"

server restarted
================================================================================

You will then see a "nsuniqueid=...+..." entry on both servers, as soon as replication happens, which should be instantaneous - PASSED as below ::

[root@dhcp201-138 export]# ldapsearch -x -h localhost -p 3892 -D "cn=Directory Manager" -w Secret123 -b "ou=people,dc=example,dc=com"

# 7ca67281-159d11e5-a8d5ef8c-37b4b5c0 + amita, People, example.com
dn: nsuniqueid=7ca67281-159d11e5-a8d5ef8c-37b4b5c0+uid=amita,ou=People,dc=exam
 ple,dc=com
objectClass: top
objectClass: person
objectClass: inetorgperson
objectClass: organizationalPerson
sn: sharma
cn: amita
uid: amita
userPassword:: e1NTSEF9UVRyOU5LaXh3YzZUN0Nad0YwUHNvUStqUVpYcHNneGlPVUZrVUE9PQ=
 =

# amita, People, example.com
dn: uid=amita,ou=People,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: inetorgperson
objectClass: organizationalPerson
sn: sharma
cn: amita
uid: amita
userPassword:: e1NTSEF9NmdWcDJxd1BDa001SFVHalFWaUxCVVVVSjBXWXY5VFFqbnBNRWc9PQ=
 =

[root@dhcp201-138 export]# ldapsearch -x -h localhost -p 389 -D "cn=Directory Manager" -w Secret123 -b "ou=people,dc=example,dc=com"

# amita, People, example.com
dn: uid=amita,ou=People,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: inetorgperson
objectClass: organizationalPerson
sn: sharma
cn: amita
uid: amita
userPassword:: e1NTSEF9NmdWcDJxd1BDa001SFVHalFWaUxCVVVVSjBXWXY5VFFqbnBNRWc9PQ=
 =

# 7ca67281-159d11e5-a8d5ef8c-37b4b5c0 + amita, People, example.com
dn: nsuniqueid=7ca67281-159d11e5-a8d5ef8c-37b4b5c0+uid=amita,ou=People,dc=exam
 ple,dc=com
objectClass: top
objectClass: person
objectClass: inetorgperson
objectClass: organizationalPerson
sn: sharma
cn: amita
uid: amita
userPassword:: e1NTSEF9UVRyOU5LaXh3YzZUN0Nad0YwUHNvUStqUVpYcHNneGlPVUZrVUE9PQ=
 =

Hence marking as VERIFIED.

Comment 7 Rich Megginson 2015-06-18 13:19:54 UTC
Were you able to successfully delete the entry

dn: nsuniqueid=7ca67281-159d11e5-a8d5ef8c-37b4b5c0+uid=amita,ou=People,dc=example,dc=com

On both servers?

ldapdelete -x -D "cn=directory manager" -w "password" "nsuniqueid=7ca67281-159d11e5-a8d5ef8c-37b4b5c0+uid=amita,ou=People,dc=example,dc=com"

Comment 8 Amita Sharma 2015-06-18 13:33:20 UTC
(In reply to Rich Megginson from comment #7)
> Were you able to successfully delete the entry
> 
> dn:
> nsuniqueid=7ca67281-159d11e5-a8d5ef8c-37b4b5c0+uid=amita,ou=People,
> dc=example,dc=com
> 
> On both servers?
> 
> ldapdelete -x -D "cn=directory manager" -w "password"
> "nsuniqueid=7ca67281-159d11e5-a8d5ef8c-37b4b5c0+uid=amita,ou=People,
> dc=example,dc=com"

yes... This is after deletion ::
[root@dhcp201-138 export]# ldapsearch -x -h localhost -p 389 -D "cn=Directory Manager" -w Secret123 -b "ou=people,dc=example,dc=com"
# extended LDIF
#
# LDAPv3
# base <ou=people,dc=example,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# People, example.com
dn: ou=People,dc=example,dc=com
ou: People
objectClass: top
objectClass: organizationalunit

# amita, People, example.com
dn: uid=amita,ou=People,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: inetorgperson
objectClass: organizationalPerson
sn: sharma
cn: amita
uid: amita
userPassword:: e1NTSEF9NmdWcDJxd1BDa001SFVHalFWaUxCVVVVSjBXWXY5VFFqbnBNRWc9PQ=
 =

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2
[root@dhcp201-138 export]# ldapsearch -x -h localhost -p 3892 -D "cn=Directory Manager" -w Secret123 -b "ou=people,dc=example,dc=com"
# extended LDIF
#
# LDAPv3
# base <ou=people,dc=example,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# People, example.com
dn: ou=People,dc=example,dc=com
objectClass: top
objectClass: organizationalunit
ou: People

# amita, People, example.com
dn: uid=amita,ou=People,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: inetorgperson
objectClass: organizationalPerson
sn: sharma
cn: amita
uid: amita
userPassword:: e1NTSEF9NmdWcDJxd1BDa001SFVHalFWaUxCVVVVSjBXWXY5VFFqbnBNRWc9PQ=
 =

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2

Comment 9 errata-xmlrpc 2015-07-22 06:37:02 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-1326.html


Note You need to log in before you can comment on or make changes to this bug.