Bug 1266532 - Linked Attributes plug-in - won't update links after MODRDN operation
Linked Attributes plug-in - won't update links after MODRDN operation
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: 389-ds-base (Show other bugs)
7.2
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Noriko Hosoi
Viktor Ashirov
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-09-25 10:17 EDT by Simon Pichugin
Modified: 2016-11-03 16:36 EDT (History)
2 users (show)

See Also:
Fixed In Version: 389-ds-base-1.3.5.2-1.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-11-03 16:36:09 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Simon Pichugin 2015-09-25 10:17:15 EDT
Description of problem:
If a MODRDN operation is made to an entry that has a managed type present, the links pointing to the renamed entry will not be updated to use the new DN.

Version-Release number:
389-ds-base-1.3.4.0-18.el7.x86_64

How reproducible:
Always

Steps to Reproduce:
1) Enable Linked Attributes plug-in;
ldapmodify -h localhost -p 389 -D "cn=Directory manager" -w Secret123
cn=Linked Attributes,cn=plugins,cn=config
changetype: modify
replace: nsslapd-pluginEnabled
nsslapd-pluginEnabled: on

2) Create the plug-in instance;
ldapmodify -h localhost -p 389 -D "cn=Directory manager" -w Secret123
dn: cn=Manager Link,cn=Linked Attributes,cn=plugins,cn=config
changetype: add
objectClass: top
objectClass: extensibleObject
cn: Manager Link
linkType: directReport
managedType: manager

3) Add two entries;
ldapmodify -h localhost -p 389 -D "cn=Directory manager" -w Secret123
dn: uid=employee1,ou=People,dc=example,dc=com
changetype: add
objectClass: extensibleobject
objectClass: inetorgperson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: Employee 1
sn: Employee 1
uid: employee1

dn: uid=manager1,ou=People,dc=example,dc=com
changetype: add
objectClass: extensibleobject
objectClass: inetorgperson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: manager 1
sn: manager 1
uid: manager1

4) Execute link operation;
ldapmodify -h localhost -p 389 -D "cn=Directory manager" -w Secret123
dn: uid=manager1,ou=People,dc=example,dc=com
changetype: modify
add: directreport
directreport: uid=employee1,ou=People,dc=example,dc=com

5) Execute MODRDN operation on the uid=employee1,ou=People,dc=example,dc=com.
ldapmodify -h localhost -p 389 -D "cn=Directory manager" -w Secret123
dn: uid=employee1,ou=People,dc=example,dc=com
changetype: modrdn
newrdn: uid=employee2
deleteoldrdn: 1


Actual results:
ldapsearch -h localhost -p 389 -D "cn=Directory manager" -w Secret123 -b ou=people,dc=example,dc=com
# employee2, People, example.com
dn: uid=employee2,ou=People,dc=example,dc=com
objectClass: extensibleobject
objectClass: inetorgperson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: Employee 3
sn: Employee 3
manager: uid=manager1,ou=people,dc=example,dc=com
uid: employee2

# manager1, People, example.com
dn: uid=manager1,ou=People,dc=example,dc=com
objectClass: extensibleobject
objectClass: inetorgperson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: manager 1
sn: manager 1
directreport: uid=employee1,ou=People,dc=example,dc=com
uid: manager1


Expected results:
ldapsearch -h localhost -p 389 -D "cn=Directory manager" -w Secret123 -b ou=people,dc=example,dc=com
# employee2, People, example.com
dn: uid=employee2,ou=People,dc=example,dc=com
objectClass: extensibleobject
objectClass: inetorgperson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: Employee 3
sn: Employee 3
manager: uid=manager1,ou=people,dc=example,dc=com
uid: employee2

# manager1, People, example.com
dn: uid=manager1,ou=People,dc=example,dc=com
objectClass: extensibleobject
objectClass: inetorgperson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: manager 1
sn: manager 1
directreport: uid=employee2,ou=People,dc=example,dc=com
uid: manager1


Additional info:
If we try to repair it with fixup-linkedattrs.pl or "cn=fixup linked attributes task", then "manager" attribute will be deleted from the uid=employee2,ou=People,dc=example,dc=com. And "directreport" will stay the same in the uid=manager1,ou=People,dc=example,dc=com.

Also it will be impossible to delete "directreport" after that.
ldapmodify -h localhost -p 389 -D "cn=Directory manager" -w Secret123
dn: uid=manager1,ou=People,dc=example,dc=com
changetype: modify
delete: directreport

modifying entry "uid=manager1,ou=People,dc=example,dc=com"
ldap_modify: Server is unwilling to perform (53)
        additional info: Linked Attrs Plugin: Failed to update link to target entry (uid=employee1,ou=People,dc=example,dc=com) error 32
Comment 2 Noriko Hosoi 2015-09-25 12:02:11 EDT
Since this is not a "blocker", let me defer to 7.3.
Comment 3 Noriko Hosoi 2015-09-25 12:46:17 EDT
Upstream ticket:
https://fedorahosted.org/389/ticket/48294
Comment 4 Mike McCune 2016-03-28 19:12:48 EDT
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune@redhat.com with any questions
Comment 6 Simon Pichugin 2016-07-12 12:20:18 EDT
Build tested:
389-ds-base-1.3.5.10-3.el7.x86_64

========================== test session starts ==========================
platform linux2 -- Python 2.7.5, pytest-2.9.2, py-1.4.31, pluggy-0.3.1 -- /usr/bin/python
cachedir: dirsrvtests/tests/tickets/.cache
rootdir: /mnt/tests/rhds/tests/upstream/ds/dirsrvtests/tests/tickets, inifile:
plugins: html-1.9.0, cov-2.3.0
collected 1 items

dirsrvtests/tests/tickets/ticket48294_test.py::test_ticket48294 PASSED

======================= 1 passed in 23.30 seconds =======================
Comment 7 Simon Pichugin 2016-07-13 03:31:33 EDT
Tests were added to https://git.fedorahosted.org/git/389/ds.git repo:
- dirsrvtests/tests/tickets/ticket48294_test.py
Comment 9 errata-xmlrpc 2016-11-03 16:36:09 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2594.html

Note You need to log in before you can comment on or make changes to this bug.