Bug 1266532 - Linked Attributes plug-in - won't update links after MODRDN operation
Summary: Linked Attributes plug-in - won't update links after MODRDN operation
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: 389-ds-base
Version: 7.2
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Noriko Hosoi
QA Contact: Viktor Ashirov
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-09-25 14:17 UTC by Simon Pichugin
Modified: 2016-11-03 20:36 UTC (History)
2 users (show)

Fixed In Version: 389-ds-base-1.3.5.2-1.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-11-03 20:36:09 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:2594 normal SHIPPED_LIVE Moderate: 389-ds-base security, bug fix, and enhancement update 2016-11-03 12:11:08 UTC

Description Simon Pichugin 2015-09-25 14:17:15 UTC
Description of problem:
If a MODRDN operation is made to an entry that has a managed type present, the links pointing to the renamed entry will not be updated to use the new DN.

Version-Release number:
389-ds-base-1.3.4.0-18.el7.x86_64

How reproducible:
Always

Steps to Reproduce:
1) Enable Linked Attributes plug-in;
ldapmodify -h localhost -p 389 -D "cn=Directory manager" -w Secret123
cn=Linked Attributes,cn=plugins,cn=config
changetype: modify
replace: nsslapd-pluginEnabled
nsslapd-pluginEnabled: on

2) Create the plug-in instance;
ldapmodify -h localhost -p 389 -D "cn=Directory manager" -w Secret123
dn: cn=Manager Link,cn=Linked Attributes,cn=plugins,cn=config
changetype: add
objectClass: top
objectClass: extensibleObject
cn: Manager Link
linkType: directReport
managedType: manager

3) Add two entries;
ldapmodify -h localhost -p 389 -D "cn=Directory manager" -w Secret123
dn: uid=employee1,ou=People,dc=example,dc=com
changetype: add
objectClass: extensibleobject
objectClass: inetorgperson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: Employee 1
sn: Employee 1
uid: employee1

dn: uid=manager1,ou=People,dc=example,dc=com
changetype: add
objectClass: extensibleobject
objectClass: inetorgperson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: manager 1
sn: manager 1
uid: manager1

4) Execute link operation;
ldapmodify -h localhost -p 389 -D "cn=Directory manager" -w Secret123
dn: uid=manager1,ou=People,dc=example,dc=com
changetype: modify
add: directreport
directreport: uid=employee1,ou=People,dc=example,dc=com

5) Execute MODRDN operation on the uid=employee1,ou=People,dc=example,dc=com.
ldapmodify -h localhost -p 389 -D "cn=Directory manager" -w Secret123
dn: uid=employee1,ou=People,dc=example,dc=com
changetype: modrdn
newrdn: uid=employee2
deleteoldrdn: 1


Actual results:
ldapsearch -h localhost -p 389 -D "cn=Directory manager" -w Secret123 -b ou=people,dc=example,dc=com
# employee2, People, example.com
dn: uid=employee2,ou=People,dc=example,dc=com
objectClass: extensibleobject
objectClass: inetorgperson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: Employee 3
sn: Employee 3
manager: uid=manager1,ou=people,dc=example,dc=com
uid: employee2

# manager1, People, example.com
dn: uid=manager1,ou=People,dc=example,dc=com
objectClass: extensibleobject
objectClass: inetorgperson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: manager 1
sn: manager 1
directreport: uid=employee1,ou=People,dc=example,dc=com
uid: manager1


Expected results:
ldapsearch -h localhost -p 389 -D "cn=Directory manager" -w Secret123 -b ou=people,dc=example,dc=com
# employee2, People, example.com
dn: uid=employee2,ou=People,dc=example,dc=com
objectClass: extensibleobject
objectClass: inetorgperson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: Employee 3
sn: Employee 3
manager: uid=manager1,ou=people,dc=example,dc=com
uid: employee2

# manager1, People, example.com
dn: uid=manager1,ou=People,dc=example,dc=com
objectClass: extensibleobject
objectClass: inetorgperson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: manager 1
sn: manager 1
directreport: uid=employee2,ou=People,dc=example,dc=com
uid: manager1


Additional info:
If we try to repair it with fixup-linkedattrs.pl or "cn=fixup linked attributes task", then "manager" attribute will be deleted from the uid=employee2,ou=People,dc=example,dc=com. And "directreport" will stay the same in the uid=manager1,ou=People,dc=example,dc=com.

Also it will be impossible to delete "directreport" after that.
ldapmodify -h localhost -p 389 -D "cn=Directory manager" -w Secret123
dn: uid=manager1,ou=People,dc=example,dc=com
changetype: modify
delete: directreport

modifying entry "uid=manager1,ou=People,dc=example,dc=com"
ldap_modify: Server is unwilling to perform (53)
        additional info: Linked Attrs Plugin: Failed to update link to target entry (uid=employee1,ou=People,dc=example,dc=com) error 32

Comment 2 Noriko Hosoi 2015-09-25 16:02:11 UTC
Since this is not a "blocker", let me defer to 7.3.

Comment 3 Noriko Hosoi 2015-09-25 16:46:17 UTC
Upstream ticket:
https://fedorahosted.org/389/ticket/48294

Comment 4 Mike McCune 2016-03-28 23:12:48 UTC
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune@redhat.com with any questions

Comment 6 Simon Pichugin 2016-07-12 16:20:18 UTC
Build tested:
389-ds-base-1.3.5.10-3.el7.x86_64

========================== test session starts ==========================
platform linux2 -- Python 2.7.5, pytest-2.9.2, py-1.4.31, pluggy-0.3.1 -- /usr/bin/python
cachedir: dirsrvtests/tests/tickets/.cache
rootdir: /mnt/tests/rhds/tests/upstream/ds/dirsrvtests/tests/tickets, inifile:
plugins: html-1.9.0, cov-2.3.0
collected 1 items

dirsrvtests/tests/tickets/ticket48294_test.py::test_ticket48294 PASSED

======================= 1 passed in 23.30 seconds =======================

Comment 7 Simon Pichugin 2016-07-13 07:31:33 UTC
Tests were added to https://git.fedorahosted.org/git/389/ds.git repo:
- dirsrvtests/tests/tickets/ticket48294_test.py

Comment 9 errata-xmlrpc 2016-11-03 20:36:09 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2594.html


Note You need to log in before you can comment on or make changes to this bug.