Hide Forgot
Created attachment 1200826 [details] Reproducer written in Python and pytest Description of problem: According to the info provided by Ludwig and the information from the documentation (Administration Guide - 11.12. MANAGING DELETED ENTRIES WITH REPLICATION), it should not be possible to delete a tombstone entry from a client connection. Even binding as Directory Manager. Now it is possible. Version-Release number of selected component (if applicable): 389-ds-base-1.3.5.10-10.el7.x86_64 How reproducible: Always Steps to Reproduce: 1. Install an instance of RHDS 2. Enable USN plugin 3. Restart the server 4. Add a user 5. Delete the user 6. Find out the tombstone entry DN for the user: ldapsearch -D "cn=directory manager" -w Secret123 -b "dc=example,dc=com" "(&(objectClass=nstombstone)(cn=testuser))" 7. Try to delete this entry while binding as Directory Manager Actual results: It shouldn't be possible Expected results: It is possible to delete the tombstone entry Additional info: I've written a Python reproducer. Please, find it in the attachment.
This bug was logged because of unclear communication from DEV to QE. when the patch was implemented to allow the deletion of a tombstone in 7.3 to be compatible to 6.x I said that the behaviour is incorrect, but we should not remove the possibility to directly remove tombstones by external operations. AN admin might want/have to do this. Will close as not a bug