RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1405257 - Setting nsDS5ReplicatedAttributeList nsDS5ReplicatedAttributeListTotal on replication agreements does not work
Summary: Setting nsDS5ReplicatedAttributeList nsDS5ReplicatedAttributeListTotal on rep...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: 389-ds-base
Version: 7.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: pre-dev-freeze
: ---
Assignee: Noriko Hosoi
QA Contact: Viktor Ashirov
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-12-16 00:18 UTC by Brian J. Atkisson
Modified: 2020-09-13 21:54 UTC (History)
6 users (show)

Fixed In Version: 389-ds-base-1.3.6.1-3.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-08-01 21:12:24 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
lib389 reproducible test case (9.14 KB, text/plain)
2016-12-19 17:36 UTC, thierry bordaz 		no flags Details
Patch for 1405257 (4.23 KB, patch)
2016-12-20 11:11 UTC, thierry bordaz 		no flags Details | Diff
View All


Links
System ID Private Priority Status Summary Last Updated
Github 389ds 389-ds-base issues 2132 0 None None None 2020-09-13 21:54:42 UTC
Red Hat Product Errata RHBA-2017:2086 0 normal SHIPPED_LIVE 389-ds-base bug fix and enhancement update 2017-08-01 18:37:38 UTC

Description Brian J. Atkisson 2016-12-16 00:18:44 UTC 
Description of problem:
Per the docs (https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10.1/html/Administration_Guide/managing-fractional-repl.html#fractional-repl-total):

If both nsDS5ReplicatedAttributeList and nsDS5ReplicatedAttributeListTotal are set, then nsDS5ReplicatedAttributeList only applies to incremental updates. 

I have the following set on two masters when using the memberOf plugin:

nsDS5ReplicatedAttributeListTotal: (objectclass=*)
nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberOf

Per the docs, I would expect:

- memberOf to be replicated to a new master on a full init
- memberOf to be excluded from that point forward and memberOf to be managed by each master separately

However, in this configuration, memberOf does not get replicated on a full init, nor on future updates.  This results in having to run fixup-memberof.pl immediately after performing a reinit.
Comment 1 Noriko Hosoi 2016-12-16 00:46:48 UTC 
Hi Brian,

I assume you are observing the problem on 389-ds-base-1.3.5 on rhel-7.3.  

Is this the version you are running?
389-ds-base-1.3.5.10-12.el7_3.bz1391700.x86_64

And is this a regression?

Thanks!
--noriko
Comment 2 Brian J. Atkisson 2016-12-16 02:27:48 UTC 
This is 389-ds-base-1.3.5.10-12.el7_3.bz1391700.x86_64

I do not know if this is a regression, it is the first time I'm trying to use this feature.

Thanks!
Comment 4 thierry bordaz 2016-12-19 17:35:44 UTC 
I can reproduce the described behavior with the attached lib389 test case.

The problem resides in agmt_get_fractional_attrs_total. If frac_attrs_total contains no attributes, then it is empty. It assumes that empty frac_attr_total is a consequence of 'nsDS5ReplicatedAttributeListTotal' being not defined. So it takes nsDS5ReplicatedAttributeList as an alternative value.

It should follow something like

nsDS5ReplicatedAttributeListTotal undefined -> use nsDS5ReplicatedAttributeList
nsDS5ReplicatedAttributeListTotal defined -> use nsDS5ReplicatedAttributeListTotal even if it is empty
Comment 5 thierry bordaz 2016-12-19 17:36:40 UTC 
Created attachment 1233451 [details]
lib389 reproducible test case
Comment 6 thierry bordaz 2016-12-19 17:39:33 UTC 
A workaround is to define at least an attribute nsDS5ReplicatedAttributeListTotal. It could be an attribute that you do not use in any entry.
Comment 7 thierry bordaz 2016-12-20 11:03:35 UTC 
The workaround can use any string as excluded attribute. When parsing this configration attriubte the schema is not enforced. So the workaround could be

nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ dummy_value
Comment 8 thierry bordaz 2016-12-20 11:11:15 UTC 
Created attachment 1233783 [details]
Patch for 1405257
Comment 9 thierry bordaz 2017-01-20 15:58:48 UTC 
Upstream ticket pushed https://fedorahosted.org/389/ticket/49073
Comment 11 Sankar Ramalingam 2017-05-16 07:28:59 UTC 
[0 root@qeos-38 tickets]# py.test -s -v ticket49073_test.py 
========================================== test session starts ==========================================
platform linux2 -- Python 2.7.5, pytest-3.0.7, py-1.4.33, pluggy-0.4.0 -- /usr/bin/python
cachedir: .cache
metadata: {'Python': '2.7.5', 'Platform': 'Linux-3.10.0-663.el7.x86_64-x86_64-with-redhat-7.4-Maipo', 'Packages': {'py': '1.4.33', 'pytest': '3.0.7', 'pluggy': '0.4.0'}, 'Plugins': {'beakerlib': '0.7.1', 'html': '1.14.2', 'cov': '2.5.1', 'metadata': '1.5.0'}}
DS build: 1.3.6.1
389-ds-base: 1.3.6.1-13.el7
nss: 3.28.4-8.el7
nspr: 4.13.1-1.0.el7_3
openldap: 2.4.44-4.el7
svrcore: 4.1.3-2.el7

INFO:lib389:Starting total init cn=meTo_localhost:39002,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
('Update succeeded: status ', '0 Total update succeeded')
INFO:lib389.topologies:Replication is working.
INFO:dirsrvtests.tests.tickets.ticket49073_test:update cn=meTo_localhost:39002,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config to add nsDS5ReplicatedAttributeListTotal
INFO:dirsrvtests.tests.tickets.ticket49073_test:create users and group...
INFO:dirsrvtests.tests.tickets.ticket49073_test:Adding members to the group...
INFO:lib389:Starting total init cn=meTo_localhost:39002,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
('Update succeeded: status ', '0 Total update succeeded')
PASSEDInstance slapd-master_1 removed.
Instance slapd-master_2 removed.
=============== 1 passed in 39.37 seconds ================

Marking it as Verified since the upstream tests ticket49073_test.py is passing.
Comment 12 errata-xmlrpc 2017-08-01 21:12:24 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2086
Note You need to log in before you can comment on or make changes to this bug.