Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1405257

Summary: Setting nsDS5ReplicatedAttributeList nsDS5ReplicatedAttributeListTotal on replication agreements does not work
Product: Red Hat Enterprise Linux 7 Reporter: Brian J. Atkisson <batkisso>
Component: 389-ds-baseAssignee: Noriko Hosoi <nhosoi>
Status: CLOSED ERRATA QA Contact: Viktor Ashirov <vashirov>
Severity: high Docs Contact:
Priority: unspecified    
Version: 7.0CC: mreynolds, nhosoi, nkinder, rmeggins, sramling, tbordaz
Target Milestone: pre-dev-freeze   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 389-ds-base-1.3.6.1-3.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-01 21:12:24 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
lib389 reproducible test case
none
Patch for 1405257 none

Description Brian J. Atkisson 2016-12-16 00:18:44 UTC 
Description of problem:
Per the docs (https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10.1/html/Administration_Guide/managing-fractional-repl.html#fractional-repl-total):

If both nsDS5ReplicatedAttributeList and nsDS5ReplicatedAttributeListTotal are set, then nsDS5ReplicatedAttributeList only applies to incremental updates. 

I have the following set on two masters when using the memberOf plugin:

nsDS5ReplicatedAttributeListTotal: (objectclass=*)
nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberOf

Per the docs, I would expect:

- memberOf to be replicated to a new master on a full init
- memberOf to be excluded from that point forward and memberOf to be managed by each master separately

However, in this configuration, memberOf does not get replicated on a full init, nor on future updates.  This results in having to run fixup-memberof.pl immediately after performing a reinit.
Comment 1 Noriko Hosoi 2016-12-16 00:46:48 UTC 
Hi Brian,

I assume you are observing the problem on 389-ds-base-1.3.5 on rhel-7.3.  

Is this the version you are running?
389-ds-base-1.3.5.10-12.el7_3.bz1391700.x86_64

And is this a regression?

Thanks!
--noriko
Comment 2 Brian J. Atkisson 2016-12-16 02:27:48 UTC 
This is 389-ds-base-1.3.5.10-12.el7_3.bz1391700.x86_64

I do not know if this is a regression, it is the first time I'm trying to use this feature.

Thanks!
Comment 4 thierry bordaz 2016-12-19 17:35:44 UTC 
I can reproduce the described behavior with the attached lib389 test case.

The problem resides in agmt_get_fractional_attrs_total. If frac_attrs_total contains no attributes, then it is empty. It assumes that empty frac_attr_total is a consequence of 'nsDS5ReplicatedAttributeListTotal' being not defined. So it takes nsDS5ReplicatedAttributeList as an alternative value.

It should follow something like

nsDS5ReplicatedAttributeListTotal undefined -> use nsDS5ReplicatedAttributeList
nsDS5ReplicatedAttributeListTotal defined -> use nsDS5ReplicatedAttributeListTotal even if it is empty
Comment 5 thierry bordaz 2016-12-19 17:36:40 UTC 
Created attachment 1233451 [details]
lib389 reproducible test case
Comment 6 thierry bordaz 2016-12-19 17:39:33 UTC 
A workaround is to define at least an attribute nsDS5ReplicatedAttributeListTotal. It could be an attribute that you do not use in any entry.
Comment 7 thierry bordaz 2016-12-20 11:03:35 UTC 
The workaround can use any string as excluded attribute. When parsing this configration attriubte the schema is not enforced. So the workaround could be

nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ dummy_value
Comment 8 thierry bordaz 2016-12-20 11:11:15 UTC 
Created attachment 1233783 [details]
Patch for 1405257
Comment 9 thierry bordaz 2017-01-20 15:58:48 UTC 
Upstream ticket pushed https://fedorahosted.org/389/ticket/49073
Comment 11 Sankar Ramalingam 2017-05-16 07:28:59 UTC 
[0 root@qeos-38 tickets]# py.test -s -v ticket49073_test.py 
========================================== test session starts ==========================================
platform linux2 -- Python 2.7.5, pytest-3.0.7, py-1.4.33, pluggy-0.4.0 -- /usr/bin/python
cachedir: .cache
metadata: {'Python': '2.7.5', 'Platform': 'Linux-3.10.0-663.el7.x86_64-x86_64-with-redhat-7.4-Maipo', 'Packages': {'py': '1.4.33', 'pytest': '3.0.7', 'pluggy': '0.4.0'}, 'Plugins': {'beakerlib': '0.7.1', 'html': '1.14.2', 'cov': '2.5.1', 'metadata': '1.5.0'}}
DS build: 1.3.6.1
389-ds-base: 1.3.6.1-13.el7
nss: 3.28.4-8.el7
nspr: 4.13.1-1.0.el7_3
openldap: 2.4.44-4.el7
svrcore: 4.1.3-2.el7

INFO:lib389:Starting total init cn=meTo_localhost:39002,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
('Update succeeded: status ', '0 Total update succeeded')
INFO:lib389.topologies:Replication is working.
INFO:dirsrvtests.tests.tickets.ticket49073_test:update cn=meTo_localhost:39002,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config to add nsDS5ReplicatedAttributeListTotal
INFO:dirsrvtests.tests.tickets.ticket49073_test:create users and group...
INFO:dirsrvtests.tests.tickets.ticket49073_test:Adding members to the group...
INFO:lib389:Starting total init cn=meTo_localhost:39002,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
('Update succeeded: status ', '0 Total update succeeded')
PASSEDInstance slapd-master_1 removed.
Instance slapd-master_2 removed.
=============== 1 passed in 39.37 seconds ================

Marking it as Verified since the upstream tests ticket49073_test.py is passing.
Comment 12 errata-xmlrpc 2017-08-01 21:12:24 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2086