Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 1435365 - Unable to dereference unqiemember attribute because it is dn [#UID] not dn syntax
Unable to dereference unqiemember attribute because it is dn [#UID] not dn sy...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: 389-ds-base (Show other bugs)
6.10
All Linux
urgent Severity urgent
: rc
: ---
Assigned To: mreynolds
Viktor Ashirov
: ZStream
Depends On: 1430574
Blocks:
  Show dependency treegraph
 
Reported: 2017-03-23 11:47 EDT by Jaroslav Reznik
Modified: 2017-04-11 07:49 EDT (History)
10 users (show)

See Also:
Fixed In Version: 389-ds-base-1.2.11.15-90.el6
Doc Type: Bug Fix
Doc Text:
Previously, the "deref" plug-in failed to dereference attributes that use distinguished name (DN) syntax, such as "uniqueMember". With this patch, the "deref" plug-in can dereference such attributes and additionally "Name and Optional UID" syntax. As a result, the "deref" plug-in now supports any syntax.
Story Points: ---
Clone Of: 1430574
Environment:
Last Closed: 2017-04-11 07:49:37 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:0893 normal SHIPPED_LIVE Important: 389-ds-base security and bug fix update 2017-04-11 11:46:58 EDT

  None (edit)
Description Jaroslav Reznik 2017-03-23 11:47:43 EDT
This bug has been copied from bug #1430574 and has been proposed
to be backported to 6.9 z-stream (EUS).
Comment 4 Amita Sharma 2017-03-27 10:21:28 EDT
[root@qeos-73 yum.repos.d]# rpm -qa | grep 389
389-ds-base-1.2.11.15-90.el6_9.x86_64
389-ds-base-libs-1.2.11.15-90.el6_9.x86_64

Directory Manager DN [cn=Directory Manager]: 
Password: 
Password (confirm): 
Your new DS instance 'qeos-73' was successfully created.
Exiting . . .
Log file is '/tmp/setupauE0Yy.log'

[root@qeos-73 yum.repos.d]# ldapadd -x -h localhost -p 389 -D "cn=Directory Manager" -w Secret123  << EOF
> dn: cn=xxxx,ou=people,dc=example,dc=com
> cn: xxxx
> sn: xx
> givenname: amita
> objectclass: top
> objectclass: person
> objectclass: organizationalPerson
> objectclass: inetOrgPerson
> uid: xxxx
> mail: amita@example.com
> userpassword: Secret123
> EOF
adding new entry "cn=xxxx,ou=people,dc=example,dc=com"

[root@qeos-73 yum.repos.d]# ldapadd -x -h localhost -p 389 -D "cn=Directory Manager" -w Secret123  << EOF
> dn: cn=yyyy,ou=people,dc=example,dc=com
> cn: yyyy
> sn: yy
> givenname: amita
> objectclass: top
> objectclass: person
> objectclass: organizationalPerson
> objectclass: inetOrgPerson
> uid: yyyy
> mail: amita@example.com
> userpassword: Secret123
> EOF
adding new entry "cn=yyyy,ou=people,dc=example,dc=com"

[root@qeos-73 yum.repos.d]# ldapadd -D "cn=Directory Manager" -w Secret123 -h localhost -p 389 << EOF
> dn: cn=Global System Administrators,ou=Groups,dc=example,dc=com
> objectClass: top
> objectClass: groupofuniquenames
> cn: Global System Administrators
> uniquemember: cn=xxxx,ou=people,dc=example,dc=com
> uniquemember: cn=yyyy,ou=people,dc=example,dc=com
> EOF
adding new entry "cn=Global System Administrators,ou=Groups,dc=example,dc=com"

[root@qeos-73 yum.repos.d]# ldapsearch -D "cn=Directory Manager" -w Secret123 -h localhost -E 'deref=uniquemember:cn,objectclass' -b "ou=Groups,dc=example,dc=com" 'cn=Global System Administrators'
# extended LDIF
#
# LDAPv3
# base <ou=Groups,dc=example,dc=com> with scope subtree
# filter: cn=Global System Administrators
# requesting: ALL
# with dereference control
#

# Global System Administrators, Groups, example.com
dn: cn=Global System Administrators,ou=Groups,dc=example,dc=com
control: 1.3.6.1.4.1.4203.666.5.16 false MIQAAAFAMIQAAACaBAx1bmlxdWVtZW1iZXIEI
 2NuPXh4eHgsb3U9cGVvcGxlLGRjPWV4YW1wbGUsZGM9Y29toIQAAABhMIQAAAAQBAJjbjGEAAAABg
 QEeHh4eDCEAAAARQQLb2JqZWN0Y2xhc3MxhAAAADIEA3RvcAQGcGVyc29uBBRvcmdhbml6YXRpb25
 hbFBlcnNvbgQNaW5ldE9yZ1BlcnNvbjCEAAAAmgQMdW5pcXVlbWVtYmVyBCNjbj15eXl5LG91PXBl
 b3BsZSxkYz1leGFtcGxlLGRjPWNvbaCEAAAAYTCEAAAAEAQCY24xhAAAAAYEBHl5eXkwhAAAAEUEC
 29iamVjdGNsYXNzMYQAAAAyBAN0b3AEBnBlcnNvbgQUb3JnYW5pemF0aW9uYWxQZXJzb24EDWluZX
 RPcmdQZXJzb24=
# uniquemember: <cn=xxxx>;<objectclass=top>;<objectclass=person>;<objectclass=o
 rganizationalPerson>;<objectclass=inetOrgPerson>;cn=xxxx,ou=people,dc=example,
 dc=com

# uniquemember: <cn=yyyy>;<objectclass=top>;<objectclass=person>;<objectclass=o
 rganizationalPerson>;<objectclass=inetOrgPerson>;cn=yyyy,ou=people,dc=example,
 dc=com

objectClass: top
objectClass: groupofuniquenames
cn: Global System Administrators
uniqueMember: cn=xxxx,ou=people,dc=example,dc=com
uniqueMember: cn=yyyy,ou=people,dc=example,dc=com

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
Comment 10 errata-xmlrpc 2017-04-11 07:49:37 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:0893

Note You need to log in before you can comment on or make changes to this bug.