Bug 1435365 - Unable to dereference unqiemember attribute because it is dn [#UID] not dn syntax
Summary: Unable to dereference unqiemember attribute because it is dn [#UID] not dn sy...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: 389-ds-base
Version: 6.10
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: rc
: ---
Assignee: mreynolds
QA Contact: Viktor Ashirov
URL:
Whiteboard:
Depends On: 1430574
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-03-23 15:47 UTC by Jaroslav Reznik
Modified: 2017-04-11 11:49 UTC (History)
10 users (show)

Fixed In Version: 389-ds-base-1.2.11.15-90.el6
Doc Type: Bug Fix
Doc Text:
Previously, the "deref" plug-in failed to dereference attributes that use distinguished name (DN) syntax, such as "uniqueMember". With this patch, the "deref" plug-in can dereference such attributes and additionally "Name and Optional UID" syntax. As a result, the "deref" plug-in now supports any syntax.
Clone Of: 1430574
Environment:
Last Closed: 2017-04-11 11:49:37 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:0893 normal SHIPPED_LIVE Important: 389-ds-base security and bug fix update 2017-04-11 15:46:58 UTC

Description Jaroslav Reznik 2017-03-23 15:47:43 UTC
This bug has been copied from bug #1430574 and has been proposed
to be backported to 6.9 z-stream (EUS).

Comment 4 Amita Sharma 2017-03-27 14:21:28 UTC
[root@qeos-73 yum.repos.d]# rpm -qa | grep 389
389-ds-base-1.2.11.15-90.el6_9.x86_64
389-ds-base-libs-1.2.11.15-90.el6_9.x86_64

Directory Manager DN [cn=Directory Manager]: 
Password: 
Password (confirm): 
Your new DS instance 'qeos-73' was successfully created.
Exiting . . .
Log file is '/tmp/setupauE0Yy.log'

[root@qeos-73 yum.repos.d]# ldapadd -x -h localhost -p 389 -D "cn=Directory Manager" -w Secret123  << EOF
> dn: cn=xxxx,ou=people,dc=example,dc=com
> cn: xxxx
> sn: xx
> givenname: amita
> objectclass: top
> objectclass: person
> objectclass: organizationalPerson
> objectclass: inetOrgPerson
> uid: xxxx
> mail: amita@example.com
> userpassword: Secret123
> EOF
adding new entry "cn=xxxx,ou=people,dc=example,dc=com"

[root@qeos-73 yum.repos.d]# ldapadd -x -h localhost -p 389 -D "cn=Directory Manager" -w Secret123  << EOF
> dn: cn=yyyy,ou=people,dc=example,dc=com
> cn: yyyy
> sn: yy
> givenname: amita
> objectclass: top
> objectclass: person
> objectclass: organizationalPerson
> objectclass: inetOrgPerson
> uid: yyyy
> mail: amita@example.com
> userpassword: Secret123
> EOF
adding new entry "cn=yyyy,ou=people,dc=example,dc=com"

[root@qeos-73 yum.repos.d]# ldapadd -D "cn=Directory Manager" -w Secret123 -h localhost -p 389 << EOF
> dn: cn=Global System Administrators,ou=Groups,dc=example,dc=com
> objectClass: top
> objectClass: groupofuniquenames
> cn: Global System Administrators
> uniquemember: cn=xxxx,ou=people,dc=example,dc=com
> uniquemember: cn=yyyy,ou=people,dc=example,dc=com
> EOF
adding new entry "cn=Global System Administrators,ou=Groups,dc=example,dc=com"

[root@qeos-73 yum.repos.d]# ldapsearch -D "cn=Directory Manager" -w Secret123 -h localhost -E 'deref=uniquemember:cn,objectclass' -b "ou=Groups,dc=example,dc=com" 'cn=Global System Administrators'
# extended LDIF
#
# LDAPv3
# base <ou=Groups,dc=example,dc=com> with scope subtree
# filter: cn=Global System Administrators
# requesting: ALL
# with dereference control
#

# Global System Administrators, Groups, example.com
dn: cn=Global System Administrators,ou=Groups,dc=example,dc=com
control: 1.3.6.1.4.1.4203.666.5.16 false MIQAAAFAMIQAAACaBAx1bmlxdWVtZW1iZXIEI
 2NuPXh4eHgsb3U9cGVvcGxlLGRjPWV4YW1wbGUsZGM9Y29toIQAAABhMIQAAAAQBAJjbjGEAAAABg
 QEeHh4eDCEAAAARQQLb2JqZWN0Y2xhc3MxhAAAADIEA3RvcAQGcGVyc29uBBRvcmdhbml6YXRpb25
 hbFBlcnNvbgQNaW5ldE9yZ1BlcnNvbjCEAAAAmgQMdW5pcXVlbWVtYmVyBCNjbj15eXl5LG91PXBl
 b3BsZSxkYz1leGFtcGxlLGRjPWNvbaCEAAAAYTCEAAAAEAQCY24xhAAAAAYEBHl5eXkwhAAAAEUEC
 29iamVjdGNsYXNzMYQAAAAyBAN0b3AEBnBlcnNvbgQUb3JnYW5pemF0aW9uYWxQZXJzb24EDWluZX
 RPcmdQZXJzb24=
# uniquemember: <cn=xxxx>;<objectclass=top>;<objectclass=person>;<objectclass=o
 rganizationalPerson>;<objectclass=inetOrgPerson>;cn=xxxx,ou=people,dc=example,
 dc=com

# uniquemember: <cn=yyyy>;<objectclass=top>;<objectclass=person>;<objectclass=o
 rganizationalPerson>;<objectclass=inetOrgPerson>;cn=yyyy,ou=people,dc=example,
 dc=com

objectClass: top
objectClass: groupofuniquenames
cn: Global System Administrators
uniqueMember: cn=xxxx,ou=people,dc=example,dc=com
uniqueMember: cn=yyyy,ou=people,dc=example,dc=com

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

Comment 10 errata-xmlrpc 2017-04-11 11:49:37 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:0893


Note You need to log in before you can comment on or make changes to this bug.