Bug 1462400 - Deleting cn=config attributes throws error 16 instead of error 53
Deleting cn=config attributes throws error 16 instead of error 53
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: 389-ds-base (Show other bugs)
7.4
x86_64 Linux
medium Severity medium
: rc
: ---
Assigned To: mreynolds
Viktor Ashirov
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-06-17 02:17 EDT by Sankar Ramalingam
Modified: 2017-06-29 10:20 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-06-29 10:20:32 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Sankar Ramalingam 2017-06-17 02:17:08 EDT
Description of problem: 
     Inconsistent error messages returned when trying to delete or modify cn=config attributes. It returns error 16, for attributes which doesn't exist or not allowed to delete.

Version-Release number of selected component (if applicable): 
389-ds-base-1.3.6.1-16

How reproducible: Consistently

Steps to Reproduce:
1. Install 389-ds-base-1.3.6.1-16 and create an instance.

2. Enable audit logging and auditfail logging(optional)
ldapmodify -x -p 1389 -h localhost -D "cn=Directory Manager" -w Secret123 << EOF
dn: cn=config
replace: nsslapd-auditfaillog-logging-enabled
nsslapd-auditfaillog-logging-enabled: on
-
replace: nsslapd-auditlog-logging-enabled
nsslapd-auditlog-logging-enabled: on
EOF

3. Delete passwordStorageScheme attribute.
ldapmodify -x -p 1389 -h localhost -D "cn=Directory Manager" -w Secret123 << EOF
dn: cn=config
delete: passwordStorageScheme
passwordStorageScheme: SSHA512
EOF
modifying entry "cn=config"
ldap_modify: No such attribute (16)

==> /var/log/dirsrv/slapd-auto-hv-02-guest04/errors <==
[17/Jun/2017:01:43:55.817247481 -0400] - WARN - modify_config_dse - Modification of attribute "modifiersname" is not allowed, ignoring!
[17/Jun/2017:01:43:55.819916608 -0400] - WARN - modify_config_dse - Modification of attribute "modifytimestamp" is not allowed, ignoring!
[17/Jun/2017:01:43:55.821747741 -0400] - WARN - modify_config_dse - Modification of attribute "modifiersname" is not allowed, ignoring!
[17/Jun/2017:01:43:55.823286360 -0400] - WARN - modify_config_dse - Modification of attribute "modifytimestamp" is not allowed, ignoring!

==> /var/log/dirsrv/slapd-auto-hv-02-guest04/audit <==
time: 20170617014355
dn: cn=config
result: 16
changetype: modify
delete: passwordStorageScheme
passwordStorageScheme: SSHA512

4. Try to delete a non-existing attribute, say nsslapd-no-attribute.

ldapmodify -x -p 1389 -h localhost -D "cn=Directory Manager" -w Secret123 << EOF
dn: cn=config
delete: nsslapd-no-attribute
EOF

modifying entry "cn=config"
ldap_modify: No such attribute (16)
	additional info: Unknown attribute nsslapd-no-attribute will be ignored

==> /var/log/dirsrv/slapd-auto-hv-02-guest04/errors <==
[17/Jun/2017:01:42:12.877358769 -0400] - ERR - config_set - Unknown attribute nsslapd-no-attribute will be ignored
==> /var/log/dirsrv/slapd-auto-hv-02-guest04/audit <==
time: 20170617014211
dn: cn=config
result: 16
changetype: modify
delete: nsslapd-no-attribute

5. Delete nsslapd-defaultnamingcontext

ldapmodify -x -p 1389 -h localhost -D "cn=Directory Manager" -w Secret123 << EOF
dn: cn=config
delete: nsslapd-defaultnamingcontext
> EOF
modifying entry "cn=config"
ldap_modify: Server is unwilling to perform (53)

6. Delete nsslapd-defaultnamingcontext with the value. 

ldapmodify -x -p 1389 -h localhost -D "cn=Directory Manager" -w Secret123 << EOF
dn: cn=config
delete: nsslapd-defaultnamingcontext
nsslapd-defaultnamingcontext: dc=idmqe,dc=lab,dc=eng,dc=bos,dc=redhat,dc=com
> EOF
modifying entry "cn=config"

==> /var/log/dirsrv/slapd-auto-hv-02-guest04/errors <==
[17/Jun/2017:01:49:43.790914242 -0400] - WARN - modify_config_dse - Modification of attribute "modifiersname" is not allowed, ignoring!
[17/Jun/2017:01:49:43.793097602 -0400] - WARN - modify_config_dse - Modification of attribute "modifytimestamp" is not allowed, ignoring!
[17/Jun/2017:01:49:43.795513384 -0400] - WARN - modify_config_dse - Modification of attribute "modifiersname" is not allowed, ignoring!
[17/Jun/2017:01:49:43.797208926 -0400] - WARN - modify_config_dse - Modification of attribute "modifytimestamp" is not allowed, ignoring!

==> /var/log/dirsrv/slapd-auto-hv-02-guest04/audit <==
time: 20170617014943
dn: cn=config
result: 0
changetype: modify
delete: nsslapd-defaultnamingcontext
nsslapd-defaultnamingcontext: dc=idmqe,dc=lab,dc=eng,dc=bos,dc=redhat,dc=com
-
replace: modifiersname
modifiersname: cn=directory manager
-
replace: modifytimestamp
modifytimestamp: 20170617054943Z

Actual results: Deleting an attribute which is not allowed to be deleted, throws error 16 for some of the attributes and error 53 for some of the attributes.

Expected results: Deleting attributes from cn=config should throw consistent error messages.

Additional info: Deleting of cn=config attribute, works consistently in one of the scenario. When the attribute is modified/reset is with allowed or valid values, then it allows the attribute to be deleted, irrespective of whether you supply the value of the attribute or not. In this case, it resets the value to the default.
Comment 2 Nathan Kinder 2017-06-29 10:20:32 EDT
This is considered expected behavior.  Deleting an attribute that isn't explicitly set will return 16, which is a more detailed error message than 53.

Note You need to log in before you can comment on or make changes to this bug.