1462400 – Deleting cn=config attributes throws error 16 instead of error 53

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1462400 - Deleting cn=config attributes throws error 16 instead of error 53

Summary: Deleting cn=config attributes throws error 16 instead of error 53

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	389-ds-base
Sub Component:
Version:	7.4
Hardware:	x86_64
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	mreynolds
QA Contact:	Viktor Ashirov
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-06-17 06:17 UTC by Sankar Ramalingam
Modified:	2017-06-29 14:20 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-06-29 14:20:32 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Sankar Ramalingam 2017-06-17 06:17:08 UTC

Description of problem: 
     Inconsistent error messages returned when trying to delete or modify cn=config attributes. It returns error 16, for attributes which doesn't exist or not allowed to delete.

Version-Release number of selected component (if applicable): 
389-ds-base-1.3.6.1-16

How reproducible: Consistently

Steps to Reproduce:
1. Install 389-ds-base-1.3.6.1-16 and create an instance.

2. Enable audit logging and auditfail logging(optional)
ldapmodify -x -p 1389 -h localhost -D "cn=Directory Manager" -w Secret123 << EOF
dn: cn=config
replace: nsslapd-auditfaillog-logging-enabled
nsslapd-auditfaillog-logging-enabled: on
-
replace: nsslapd-auditlog-logging-enabled
nsslapd-auditlog-logging-enabled: on
EOF

3. Delete passwordStorageScheme attribute.
ldapmodify -x -p 1389 -h localhost -D "cn=Directory Manager" -w Secret123 << EOF
dn: cn=config
delete: passwordStorageScheme
passwordStorageScheme: SSHA512
EOF
modifying entry "cn=config"
ldap_modify: No such attribute (16)

==> /var/log/dirsrv/slapd-auto-hv-02-guest04/errors <==
[17/Jun/2017:01:43:55.817247481 -0400] - WARN - modify_config_dse - Modification of attribute "modifiersname" is not allowed, ignoring!
[17/Jun/2017:01:43:55.819916608 -0400] - WARN - modify_config_dse - Modification of attribute "modifytimestamp" is not allowed, ignoring!
[17/Jun/2017:01:43:55.821747741 -0400] - WARN - modify_config_dse - Modification of attribute "modifiersname" is not allowed, ignoring!
[17/Jun/2017:01:43:55.823286360 -0400] - WARN - modify_config_dse - Modification of attribute "modifytimestamp" is not allowed, ignoring!

==> /var/log/dirsrv/slapd-auto-hv-02-guest04/audit <==
time: 20170617014355
dn: cn=config
result: 16
changetype: modify
delete: passwordStorageScheme
passwordStorageScheme: SSHA512

4. Try to delete a non-existing attribute, say nsslapd-no-attribute.

ldapmodify -x -p 1389 -h localhost -D "cn=Directory Manager" -w Secret123 << EOF
dn: cn=config
delete: nsslapd-no-attribute
EOF

modifying entry "cn=config"
ldap_modify: No such attribute (16)
	additional info: Unknown attribute nsslapd-no-attribute will be ignored

==> /var/log/dirsrv/slapd-auto-hv-02-guest04/errors <==
[17/Jun/2017:01:42:12.877358769 -0400] - ERR - config_set - Unknown attribute nsslapd-no-attribute will be ignored
==> /var/log/dirsrv/slapd-auto-hv-02-guest04/audit <==
time: 20170617014211
dn: cn=config
result: 16
changetype: modify
delete: nsslapd-no-attribute

5. Delete nsslapd-defaultnamingcontext

ldapmodify -x -p 1389 -h localhost -D "cn=Directory Manager" -w Secret123 << EOF
dn: cn=config
delete: nsslapd-defaultnamingcontext
> EOF
modifying entry "cn=config"
ldap_modify: Server is unwilling to perform (53)

6. Delete nsslapd-defaultnamingcontext with the value. 

ldapmodify -x -p 1389 -h localhost -D "cn=Directory Manager" -w Secret123 << EOF
dn: cn=config
delete: nsslapd-defaultnamingcontext
nsslapd-defaultnamingcontext: dc=idmqe,dc=lab,dc=eng,dc=bos,dc=redhat,dc=com
> EOF
modifying entry "cn=config"

==> /var/log/dirsrv/slapd-auto-hv-02-guest04/errors <==
[17/Jun/2017:01:49:43.790914242 -0400] - WARN - modify_config_dse - Modification of attribute "modifiersname" is not allowed, ignoring!
[17/Jun/2017:01:49:43.793097602 -0400] - WARN - modify_config_dse - Modification of attribute "modifytimestamp" is not allowed, ignoring!
[17/Jun/2017:01:49:43.795513384 -0400] - WARN - modify_config_dse - Modification of attribute "modifiersname" is not allowed, ignoring!
[17/Jun/2017:01:49:43.797208926 -0400] - WARN - modify_config_dse - Modification of attribute "modifytimestamp" is not allowed, ignoring!

==> /var/log/dirsrv/slapd-auto-hv-02-guest04/audit <==
time: 20170617014943
dn: cn=config
result: 0
changetype: modify
delete: nsslapd-defaultnamingcontext
nsslapd-defaultnamingcontext: dc=idmqe,dc=lab,dc=eng,dc=bos,dc=redhat,dc=com
-
replace: modifiersname
modifiersname: cn=directory manager
-
replace: modifytimestamp
modifytimestamp: 20170617054943Z

Actual results: Deleting an attribute which is not allowed to be deleted, throws error 16 for some of the attributes and error 53 for some of the attributes.

Expected results: Deleting attributes from cn=config should throw consistent error messages.

Additional info: Deleting of cn=config attribute, works consistently in one of the scenario. When the attribute is modified/reset is with allowed or valid values, then it allows the attribute to be deleted, irrespective of whether you supply the value of the attribute or not. In this case, it resets the value to the default.

Comment 2 Nathan Kinder 2017-06-29 14:20:32 UTC

This is considered expected behavior.  Deleting an attribute that isn't explicitly set will return 16, which is a more detailed error message than 53.

Note You need to log in before you can comment on or make changes to this bug.