Bug 1559764 – memberof fails if group is moved into scope [rhel-7.5.z]

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1559764 - memberof fails if group is moved into scope [rhel-7.5.z]

Summary:	memberof fails if group is moved into scope [rhel-7.5.z]

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	389-ds-base (Show other bugs)
Sub Component:
Version:	7.4
Hardware:	All Linux

Priority	high Severity medium
Target Milestone:	rc
Target Release:	---
Assigned To:	mreynolds
QA Contact:	Viktor Ashirov
Docs Contact:	Marc Muehlfeld

URL:
Whiteboard:
Keywords:	ZStream

Depends On:	1551071
Blocks:
	Show dependency tree / graph

Reported:	2018-03-23 05:03 EDT by Oneata Mircea Teodor
Modified:	2018-05-14 12:10 EDT (History)
CC List:	6 users (show)

See Also:
Fixed In Version:	389-ds-base-1.3.7.5-20
Doc Type:	Bug Fix
Doc Text:	If an administrator moves a group in Directory Server from one subtree to another, the memberOf plug-in deletes the memberOf attribute with the old value and adds a new memberOf attribute with the new group's distinguished name (DN) in affected user entries. Previously, if the old subtree was not within the scope of the memberOf plug-in, deleting the old memberOf attribute failed because the values did not exist. As a consequence, the plug-in did not add the new memberOf value, and the user entry contained an incorrect memberOf value. With this update, the plug-in now checks the return code when deleting the old value. If the return code is "no such value", the plug-in only adds the new memberOf value. As a result, the memberOf attribute information is correct.
Story Points:	---
Clone Of:	1551071
Environment:
Last Closed:	2018-05-14 12:09:58 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2018:1380	None	None	None	2018-05-14 12:10 EDT

Groups: None (edit)

Description Oneata Mircea Teodor 2018-03-23 05:03:31 EDT

This bug has been copied from bug #1551071 and has been proposed to be backported to 7.5 z-stream (EUS).

Comment 5 Amita Sharma 2018-04-16 03:05:33 EDT

# pytest -s -v try.py 
================================================================ test session starts =================================================================
platform linux -- Python 3.6.3, pytest-3.5.0, py-1.5.3, pluggy-0.6.0 -- /opt/rh/rh-python36/root/usr/bin/python3
cachedir: .pytest_cache
metadata: {'Python': '3.6.3', 'Platform': 'Linux-3.10.0-862.el7.x86_64-x86_64-with-redhat-7.5-Maipo', 'Packages': {'pytest': '3.5.0', 'py': '1.5.3', 'pluggy': '0.6.0'}, 'Plugins': {'metadata': '1.7.0', 'html': '1.17.0'}}
389-ds-base: 1.3.7.5-21.el7
nss: 3.34.0-4.el7
nspr: 4.17.0-1.el7
openldap: 2.4.44-13.el7
svrcore: 4.1.3-2.el7

rootdir: /mnt/tests/rhds/tests/upstream/ds/dirsrvtests/tests/tickets, inifile:
plugins: metadata-1.7.0, html-1.17.0
collected 1 item                                                                                                                                     

try.py::test_ticket_49161 OK group dirsrv exists
OK user dirsrv exists
INFO:lib389.topologies:Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
INFO:lib389:!!!!!!! cn=m1,cn=sub1,dc=example,dc=com: memberof->cn=g1,cn=sub1,dc=example,dc=com
INFO:lib389:!!!!!!! cn=m1,cn=sub1,dc=example,dc=com: memberof->cn=g1,cn=sub1,dc=example,dc=com
INFO:lib389:!!!!!!! cn=m1,cn=sub1,dc=example,dc=com: memberof->cn=g1,cn=sub1,dc=example,dc=com
INFO:lib389:!!!!!!! cn=m1,cn=sub1,dc=example,dc=com: memberof->cn=g1,cn=sub1,dc=example,dc=com
CRITICAL:dirsrvtests.tests.tickets.try:Renaming user (cn=g2,cn=sub2,dc=example,dc=com): new cn=g2-new
INFO:lib389:!!!!!!! cn=m1,cn=sub1,dc=example,dc=com: memberof->cn=g1,cn=sub1,dc=example,dc=com
INFO:lib389:!!!!!!! cn=m1,cn=sub1,dc=example,dc=com: memberof->cn=g1,cn=sub1,dc=example,dc=com
INFO:lib389:!!!!!!! cn=m1,cn=sub1,dc=example,dc=com: memberof->cn=g1,cn=sub1,dc=example,dc=com
INFO:lib389:!!!!!!! cn=m1,cn=sub1,dc=example,dc=com: memberof->cn=g2-new,cn=sub1,dc=example,dc=com
INFO:lib389:!!!!!!! cn=m1,cn=sub1,dc=example,dc=com: memberof->cn=g1,cn=sub1,dc=example,dc=com
INFO:lib389:!!!!!!! cn=m1,cn=sub1,dc=example,dc=com: memberof->cn=g2-new,cn=sub1,dc=example,dc=com
PASSEDInstance slapd-standalone1 removed.


============================================================= 1 passed in 17.57 seconds ==============================================================
[root@qeos-28 tickets]#

Comment 11 errata-xmlrpc 2018-05-14 12:09:58 EDT

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:1380

Note You need to log in before you can comment on or make changes to this bug.