Bug 164834 - modify/replace allows multiple same valued attributes in an entry
modify/replace allows multiple same valued attributes in an entry
Status: CLOSED ERRATA
Product: Red Hat Directory Server
Classification: Red Hat
Component: Database - Indexes/Searches (Show other bugs)
7.2
All Linux
medium Severity medium
: ---
: ---
Assigned To: Noriko Hosoi
Orla Hegarty
:
Depends On:
Blocks: 146725 152373 159328 182630 184343 240316
  Show dependency treegraph
 
Reported: 2005-08-01 14:17 EDT by Noriko Hosoi
Modified: 2008-08-11 19:36 EDT (History)
0 users

See Also:
Fixed In Version: RHBA-2005-836
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-11-16 16:11:03 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
cvs diff attr.c attrlist.c entry.c proto-slap.h valueset.c (7.03 KB, patch)
2005-08-23 20:10 EDT, Noriko Hosoi
no flags Details | Diff
cvs diff attr.c attrlist.c entry.c proto-slap.h valueset.c (11.74 KB, patch)
2005-08-24 20:02 EDT, Noriko Hosoi
no flags Details | Diff
cvs commit message (1.34 KB, text/plain)
2005-08-24 20:59 EDT, Noriko Hosoi
no flags Details
cvs commit message for DS6.21 SP3. (1.29 KB, text/plain)
2006-03-09 20:12 EST, Noriko Hosoi
no flags Details

  None (edit)
Description Noriko Hosoi 2005-08-01 14:17:05 EDT
Description of problem:
modify/replace allows to make multiple same valued attributes in an entry

Version-Release number of selected component (if applicable):
Found at HP with Console.  Could be reproduced on DS7.1 on RHEL4.

How reproducible:
Every time

Steps to Reproduce:
1. Create an entry "dn: uid=tuser1,cn=people,dc=redhat,dc=com" with a mail
attribute "mail: tuser1"
2. Run ldapmodify ... -f <modfile>
Content of <modfile>:
dn: uid=tuser1,cn=people,dc=redhat,dc=com
changetype: modify
replace: mail
mail: tuser1
mail: tuser1
mail: tuser1
mail: tuser1
3. ldapsearch ... -b "uid=tuser1,cn=people,dc=redhat,dc=com" ...
Four mail lines are displayed.

Expected results:
Replacing with multiple identical attribute-values should fail.

Additional info:
In the index file mail.db4, only one key "tuser1" exists (of course :).
If you add the same attribute-value with modify|add, the operation fails.
Also, you cannot insert an entry with the multiple same attribute-value's, it
fails, as well.
Comment 1 Noriko Hosoi 2005-08-23 19:54:00 EDT
4 typical test cases (add, modify-add, modify-replace, modify-delete)
1. add

    [dupadd.dat]
    dn: uid=TUser0,dc=redhat,dc=com
    uid: TUser0
    givenName: Test
    objectClass: top
    objectClass: person
    objectClass: organizationalPerson
    objectClass: inetorgperson
    sn: User0
    cn: Test User0
    description: description0
    mail: tuser0@redhat.com
    mail: tuser0@redhat.com

command line:

    ldapmodify -D "cn=Directory Manager" -w <pw> -a -f dupadd.dat

This operation succeeds, which should fail as follows:

    adding new entry uid=TUser0,dc=redhat,dc=com
    ldap_add: Type or value exists

2. modify-add

    [dupmodadd.dat]
    dn: uid=tuser0,dc=redhat,dc=com
    changetype: modify
    add: mail
    mail: tuser0@redhat.org
    mail: tuser0@redhat.org

command line:

    ldapmodify -D "cn=Directory Manager" -w <pw>  -f dupmodadd.dat

This operation succeeds, which should fail as follows:

    modifying entry uid=tuser0,dc=redhat,dc=com
    ldap_modify: Type or value exists

3. modify-replace

    [dupmodrepl0.dat]
    dn: uid=TUser0,dc=redhat,dc=com
    changetype: modify
    replace: mail
    mail: tuser1@redhat.org
    mail: tuser1@redhat.org
    mail: tuser1@redhat.org
    mail: tuser1@redhat.org

    [dupmodrepl1.dat]
    dn: uid=TUser0,dc=redhat,dc=com
    changetype: modify
    replace: mail
    mail: tuser1@redhat.org
    -
    replace: mail
    mail: tuser1@redhat.org
    -
    replace: mail
    mail: tuser1@redhat.org
    -
    replace: mail
    mail: tuser1@redhat.org

command line:

    ldapmodify -D "cn=Directory Manager" -w <pw>  -f dupmodrepl0.dat /
dupmodrepl1.dat

This operation succeeds, which should fail as follows:

    modifying entry uid=TUser0,dc=redhat,dc=com
    ldap_modify: Operations error

4. modify-del

    [dupmoddel.dat]
    dn: uid=tuser0,dc=redhat,dc=com
    changetype: modify
    delete: mail
    mail: tuser1@redhat.org
    mail: tuser1@redhat.org

command line:

    ldapmodify -D "cn=Directory Manager" -w <pw>  -f dupmoddel.dat

This operation succeeds, which should fail as follows:

    modifying entry uid=tuser0,dc=redhat,dc=com
    ldap_modify: No such attribute
Comment 2 Noriko Hosoi 2005-08-23 20:10:50 EDT
Created attachment 118032 [details]
cvs diff attr.c attrlist.c entry.c proto-slap.h valueset.c

Fix descriptions:
1) regarding add and delete, SLAPD_MODUTIL_TREE_THRESHHOLD is defined in attr.c
and valueset.c, which value is used to determine whether the attribute values
are verified via AVL tree or not.  The duplicated values are detected by
putting the values into AVL tree.  That is, if the duplicated count is low
enough ( < 5 ), it was not found and the values were successfully added. 
Values of SLAPD_MODUTIL_TREE_THRESHHOLD are lowered in this fix.

2) Replace was not checking the duplicated value at all.  Added a code to put
the attribute values into the AVL tree as being done for add and delete.
Comment 3 Noriko Hosoi 2005-08-24 20:02:44 EDT
Created attachment 118098 [details]
cvs diff attr.c attrlist.c entry.c proto-slap.h valueset.c

In addition to the previous fix, eliminated SLAPD_MODUTIL_TREE_THRESHHOLD from
attr.c as well as valueset.c.  With this fix, if an attribute has more than 1
value to add/replace/delete, it creates an AVL tree to check the duplicates.
Comment 4 Noriko Hosoi 2005-08-24 20:59:32 EDT
Created attachment 118100 [details]
cvs commit message

Reviewed by Rich (thank you!).
Comment 5 Orla Hegarty 2005-10-14 12:09:42 EDT
Verified fixed on all supported platforms - RHEL3, RHEL4, Solaris 32 and 64 bit,
HP-UX 11i against 20051006.2.qa
Comment 6 Orla Hegarty 2005-10-31 19:24:37 EST
*DOCS*
Ldap modify or replace may allow multiple attributes with the same value. This
has been fixed.
Comment 7 John Ha 2005-11-10 00:57:04 EST
pasted from release notes:

Ldap modify or replace may allow multiple attributes with the same value. This
issue has been fixed.
Comment 8 Red Hat Bugzilla 2005-11-16 16:11:04 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2005-836.html
Comment 9 Noriko Hosoi 2006-03-09 20:12:19 EST
Created attachment 125915 [details]
cvs commit message for DS6.21 SP3.
Comment 10 Noriko Hosoi 2006-03-09 20:15:11 EST
Added a dependency on DS 6.21 tracking bugs. (SP3 as well as rel note tracking
bug, too)
Comment 11 To Ngan 2006-03-14 12:51:10 EST
Verified against DS6.21 SP3 against 20060310.1 build.
Comment 12 Chandrasekar Kannan 2008-08-11 19:36:12 EDT
Bug already CLOSED. setting screened+ flag

Note You need to log in before you can comment on or make changes to this bug.