Description of problem: modify/replace allows to make multiple same valued attributes in an entry Version-Release number of selected component (if applicable): Found at HP with Console. Could be reproduced on DS7.1 on RHEL4. How reproducible: Every time Steps to Reproduce: 1. Create an entry "dn: uid=tuser1,cn=people,dc=redhat,dc=com" with a mail attribute "mail: tuser1" 2. Run ldapmodify ... -f <modfile> Content of <modfile>: dn: uid=tuser1,cn=people,dc=redhat,dc=com changetype: modify replace: mail mail: tuser1 mail: tuser1 mail: tuser1 mail: tuser1 3. ldapsearch ... -b "uid=tuser1,cn=people,dc=redhat,dc=com" ... Four mail lines are displayed. Expected results: Replacing with multiple identical attribute-values should fail. Additional info: In the index file mail.db4, only one key "tuser1" exists (of course :). If you add the same attribute-value with modify|add, the operation fails. Also, you cannot insert an entry with the multiple same attribute-value's, it fails, as well.
4 typical test cases (add, modify-add, modify-replace, modify-delete) 1. add [dupadd.dat] dn: uid=TUser0,dc=redhat,dc=com uid: TUser0 givenName: Test objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson sn: User0 cn: Test User0 description: description0 mail: tuser0 mail: tuser0 command line: ldapmodify -D "cn=Directory Manager" -w <pw> -a -f dupadd.dat This operation succeeds, which should fail as follows: adding new entry uid=TUser0,dc=redhat,dc=com ldap_add: Type or value exists 2. modify-add [dupmodadd.dat] dn: uid=tuser0,dc=redhat,dc=com changetype: modify add: mail mail: tuser0 mail: tuser0 command line: ldapmodify -D "cn=Directory Manager" -w <pw> -f dupmodadd.dat This operation succeeds, which should fail as follows: modifying entry uid=tuser0,dc=redhat,dc=com ldap_modify: Type or value exists 3. modify-replace [dupmodrepl0.dat] dn: uid=TUser0,dc=redhat,dc=com changetype: modify replace: mail mail: tuser1 mail: tuser1 mail: tuser1 mail: tuser1 [dupmodrepl1.dat] dn: uid=TUser0,dc=redhat,dc=com changetype: modify replace: mail mail: tuser1 - replace: mail mail: tuser1 - replace: mail mail: tuser1 - replace: mail mail: tuser1 command line: ldapmodify -D "cn=Directory Manager" -w <pw> -f dupmodrepl0.dat / dupmodrepl1.dat This operation succeeds, which should fail as follows: modifying entry uid=TUser0,dc=redhat,dc=com ldap_modify: Operations error 4. modify-del [dupmoddel.dat] dn: uid=tuser0,dc=redhat,dc=com changetype: modify delete: mail mail: tuser1 mail: tuser1 command line: ldapmodify -D "cn=Directory Manager" -w <pw> -f dupmoddel.dat This operation succeeds, which should fail as follows: modifying entry uid=tuser0,dc=redhat,dc=com ldap_modify: No such attribute
Created attachment 118032 [details] cvs diff attr.c attrlist.c entry.c proto-slap.h valueset.c Fix descriptions: 1) regarding add and delete, SLAPD_MODUTIL_TREE_THRESHHOLD is defined in attr.c and valueset.c, which value is used to determine whether the attribute values are verified via AVL tree or not. The duplicated values are detected by putting the values into AVL tree. That is, if the duplicated count is low enough ( < 5 ), it was not found and the values were successfully added. Values of SLAPD_MODUTIL_TREE_THRESHHOLD are lowered in this fix. 2) Replace was not checking the duplicated value at all. Added a code to put the attribute values into the AVL tree as being done for add and delete.
Created attachment 118098 [details] cvs diff attr.c attrlist.c entry.c proto-slap.h valueset.c In addition to the previous fix, eliminated SLAPD_MODUTIL_TREE_THRESHHOLD from attr.c as well as valueset.c. With this fix, if an attribute has more than 1 value to add/replace/delete, it creates an AVL tree to check the duplicates.
Created attachment 118100 [details] cvs commit message Reviewed by Rich (thank you!).
Verified fixed on all supported platforms - RHEL3, RHEL4, Solaris 32 and 64 bit, HP-UX 11i against 20051006.2.qa
*DOCS* Ldap modify or replace may allow multiple attributes with the same value. This has been fixed.
pasted from release notes: Ldap modify or replace may allow multiple attributes with the same value. This issue has been fixed.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2005-836.html
Created attachment 125915 [details] cvs commit message for DS6.21 SP3.
Added a dependency on DS 6.21 tracking bugs. (SP3 as well as rel note tracking bug, too)
Verified against DS6.21 SP3 against 20060310.1 build.
Bug already CLOSED. setting screened+ flag