Bug 1851973 - Duplicate entryUSN numbers for different LDAP entries in the same backend
Summary: Duplicate entryUSN numbers for different LDAP entries in the same backend
Keywords:
Status: POST
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: 389-ds-base
Version: 8.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: 8.0
Assignee: Simon Pichugin
QA Contact: RHDS QE
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-06-29 14:31 UTC by mreynolds
Modified: 2020-09-13 22:01 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: Using both USN and MemberOf plugins and adding 'member' attribute with a user DN value to a group Consequence: The user and the group have the same entryUSN values Fix: Cleanup USN plugin's code so it increments and assigns entryUSN counter in the same preop operation. Result: The user and the group have different entryUSN values
Clone Of:
Environment:
Last Closed:
Type: ---
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Github 389ds 389-ds-base issues 2359 None None None 2020-09-13 22:01:14 UTC

Description mreynolds 2020-06-29 14:31:29 UTC
This bug is created as a clone of upstream ticket:
https://pagure.io/389-ds-base/issue/49300

#### Issue Description
According to the description of entryUSN plugin and attribute functioning (https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/administration_guide/tracking_modifications_to_directory_entries) it should be unique for each backend (excluding entryusn=0 for imported and never changed entries). In our production environment (389ds v1.3.6.6) there are multiple entries having 2 exactly same entryUSN. Generally it's a group and a user entry that was added/deleted from that group.

#### Steps to reproduce

1. Probably heavy large group modifications with memberOf and entryUSN plugins enabled
2. Check dbscan -r -f entryusn.db
3. To find all duplicate entries:
 dbscan -r -f entryusn.db | tail -n +3 | grep  -B 1 '[0-9]\+ [0-9]'

#### Actual results
for some entryUSN numbers there are two entries:
=174757                                 
        9955 40108 
It is always a group and a user, so it is very probable the duplicate entryUSN is generated during memberOf plugin functioning:
cn=Groupe Example,ou=Par entite,ou=Groupes Globaux,ou=Groupes,dc=id,dc=polytechnique,dc=edu
...
uniqueMember: uid=user1,ou=Personnel,ou=Utilisateurs,dc=id,dc=polytechnique,dc=edu
...
modifyTimeStamp: 20170620133023Z
modifiersName: cn=X LDAP Root
entryUSN: 174757


uid=user1,ou=Personnel,ou=Utilisateurs,dc=id,dc=polytechnique,dc=edu
...
memberOf: cn=Groupe Example,ou=Par entite,ou=Groupes Globaux,ou=Groupes,dc=id,dc=polytechnique,dc=edu
...
modifyTimeStamp: 20170620133023Z
modifiersName: cn=X LDAP Root
entryUSN: 174757


#### Expected results
entryUSN is supposed to be unique per backend according to documentation. These duplicates are not very critical since anyway the two changed entries will be found by the filter entryUSN>=n.


Note You need to log in before you can comment on or make changes to this bug.