299361 – Sync total update doesn't handle initials and streetAddress properly

Bug 299361 - Sync total update doesn't handle initials and streetAddress properly

Summary: Sync total update doesn't handle initials and streetAddress properly

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	389
Classification:	Retired
Component:	Sync Service
Sub Component:
Version:	1.1.0
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Nathan Kinder
QA Contact:	Viktor Ashirov
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	240316 FDS1.1.0
TreeView+	depends on / blocked

Reported:	2007-09-20 22:14 UTC by Nathan Kinder
Modified:	2015-12-07 16:41 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-12-07 16:41:23 UTC
Embargoed:

Attachments	(Terms of Use)
CVS Diffs (13.93 KB, patch) 2007-09-20 22:21 UTC, Nathan Kinder	no flags	Details \| Diff
View All

Description Nathan Kinder 2007-09-20 22:14:56 UTC

There are some problems with the sync total update in regards to the initials
and streetAddress attributes.

The code currently doesn't handle multi-valued streetAddress attributes or
initials attributes longer than 6 characters in the entries on the DS side. 
When you do an initialization with these types of entries, the sync fails due to
constraints on the AD side.  We already handle these values properly in the
incremental sync protocol.

Comment 1 Nathan Kinder 2007-09-20 22:21:25 UTC

Created attachment 201401 [details]
CVS Diffs

This fix trims the initials attribute when sending to AD.  We also only compare
the first 6 characters of an initials value in DS to the initials value in AD
when determining if we need to send a change.  For streetAddress, we only sync
one value from DS to AD.  We check if DS contains the streetAddress value
present in AD to determine if we need to accept a change from AD.

Comment 5 Noriko Hosoi 2007-09-20 23:20:23 UTC

Thanks for the explanation, Nathan.  Your fix looks good to me.

Comment 6 Nathan Kinder 2007-09-20 23:32:45 UTC

Checked into ldapserver (HEAD).  Thanks to Noriko for her review!

Checking in windows_protocol_util.c;
/cvs/dirsec/ldapserver/ldap/servers/plugins/replication/windows_protocol_util.c,v
 <--  windows_protocol_util.c
new revision: 1.34; previous revision: 1.33
done

Comment 8 Yi Zhang 2007-10-18 23:09:04 UTC

Bug verification test done. Bug fix confirmed.

The current behave is:
Scenario/test procedure:
    Create a valid ntUser on either side. And sync between RHDS and AD.

    Condition A: If customer modify "initials" value on RHDS side, then:
    A.1  if the first 6 char changed, the new value will sync to AD side
    A.2  otherwise, if chars after 6th char changed, sync operation occurs, but
value won't change in AD side

   Condition B: If customer modify "initials" value on AD side, then the whole
"initial" value on RHDS side replaced (not just the first 6 chars)

=========================================================================

Similar to "initial" value, same rule apply to "stressAddress" value modification:
1. create a user on DS side, who has more than one streetAddress value (the
actual data I used is Nathan's attachment)
2. the user's info. sync'd into AD. I verified only the first "stressAddress"
value sync tn AD side
3. make change to the second "streetAddress' value on DS side, sync operation
trigged, but nothing changed on AD side
4. modify "streetAddress" value on AD side. After sync, only one "streetAddress"
value left on DS side, which is from AD.

I already discussed the above behave/fix with Chandra, and we can confirm the
bug fix is valid

Note You need to log in before you can comment on or make changes to this bug.