Bug 299361 - Sync total update doesn't handle initials and streetAddress properly
Sync total update doesn't handle initials and streetAddress properly
Status: CLOSED CURRENTRELEASE
Product: 389
Classification: Community
Component: Sync Service (Show other bugs)
1.1.0
All Linux
high Severity high
: ---
: ---
Assigned To: Nathan Kinder
Viktor Ashirov
:
Depends On:
Blocks: 240316 FDS1.1.0
  Show dependency treegraph
 
Reported: 2007-09-20 18:14 EDT by Nathan Kinder
Modified: 2015-12-07 11:41 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-12-07 11:41:23 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
CVS Diffs (13.93 KB, patch)
2007-09-20 18:21 EDT, Nathan Kinder
no flags Details | Diff

  None (edit)
Description Nathan Kinder 2007-09-20 18:14:56 EDT
There are some problems with the sync total update in regards to the initials
and streetAddress attributes.

The code currently doesn't handle multi-valued streetAddress attributes or
initials attributes longer than 6 characters in the entries on the DS side. 
When you do an initialization with these types of entries, the sync fails due to
constraints on the AD side.  We already handle these values properly in the
incremental sync protocol.
Comment 1 Nathan Kinder 2007-09-20 18:21:25 EDT
Created attachment 201401 [details]
CVS Diffs

This fix trims the initials attribute when sending to AD.  We also only compare
the first 6 characters of an initials value in DS to the initials value in AD
when determining if we need to send a change.  For streetAddress, we only sync
one value from DS to AD.  We check if DS contains the streetAddress value
present in AD to determine if we need to accept a change from AD.
Comment 5 Noriko Hosoi 2007-09-20 19:20:23 EDT
Thanks for the explanation, Nathan.  Your fix looks good to me.
Comment 6 Nathan Kinder 2007-09-20 19:32:45 EDT
Checked into ldapserver (HEAD).  Thanks to Noriko for her review!

Checking in windows_protocol_util.c;
/cvs/dirsec/ldapserver/ldap/servers/plugins/replication/windows_protocol_util.c,v
 <--  windows_protocol_util.c
new revision: 1.34; previous revision: 1.33
done
Comment 8 Yi Zhang 2007-10-18 19:09:04 EDT
Bug verification test done. Bug fix confirmed.

The current behave is:
Scenario/test procedure:
    Create a valid ntUser on either side. And sync between RHDS and AD.

    Condition A: If customer modify "initials" value on RHDS side, then:
    A.1  if the first 6 char changed, the new value will sync to AD side
    A.2  otherwise, if chars after 6th char changed, sync operation occurs, but
value won't change in AD side

   Condition B: If customer modify "initials" value on AD side, then the whole
"initial" value on RHDS side replaced (not just the first 6 chars)

=========================================================================

Similar to "initial" value, same rule apply to "stressAddress" value modification:
1. create a user on DS side, who has more than one streetAddress value (the
actual data I used is Nathan's attachment)
2. the user's info. sync'd into AD. I verified only the first "stressAddress"
value sync tn AD side
3. make change to the second "streetAddress' value on DS side, sync operation
trigged, but nothing changed on AD side
4. modify "streetAddress" value on AD side. After sync, only one "streetAddress"
value left on DS side, which is from AD.

I already discussed the above behave/fix with Chandra, and we can confirm the
bug fix is valid

Note You need to log in before you can comment on or make changes to this bug.