Bug 305131 - Server rejects an empty modify operation
Server rejects an empty modify operation
Status: CLOSED CURRENTRELEASE
Product: 389
Classification: Community
Component: Directory Server (Show other bugs)
1.1.0
All Linux
high Severity medium
: ---
: ---
Assigned To: Nathan Kinder
Viktor Ashirov
:
Depends On:
Blocks: 389_1.2.7 639035
  Show dependency treegraph
 
Reported: 2007-09-25 10:34 EDT by Miloslav Trmač
Modified: 2015-12-07 11:34 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-12-07 11:34:08 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch (2.21 KB, patch)
2010-10-19 11:14 EDT, Nathan Kinder
nkinder: review?
rmeggins: review+
Details | Diff

  None (edit)
Description Miloslav Trmač 2007-09-25 10:34:00 EDT
Version-Release number of selected component (if applicable):
fedora-ds-base-1.1.0-1.2.fc7

Note: I'm not an LDAP expert.

An empty LDAP modify operation (e.g. running ldapmodify, entering a DN and an
empty line) fails.  RFC 2251 p4.6 describes the list of modifications as a
SEQUENCE OF, which seems to allow an empty sequence.

Therefore, shouldn't the empty LDAP modify operation succeed?
Comment 1 Rich Megginson 2007-09-25 18:10:26 EDT
Yes, but some caveats apply.
http://www.mail-archive.com/ldap@umich.edu/msg00605.html
Comment 4 Rich Megginson 2009-04-09 13:08:20 EDT
This falls under the category of RFC correctness.
This is related to
Bug 249327 -  Should only update modifyTimestamp/modifiersName on MODIFY ops
That is - should an empty mod op also update these attrs - sort of like how the *nix "touch" command can be used to update the timestamp of a file.
Comment 5 Rich Megginson 2009-04-09 13:27:07 EDT
See also bug 450742
Comment 6 Rich Megginson 2009-04-09 13:27:34 EDT
(In reply to comment #5)
> See also bug 450742  

no - bug 453756
Comment 8 Nathan Kinder 2010-10-19 11:14:22 EDT
Created attachment 454373 [details]
Patch
Comment 9 Nathan Kinder 2010-10-19 11:30:06 EDT
Pushed to master.  Thanks to Rich for his review!

Counting objects: 15, done.
Delta compression using 2 threads.
Compressing objects: 100% (8/8), done.
Writing objects: 100% (8/8), 793 bytes, done.
Total 8 (delta 6), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
   f4c6760..6160200  master -> master
Comment 10 Amita Sharma 2011-04-07 09:51:55 EDT
Hi Nathen,

My understanding for this bug is :
1. Need to test :
[root@rhel61-ds90-amita scripts]# ldapmodify -x -h localhost -p 389 -D "cn=Directory Manager" -w Secret123 << EOF
> dn:
> EOF
modifying entry ""
Should not give any error.

2. Then I should check for the attributes modifyTimestamp/modifiersName which can be updated using Modify Operation.

I request you to please verify this information and please also add your comments. Like whether it should be tested for user or group and only for these two : modifyTimestamp/modifiersName or more ........ ?
Comment 11 Nathan Kinder 2011-04-11 11:30:23 EDT
(In reply to comment #10)
> Hi Nathen,
> 
> My understanding for this bug is :
> 1. Need to test :
> [root@rhel61-ds90-amita scripts]# ldapmodify -x -h localhost -p 389 -D
> "cn=Directory Manager" -w Secret123 << EOF
> > dn:
> > EOF
> modifying entry ""
> Should not give any error.
> 
> 2. Then I should check for the attributes modifyTimestamp/modifiersName which
> can be updated using Modify Operation.
> 
> I request you to please verify this information and please also add your
> comments. Like whether it should be tested for user or group and only for these
> two : modifyTimestamp/modifiersName or more ........ ?

You really should be testing this against actual entries instead of the root DSE (the "" DN).  The type of entry doesn't matter, so just perform an empty modify operation against a test user entry.  Just check if modifyTimestamp and modifiersName are updated.
Comment 12 Amita Sharma 2011-04-12 03:17:42 EDT
Steps for verification
=======================
1)
ldapmodify -x -h localhost -p 389 -D "cn=Directory Manager" -w Secret123 << EOF
dn: uid=amita,dc=example44,dc=com
changetype: add
objectClass: top
objectClass: person
objectClass: inetorgperson
sn: amita
cn: amita
userPassword: redhat
EOF

2)
ldapsearch -x -h localhost -p 1389 -D "cn=Directory Manager" -w Secret123 -b "dc=example44,dc=com" -s sub "(objectclass=*)" creatorsName createTimestamp modifiersName modifyTimestamp
# amita, example44.com
dn: uid=amita,dc=example44,dc=com
creatorsName: cn=directory manager
createTimestamp: 20110412062039Z
modifiersName: cn=directory manager
modifyTimestamp: 20110412062039Z

3)
ldapmodify -x -h localhost -p 1389 -D "uid=amita,dc=example44,dc=com" -w redhat << EOF
dn: uid=amita,dc=example44,dc=com
EOF

modifying entry "uid=amita,dc=example44,dc=com"

4)
ldapsearch -x -h localhost -p 1389 -D "cn=Directory Manager" -w Secret123 -b "dc=example44,dc=com" -s sub "(objectclass=*)" creatorsName createTimestamp modifiersName modifyTimestamp
# amita, example44.com
dn: uid=amita,dc=example44,dc=com
creatorsName: cn=directory manager
createTimestamp: 20110412062039Z
modifiersName: uid=amita,dc=example44,dc=com
modifyTimestamp: 20110412064017Z

5)
ldapmodify -x -h localhost -p 1389 -D "cn=Directory Manager" -w Secret123 << EOF
dn: uid=amita,dc=example44,dc=com
EOF

6)
ldapsearch -x -h localhost -p 1389 -D "cn=Directory Manager" -w Secret123 -b "dc=example44,dc=com" -s sub "(objectclass=*)" creatorsName createTimestamp modifiersName modifyTimestamp
# amita, example44.com
dn: uid=amita,dc=example44,dc=com
creatorsName: cn=directory manager
createTimestamp: 20110412062039Z
modifiersName: cn=directory manager
modifyTimestamp: 20110412064240Z

Tested - OK, Marking as VERIFIED.

Note You need to log in before you can comment on or make changes to this bug.