Bug 476261 - Compare operation in nsaccountlock returns error
Summary: Compare operation in nsaccountlock returns error
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: 389
Classification: Retired
Component: Unknown
Version: 1.1.3
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Rich Megginson
QA Contact: Chandrasekar Kannan
URL: https://www.redhat.com/archives/fedor...
Whiteboard:
Depends On:
Blocks: 249650 FDS1.2.0
TreeView+ depends on / blocked
 
Reported: 2008-12-12 19:38 UTC by Daniel Cristian Cruz
Modified: 2015-01-04 23:35 UTC (History)
3 users (show)

Fixed In Version: 8.1
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-04-29 23:08:55 UTC


Attachments (Terms of Use)
cvs diff ldapserver/ldap/servers/plugins/cos/cos_cache.c (912 bytes, patch)
2009-02-13 23:57 UTC, Noriko Hosoi
no flags Details | Diff
cvs commit message (622 bytes, text/plain)
2009-02-16 17:27 UTC, Noriko Hosoi
no flags Details

Description Daniel Cristian Cruz 2008-12-12 19:38:34 UTC
Description of problem: compare operation against nsaccountlock returns error even if account is locked

Version-Release number of selected component (if applicable): 1.1.3

How reproducible: easy

Steps to Reproduce:
1. lock the account
2. use a compare operation with attribute 'nsaccountlock' and value 'true'
  
Actual results: No attribute (error 16)

Expected results: True?

Additional info: https://www.redhat.com/archives/fedora-directory-users/2008-December/msg00086.html

Comment 1 Rich Megginson 2008-12-12 20:33:07 UTC
I think the problem may be that operational attributes do not work with the compare operation.  You tried with a regular attribute and compare works, correct?

Comment 2 Daniel Cristian Cruz 2008-12-12 21:52:33 UTC
Yes, as shown in the thread, when used with a regular attribte it works.

Just get error message using nsaccountlock.

Comment 3 Noriko Hosoi 2009-02-13 23:57:48 UTC
Created attachment 331887 [details]
cvs diff ldapserver/ldap/servers/plugins/cos/cos_cache.c

Description: Compare function for the CoS attribute cos_cache_cmp_attr failed to set the result.

By setting the right return code, the nsAccountLock matches true if the user's account is inactivated.
$ ldapcompare -D "cn=Directory Manager" -w <password> nsAccountLock:True "uid=tuser0,dc=example,dc=com"
comparing type: "nsAccountLock" value: "True" in entry "uid=tuser0,dc=example,dc=com"
compare TRUE
$ ldapcompare -D "cn=Directory Manager" -w <password> nsAccountLock:False "uid=tuser0,dc=example,dc=com"
comparing type: "nsAccountLock" value: "False" in entry "uid=tuser0,dc=example,dc=com"
compare FALSE

Note: once the user is activated, the compare command returns "No such attribute" (regardless of the value to compare, of course):
$ ldapcompare -D "cn=Directory Manager" -w <password> nsAccountLock:True "uid=tuser0,dc=example,dc=com"
comparing type: "nsAccountLock" value: "True" in entry "uid=tuser0,dc=example,dc=com"
ldap_compare: No such attribute
$ ldapcompare -D "cn=Directory Manager" -w <password> nsAccountLock:False "uid=tuser0,dc=example,dc=com"
comparing type: "nsAccountLock" value: "False" in entry "uid=tuser0,dc=example,dc=com"
ldap_compare: No such attribute

Comment 4 Noriko Hosoi 2009-02-16 17:27:48 UTC
Created attachment 332061 [details]
cvs commit message

Reviewed by Rich (Thank you!!)

Checked in into CVS HEAD.

Comment 5 Jenny Severance 2009-03-19 16:59:54 UTC
fix verifiedd DS 8.1 RHEL 5

Inactive User:

[root@jennyv2 ~]# /usr/lib/mozldap/ldapcompare -D "cn=Directory Manager" -w Secret123 nsAccountLock:True "uid=ryan,ou=people,dc=example,dc=com"
comparing type: "nsAccountLock" value: "True" in entry "uid=ryan,ou=people,dc=example,dc=com"
compare TRUE
[root@jennyv2 ~]# /usr/lib/mozldap/ldapcompare -D "cn=Directory Manager" -w Secret123 nsAccountLock:False "uid=ryan,ou=people,dc=example,dc=com"
comparing type: "nsAccountLock" value: "False" in entry "uid=ryan,ou=people,dc=example,dc=com"
compare FALSE

Active User:

[root@jennyv2 ~]# /usr/lib/mozldap/ldapcompare -D "cn=Directory Manager" -w Secret123 nsAccountLock:True "uid=ryan,ou=people,dc=example,dc=com"
comparing type: "nsAccountLock" value: "True" in entry "uid=ryan,ou=people,dc=example,dc=com"
ldap_compare: No such attribute
[root@jennyv2 ~]# /usr/lib/mozldap/ldapcompare -D "cn=Directory Manager" -w Secret123 nsAccountLock:False "uid=ryan,ou=people,dc=example,dc=com"
comparing type: "nsAccountLock" value: "False" in entry "uid=ryan,ou=people,dc=example,dc=com"
ldap_compare: No such attribute

Comment 6 Chandrasekar Kannan 2009-04-29 23:08:55 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2009-0455.html


Note You need to log in before you can comment on or make changes to this bug.