Bug 481223 - Removing Group Member in ADS and Send and Recieve Updates Crashes the Directory Server
Summary: Removing Group Member in ADS and Send and Recieve Updates Crashes the Directo...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Directory Server
Classification: Red Hat
Component: winsync
Version: 8.1
Hardware: All
OS: Linux
high
high
Target Milestone: ---
: ---
Assignee: Rich Megginson
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks: 249650 FDS1.2.0
TreeView+ depends on / blocked
 
Reported: 2009-01-22 20:55 UTC by Jenny Severance
Modified: 2015-01-04 23:36 UTC (History)
2 users (show)

Fixed In Version: 8.1
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-04-29 23:09:48 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
diffs (6.05 KB, patch)
2009-01-26 15:47 UTC, Rich Megginson
no flags Details | Diff
cvs commit log (412 bytes, text/plain)
2009-01-26 17:35 UTC, Rich Megginson
no flags Details

Description Jenny Severance 2009-01-22 20:55:56 UTC
Description of problem:
After successful syncronization of users/groups and memberships, subsequently changing the the group name and removing a member in ADS and initiating an update results in Segmentation fault and crashes the Directory Server.

Version-Release number of selected component (if applicable):
8.1

How reproducible:
Always

Steps to Reproduce:
1. Create a window sync agreement that synchronizes both users and groups.
2. Add users and groups to ADS. Add members to the groups.
3. Verify they are sychronized to DS
4. From ADS Users and Computers MMC, right click on one of the groups and select properties.
5. Change the value in the Group Name field.
6. Click on the members tab
7. Remove one of the member.
8. From the DS console, configuration tab, select the sync agreement.
9. Right click and select Send and Recieve Updates Now.
  
Actual results:
Segmentation Fault and server crashes

Expected results:
Successful update.

Additional info:

More configuration information:

RHEL5 - 32BIT
Sync Agreement configured with TLS/SSL over LDAPS.

Comment 1 Jenny Severance 2009-01-22 21:33:57 UTC
Additional Information:

Crash is occurring when just a member has been removed from ADS and then a DS update is initiated.

If a group member is removed from the DS console and an update initiated, it is never updated in ADS.

Comment 2 Jenny Severance 2009-01-22 21:41:01 UTC
Another revelation:

This is only occurring if the group is defined in ADS as a Distribution Group.  If the group is a security group, membership changes are updated correctly.

Comment 3 Jenny Severance 2009-01-22 21:47:53 UTC
Found this information:

* Security: Security groups allow you to manage user and computer access to shared resources. You can also control who receives group policy settings. This simplifies administration by allowing you to set permissions once on multiple computers, then to change the membership of the group as your needs change. The change in group membership automatically takes effect everywhere. You can also use these groups as email distribution lists.

 * Distribution: Distribution groups are intended to be used solely as email distribution lists. These lists are for use with email applications such as Microsoft Exchange or Outlook. You can add and remove contacts from the list so that they will or will not receive email sent to the distribution group. You can't use distribution groups to assign permissions on any objects, and you can't use them to filter group policy settings.

Comment 4 Jenny Severance 2009-01-23 13:49:29 UTC
This is also occuring trying to sync nested groups:

Parent Group - Security Group - Domain Local
Child Group - Security Group - Global

Comment 5 Rich Megginson 2009-01-26 15:47:33 UTC
Created attachment 329993 [details]
diffs

Comment 6 Rich Megginson 2009-01-26 17:35:47 UTC
Created attachment 330006 [details]
cvs commit log

Reviewed by: nkinder (Thanks!)
Fix Description: I broke this with my earlier fix about sending mods to AD.  There are calls which reset the raw entry from AD before the call to mod_already_made.  The fix is to only retrieve the raw entry just before we use it, after it may have been reset. I also found a memory leak in the mod init with valueset function I added for the prior fix.
Platforms tested: RHEL5
Flag Day: no
Doc impact: no

Comment 7 Jenny Severance 2009-03-16 16:21:34 UTC
fix verified RHEL 5 - DS 8.1 - group memberships synchronized passsync v 1.1.0

Comment 8 Chandrasekar Kannan 2009-04-29 23:09:48 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2009-0455.html


Note You need to log in before you can comment on or make changes to this bug.