Bug 481223 - Removing Group Member in ADS and Send and Recieve Updates Crashes the Directory Server
Removing Group Member in ADS and Send and Recieve Updates Crashes the Directo...
Status: CLOSED CURRENTRELEASE
Product: Red Hat Directory Server
Classification: Red Hat
Component: winsync (Show other bugs)
8.1
All Linux
high Severity high
: ---
: ---
Assigned To: Rich Megginson
Chandrasekar Kannan
:
Depends On:
Blocks: 249650 FDS1.2.0
  Show dependency treegraph
 
Reported: 2009-01-22 15:55 EST by Jenny Galipeau
Modified: 2015-01-04 18:36 EST (History)
2 users (show)

See Also:
Fixed In Version: 8.1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-04-29 19:09:48 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
diffs (6.05 KB, patch)
2009-01-26 10:47 EST, Rich Megginson
no flags Details | Diff
cvs commit log (412 bytes, text/plain)
2009-01-26 12:35 EST, Rich Megginson
no flags Details

  None (edit)
Description Jenny Galipeau 2009-01-22 15:55:56 EST
Description of problem:
After successful syncronization of users/groups and memberships, subsequently changing the the group name and removing a member in ADS and initiating an update results in Segmentation fault and crashes the Directory Server.

Version-Release number of selected component (if applicable):
8.1

How reproducible:
Always

Steps to Reproduce:
1. Create a window sync agreement that synchronizes both users and groups.
2. Add users and groups to ADS. Add members to the groups.
3. Verify they are sychronized to DS
4. From ADS Users and Computers MMC, right click on one of the groups and select properties.
5. Change the value in the Group Name field.
6. Click on the members tab
7. Remove one of the member.
8. From the DS console, configuration tab, select the sync agreement.
9. Right click and select Send and Recieve Updates Now.
  
Actual results:
Segmentation Fault and server crashes

Expected results:
Successful update.

Additional info:

More configuration information:

RHEL5 - 32BIT
Sync Agreement configured with TLS/SSL over LDAPS.
Comment 1 Jenny Galipeau 2009-01-22 16:33:57 EST
Additional Information:

Crash is occurring when just a member has been removed from ADS and then a DS update is initiated.

If a group member is removed from the DS console and an update initiated, it is never updated in ADS.
Comment 2 Jenny Galipeau 2009-01-22 16:41:01 EST
Another revelation:

This is only occurring if the group is defined in ADS as a Distribution Group.  If the group is a security group, membership changes are updated correctly.
Comment 3 Jenny Galipeau 2009-01-22 16:47:53 EST
Found this information:

* Security: Security groups allow you to manage user and computer access to shared resources. You can also control who receives group policy settings. This simplifies administration by allowing you to set permissions once on multiple computers, then to change the membership of the group as your needs change. The change in group membership automatically takes effect everywhere. You can also use these groups as email distribution lists.

 * Distribution: Distribution groups are intended to be used solely as email distribution lists. These lists are for use with email applications such as Microsoft Exchange or Outlook. You can add and remove contacts from the list so that they will or will not receive email sent to the distribution group. You can't use distribution groups to assign permissions on any objects, and you can't use them to filter group policy settings.
Comment 4 Jenny Galipeau 2009-01-23 08:49:29 EST
This is also occuring trying to sync nested groups:

Parent Group - Security Group - Domain Local
Child Group - Security Group - Global
Comment 5 Rich Megginson 2009-01-26 10:47:33 EST
Created attachment 329993 [details]
diffs
Comment 6 Rich Megginson 2009-01-26 12:35:47 EST
Created attachment 330006 [details]
cvs commit log

Reviewed by: nkinder (Thanks!)
Fix Description: I broke this with my earlier fix about sending mods to AD.  There are calls which reset the raw entry from AD before the call to mod_already_made.  The fix is to only retrieve the raw entry just before we use it, after it may have been reset. I also found a memory leak in the mod init with valueset function I added for the prior fix.
Platforms tested: RHEL5
Flag Day: no
Doc impact: no
Comment 7 Jenny Galipeau 2009-03-16 12:21:34 EDT
fix verified RHEL 5 - DS 8.1 - group memberships synchronized passsync v 1.1.0
Comment 8 Chandrasekar Kannan 2009-04-29 19:09:48 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2009-0455.html

Note You need to log in before you can comment on or make changes to this bug.