Bug 483256 - DS crash when modify entry that does not exist in AD
DS crash when modify entry that does not exist in AD
Status: CLOSED CURRENTRELEASE
Product: Red Hat Directory Server
Classification: Red Hat
Component: winsync (Show other bugs)
8.1
All Linux
medium Severity high
: ---
: ---
Assigned To: Rich Megginson
Chandrasekar Kannan
:
Depends On:
Blocks: 249650 FDS1.2.0
  Show dependency treegraph
 
Reported: 2009-01-30 10:16 EST by Jenny Galipeau
Modified: 2015-01-04 18:36 EST (History)
2 users (show)

See Also:
Fixed In Version: 8.1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-04-29 19:10:04 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
diffs (1.40 KB, patch)
2009-02-04 13:23 EST, Rich Megginson
no flags Details | Diff
cvs commit log (242 bytes, text/plain)
2009-02-04 15:41 EST, Rich Megginson
no flags Details

  None (edit)
Description Jenny Galipeau 2009-01-30 10:16:43 EST
Description of problem:
When adding a sub user entry under a user entry that is a member of another group and syncing to Windows, it causes a segmentation fault and crashes the Directory Server.

Version-Release number of selected component (if applicable):
8.1

How reproducible:


Steps to Reproduce:
1. Set up Windows Synchronization
2. In DS, under a user entry A, add another user B. Then add user entry A to a group
3. Initiate send and receive updates
  
Actual results:
[30/Jan/2009:07:20:59 -0800] - windows_search_entry: recieved 1 messages, 0 entries, 0 references
[30/Jan/2009:07:20:59 -0800] NSMMReplicationPlugin - agmt="cn=ADS" (jennyv3:636): map_entry_dn_outbound: entry not found - rc 0
./start-slapd: line 43: 11503 Segmentation fault      ./ns-slapd -D /etc/dirsrv/slapd-ivanova -i $PIDFILE -w $STARTPIDFILE "$@"


Expected results:
successful syncronization of users and group members

Additional info:

In my test:
1st user was already synchronized and added both users to a group.
Comment 1 Jenny Galipeau 2009-02-02 09:31:45 EST
Results from gdb stack trace:

(gdb) c
Continuing.
[Thread 1137219936 (LWP 30091) exited]
[New Thread 1137219936 (LWP 5507)]

[Thread 1137219936 (LWP 5507) exited]
[New Thread 1137219936 (LWP 5526)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1137219936 (LWP 5526)]
0x0000002a955a275e in ?? ()
(gdb) 
Continuing.

Program terminated with signal SIGSEGV, Segmentation fault.
The program no longer exists.
(gdb) bt
No stack.
Comment 2 Jenny Galipeau 2009-02-02 09:35:47 EST
sorry - little more explaination:

First seg fault - users being synced already existed in ADS, I realized that was not the setup - deleted all the users from ADS, redid agreement, and set up for sync again - this time seg fault crashed the server.  But no stack trace.
Comment 3 Rich Megginson 2009-02-03 16:21:05 EST
I've tried to reproduce this - I could not.  Steps:
1) Set up winsync agreement
2) Add user A to DS like this:
uid=testuserA,ou=people,suffix
The user was successfully created in AD
3) Add user B to DS like this:
uid=testuserB,uid=testuserA,ou=people,suffix
The user was _not_ created in AD - because the DN in AD is changed to something like this: cn=Test UserA,cn=Users,suffix
So I'm not sure how to reproduce this part of the test - when the test adds users to DS, does it add them as cn=User NameA,ou=people,suffix?  If so, then that could work, since it will use the same DN on DS as on AD
4) Added cn=testgroup,ou=people,suffix to DS with uniqueMember: uid=testuserA,ou=people,suffix and uid=testuserB,uid=testuserA,ou=people,suffix
The group was added to AD with only testuserA as a member (since testuserB did not get synced over)

So I could not reproduce the bug, but I'm not sure I followed the correct steps - where is the test plan/script for this bug?
Comment 4 Rich Megginson 2009-02-03 16:52:08 EST
I tried the cn=Test UserA naming style above - when I tried to add testuserB, I got the following error from AD:
[03/Feb/2009:14:48:48 -0700] - Attempting to add entry cn=Test User7,cn=Test User6,cn=Users,dc=testdomain,dc=com to AD for local entry cn=Test User7,cn=Test User6,ou=people,dc=testdomain,dc=com
[03/Feb/2009:14:48:48 -0700] NSMMReplicationPlugin - agmt="cn=meTowin2k3svr389" (win2k3svr:389): Received result code 64 (00002099: NameErr: DSID-03050EB2, problem 2005 (NAMING_VIOLATION), data 0, best match of:     'cn=Test User6,cn=Users,dc=testdomain,dc=com' ) for add operation
[03/Feb/2009:14:48:48 -0700] NSMMReplicationPlugin - agmt="cn=meTowin2k3svr389" (win2k3svr:389): windows_replay_update: Cannot replay add operation.

So it looks as though AD does not allow you to add a user under another user, or something like that.  However, testuserA and the group were both added to AD correctly.  So I'm still not sure if I'm following the correct steps, or if I just can't reproduce the bug.
Comment 5 Rich Megginson 2009-02-04 13:23:26 EST
Created attachment 330901 [details]
diffs
Comment 6 Rich Megginson 2009-02-04 15:41:03 EST
Created attachment 330919 [details]
cvs commit log

Reviewed by: nkinder (Thanks!)
Fix Description: The function that checks to see if the mod has already been made to the AD entry should just return 0 if the AD entry does not exist or could not be found - in this case, the regular windows replay code will handle it.
Platforms tested: RHEL5
Flag Day: no
Doc impact: no
Comment 7 Jenny Galipeau 2009-03-18 13:17:21 EDT
fix verified RHEL 5 DS 8.1 - Windows 2003 Enterprise passsync 1.1.0
Comment 8 Chandrasekar Kannan 2009-04-29 19:10:04 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2009-0455.html

Note You need to log in before you can comment on or make changes to this bug.