Bug 497439 – attribute uniqueness plugin: modrdn with deleteoldrdn=0 allows the entry to keep multiple attribute values even though the attribute uniqueness plugin is set agaist the attribute

Bug 497439 - attribute uniqueness plugin: modrdn with deleteoldrdn=0 allows the entry to keep multiple attribute values even though the attribute uniqueness plugin is set agaist the attribute

Summary:	attribute uniqueness plugin: modrdn with deleteoldrdn=0 allows the entry to k...

Status:	CLOSED WORKSFORME

Aliases:	None

Product:	389
Classification:	Community
Component:	Server - Plugins (Show other bugs)
Sub Component:
Version:	1.2.0
Hardware:	All Linux

Priority	high Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Noriko Hosoi
QA Contact:	Chandrasekar Kannan
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:	434915 389_1.3.0
	Show dependency tree / graph

Reported:	2009-04-23 17:37 EDT by Noriko Hosoi
Modified:	2015-01-04 18:37 EST (History)
CC List:	3 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2010-08-03 17:30:30 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Noriko Hosoi 2009-04-23 17:37:19 EDT

Description of problem:

I enabled the attribute uniqueness plugin.  Now, you cannot add another uid value.  It fails with "ldap_add: Already exists".  But you could do modrdn with delelteoldrdn=0, which allows the entry having multiple uid values even if the uniqueness plugin is on.  I think this is a bug of attribute uniqueness plugin, which most likely does not prevent the add from some internal operation.

Comment 1 Noriko Hosoi 2010-08-03 17:30:30 EDT

The report is based upon misunderstanding the attribute uniqueness plugin, which is supposed to enforce unique attribute values.

dn: cn=attribute uniqueness,cn=plugins,cn=config
nsslapd-pluginEnabled: on

Having these 2 entries in DB:
  dn: uid=nuuser0,ou=newOU,dc=example,dc=com
  uid: uuser0
  uid: uuser1
  uid: nuuser0
  givenName: new
  objectClass: top
  objectClass: person
  objectClass: organizationalPerson
  objectClass: inetorgperson
  sn: user0
  cn: uniq user0
 
  dn: uid=uuser2,ou=newOU,dc=example,dc=com
  uid: uuser2
  givenName: new
  objectClass: top
  objectClass: person
  objectClass: organizationalPerson
  objectClass: inetorgperson
  sn: user2
  cn: uniq user2

Modrdn the second entry to one of the UIDs in the first entry:
  dn: uid=uuser2,ou=newOU,dc=example,dc=com
  changetype: modrdn
  newrdn: uid=uuser0
  deleteoldrdn: 0
 
  modifying RDN of entry uid=uuser2,ou=newOU,dc=example,dc=com
  ldap_rename: Constraint violation
  ldap_rename: additional info: Another entry with the same attribute value already exists

Note You need to log in before you can comment on or make changes to this bug.