Bug 519791 - CoS attributes aren't returned in slapi_search_internal_get_entry()
Summary: CoS attributes aren't returned in slapi_search_internal_get_entry()
Alias: None
Product: 389
Classification: Retired
Component: Database - Indexes/Searches
Version: 1.2.1
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Noriko Hosoi
QA Contact: Chandrasekar Kannan
Depends On:
Blocks: 389_1.2.3
TreeView+ depends on / blocked
Reported: 2009-08-27 19:35 UTC by Rob Crittenden
Modified: 2015-01-04 23:40 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2009-09-25 20:02:01 UTC

Attachments (Terms of Use)

Description Rob Crittenden 2009-08-27 19:35:25 UTC
Description of problem:

This is in the context of IPA.

I have an extended operation plugin that implements password policy using the kerberos password policy attributes. I wanted to add a Class of Service template so I could do per-group policy based on memberOf. So I created the CoS templates and verified that a user in the group had the right value.

The CoS looks like this:

dn: cn=Password Policy,cn=accounts,dc=example,dc=com
description: Password Policy based on group membership
objectClass: top
objectClass: ldapsubentry
objectClass: cosSuperDefinition
objectClass: cosClassicDefinition
cosTemplateDn: cn=cosTemplates,cn=accounts,dc=example,dc=com
cosAttribute: krbPwdPolicyReference
cosSpecifier: memberOf

dn: cn="cn=group1,cn=groups,cn=accounts,dc=example,dc=com", cn=cosTemplates,cn=accounts,dc=example,dc=com
objectClass: top
objectClass: cosTemplate
objectClass: extensibleobject
objectClass: krbContainer
krbPwdPolicyReference: cn="cn=group1,cn=groups,cn=accounts,dc=example,dc=com",
cosPriority: 1

And to be sure that the attr is there:

% ldapsearch -x -b "dc=example,dc=com" uid=tuser1 krbPwdPolicyReference
dn: uid=tuser1,cn=users,cn=accounts,dc=example,dc=com
krbPwdPolicyReference: cn="cn=group1,cn=groups,cn=accounts,dc=example,dc=com",

Ok. So in my extended op plugin I want to pull the right policy so I first look in the entry for the krbPwdPolicyReference attribute.

I'm getting the entry with slapi_search_internal_get_entry() and explicitly including the attribute in the attrlist. I've tried both with the attribute as operational and not.

It appears that CoS isn't getting fired off on internal searches.

Note that I also tried with nsAccountLock but we have a similar CoS template for that. I had the same results, no attribute returned.

Version-Release number of selected component (if applicable):


Comment 3 Rich Megginson 2009-09-25 20:02:01 UTC
After reviewing the code, I think this is not a bug.  In order to get the value of virtual attributes, you have to use the vattr interfaces like slapi_vattr_values_get()/slapi_vattr_values_free().  Closing as not a bug.  Please reopen it if necessary.

Note You need to log in before you can comment on or make changes to this bug.