Description of problem: $ ldapmodify -D 'cn=directory manager' -w pw dn: dc=example,dc=com changetype: modrdn newrdn: dc=new,dc=com deleteoldrdn: -1 modifying RDN of entry dc=example,dc=com ldap_rename: Invalid DN syntax ldap_rename: additional info: invalid RDN $ ldapmodify -D 'cn=directory manager' -w pw dn: dc=example,dc=com changetype: modrdn newrdn: dc=new deleteoldrdn: -1 modifying RDN of entry dc=example,dc=com ldap_rename: DSA is unwilling to perform ldap_rename: additional info: Cannot move entries accross backends The right error code/message should be ldap_rename: DSA is unwilling to perform ldap_rename: additional info: Renaming suffix is not allowed
(In reply to comment #0) > Description of problem: > $ ldapmodify -D 'cn=directory manager' -w pw > dn: dc=example,dc=com > changetype: modrdn > newrdn: dc=new,dc=com > deleteoldrdn: -1 > > modifying RDN of entry dc=example,dc=com > ldap_rename: Invalid DN syntax > ldap_rename: additional info: invalid RDN This case is failing since "dc=new,dc=com" is NOT a valid RDN. There is no way to specify new suffix separated with comma. > $ ldapmodify -D 'cn=directory manager' -w pw > dn: dc=example,dc=com > changetype: modrdn > newrdn: dc=new > deleteoldrdn: -1 > > modifying RDN of entry dc=example,dc=com > ldap_rename: DSA is unwilling to perform > ldap_rename: additional info: Cannot move entries accross backends This error is detected in mapping_tree.c: 2226 int slapi_mapping_tree_select_and_check(Slapi_PBlock *pb,char *newdn, Slapi _Backend **be, Slapi_Entry **referral, char *errorbuf) [...] 2265 if ((*be) && ((*be != new_be) || mtn_sdn_has_child(target_sdn))) 2266 { 2267 ret = LDAP_UNWILLING_TO_PERFORM; 2268 PR_snprintf(errorbuf, BUFSIZ, "Cannot move entries accross backends \n"); 2269 goto unlock_and_return; 2270 } Backend for the new suffix "dc=new,dc=com" has not been created, "new_be" is almost an empty backend. LDAP_UNWILLING_TO_PERFORM is a proper error code, but "Cannot move entries across backends" does not describe the cause of the error correctly.
Created attachment 387689 [details] git patch file [Fix Description] If the target dn of the modrdn operation is a suffix, check if the new dn already exists or not. If it exists, it returns LDAP_ALREADY_EXISTS. If the backend associated with the new dn does not exist, it returns LDAP_NO_SUCH_OBJECT. Otherwise, it returns LDAP_NAMING_VIOLATION. If the target dn of the modrdn is attempted to move across backends, it returns LDAP_AFFECTS_MULTIPLE_DSAS instead of LDAP_UNWILLING_TO_PERFORM. Modrdn (op_shared_rename) was logging the parameter errors in the clients request as SLAPI_LOG_FATAL. Reduced the level to SLAPI_LOG_ARGS. Also, replaced ldap_explode_dn with slapi_dn_syntax_check to verify the newsuperior. By the replacement, 2 bugs in slapi_dn_syntax_check were found. 1) The key for the DN in the hashtable of the attribute syntax has to be "distinguishedName". 2) Argument type for plg_syntax_validate was not correct. [Test Results] 1. Suffix dc=com (backend "com") 1-1. Sub suffix dc=example,dc=com (independent backend "example") Sub suffix dc=test,dc=com (independent backend "test") a) rename dc=example to existing RDN dc=test dn: dc=example,dc=com changetype: modrdn newrdn: dc=test deleteoldrdn: -1 modifying RDN of entry dc=example,dc=com ldap_rename: Already exists ldap_rename: additional info: Suffix "dc=test,dc=com" already exists b) rename dc=example to non-existing RDN dc=bogus dn: dc=example,dc=com changetype: modrdn newrdn: dc=bogus deleteoldrdn: -1 modifying RDN of entry dc=example,dc=com ldap_rename: Naming violation ldap_rename: additional info: Cannot rename suffix "dc=example,dc=com" 1-2. Both dc=example,dc=com and dc=test,dc=com are in the backend "com" a) rename dc=example to existing RDN dc=test dn: dc=example,dc=com changetype: modrdn newrdn: dc=test deleteoldrdn: -1 modifying RDN of entry dc=example,dc=com ldap_rename: Already exists b) rename dc=example to non-existing RDN dc=bogus dn: dc=example,dc=com changetype: modrdn newrdn: dc=bogus deleteoldrdn: -1 modifying RDN of entry dc=example,dc=com # SUCCESS 1-3. Sub suffix dc=example,dc=com (independent backend "example") dc=test,dc=com is in the backend "com" a) rename dc=example to existing RDN dc=test dn: dc=example,dc=com changetype: modrdn newrdn: dc=test deleteoldrdn: -1 modifying RDN of entry dc=example,dc=com ldap_rename: Naming violation ldap_rename: additional info: Cannot rename suffix "dc=example,dc=com" b) rename dc=example to non-existing RDN dc=bogus dn: dc=example,dc=com changetype: modrdn newrdn: dc=bogus deleteoldrdn: -1 modifying RDN of entry dc=example,dc=com ldap_rename: Naming violation ldap_rename: additional info: Cannot rename suffix "dc=example,dc=com" 2. dc=com does not exist Suffix dc=example,dc=com (independent backend "example") Suffix dc=test,dc=com (independent backend "test") a) rename dc=example to existing RDN dc=test dn: dc=example,dc=com changetype: modrdn newrdn: dc=test deleteoldrdn: -1 modifying RDN of entry dc=example,dc=com ldap_rename: Already exists ldap_rename: additional info: Suffix "dc=test,dc=com" already exists b) rename dc=example to non-existing RDN dc=bogus dn: dc=example,dc=com changetype: modrdn newrdn: dc=bogus deleteoldrdn: -1 modifying RDN of entry dc=example,dc=com ldap_rename: No such object ldap_rename: additional info: Backend for suffix "dc=bogus,dc=com" does not exist 3. Attempt to move an entry across the backend Suffix dc=example,dc=com (independent backend "example") Suffix dc=test,dc=com (independent backend "test") dn: uid=LNestor999,ou=Product Development,dc=example,dc=com changetype: modrdn newrdn: uid=LNestor999 deleteoldrdn: -1 newsuperior: dc=test,dc=com modifying RDN of entry uid=LNestor999,ou=Product Development,dc=example,dc=com and/or moving it beneath a new parent ldap_rename: Affects multiple servers ldap_rename: additional info: Cannot move entries accross backends
Reviewed by Nathan (Thank you!!!) Pushed to master. $ git merge work Updating 246527f..1378b05 Fast forward ldap/servers/slapd/mapping_tree.c | 51 +++++++++++++++++++++++++++++++++--- ldap/servers/slapd/modrdn.c | 25 ++++++++---------- ldap/servers/slapd/plugin_syntax.c | 4 +- 3 files changed, 60 insertions(+), 20 deletions(-) $ git push Counting objects: 15, done. Delta compression using 4 threads. Compressing objects: 100% (8/8), done. Writing objects: 100% (8/8), 1.98 KiB, done. Total 8 (delta 6), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git 246527f..1378b05 master -> master
Created attachment 511922 [details] DS-Console_SS Hi Noriko, Currently, I am having two sub suffixes with same name with different backed: namingContexts: dc=simplepaged,dc=com - simpledDB namingContexts: dc=SubSuffix,dc=simplepaged,dc=com - simpleSubnewDB namingContexts: dc=SubSufix,dc=simplepaged,dc=com -simpleSubDB Is it correct? Also when I am trying the first test scenario in comment#3, I am facing issue like : 1. I have added in DIT as : 1. Suffix dc=com (backend "com") 1-1. Sub suffix dc=example,dc=com (independent backend "example") Sub suffix dc=test,dc=com (independent backend "test") 2. When I am doing [root@rhel61 home]# ldapmodify -x -h localhost -p 1389 -D "cn=Directory Manager" -w Secret123 << EOF dn: dc=example,dc=com changetype: modrdn newrdn: dc=test deleteoldrdn: -1 EOF It is giving me below error ============================= modifying rdn of entry "dc=example,dc=com" ldap_rename: Naming violation (64) additional info: Cannot rename suffix "dc=example,dc=com" Instead of ========== modifying RDN of entry dc=example,dc=com ldap_rename: Already exists ldap_rename: additional info: Suffix "dc=test,dc=com" already exists and When I am checking the existence of suffix by ldapsearch -x -p 1389 -h localhost -D "cn=Directory Manager" -w Secret123 -b "" -s base "objectclass=*" This also gives me : dn: objectClass: top namingContexts: dc=com namingContexts: dc=example,dc=com namingContexts: dc=simplepaged,dc=com namingContexts: dc=SubSuffix,dc=simplepaged,dc=com namingContexts: dc=SubSufix,dc=simplepaged,dc=com namingContexts: o=netscaperoot NOTE :dc=test,dc=com is missing here above. But check the DS CONSOLE screen shot, PFA for the screen shot, It shows the sub-suffix dc=test,dc=com. Note: I have added the suffix and sub-suffixes using console, but that should not be an issue.
It works for me. $ ldapsearch -LLLx -D 'cn=directory manager' -w pw -b "" -s base namingContexts dn: namingContexts: dc=com namingContexts: dc=test,dc=com namingContexts: dc=example,dc=com namingContexts: o=netscaperoot $ ldapmodify -x -D 'cn=directory manager' -w pw dn: dc=example,dc=com changetype: modrdn newrdn: dc=test deleteoldrdn: -1 modifying rdn of entry "dc=example,dc=com" ldap_rename: Already exists (68) additional info: Suffix "dc=test,dc=com" already exists If your server is the same one as you attached the screenshot, you don't have dc=test,dc=com (but dc=test,dc=com,dc=com).
Based on comment#6, marking the bug as VERIFIED.