User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729) MODRDN operation does not generate the corresponding log line in access log Reproducible: Always Steps to Reproduce: 1. Import export.ldif by ldif2db 2. Make modrdn with modrdn.ldif /usr/bin/ldapmodify -x -D 'cn=Director Manager' -w '<mdp>' -f modrdn.ldif 3. Watch the access log, op=1 Actual Results: [14/Mar/2010:14:16:01 +0100] conn=7 fd=128 slot=128 connection from 127.0.0.1 to 127.0.0.1 [14/Mar/2010:14:16:01 +0100] conn=7 op=0 BIND dn="cn=Directory Manager" method=128 version=3 [14/Mar/2010:14:16:01 +0100] conn=7 op=0 RESULT err=0 tag=97 nentries=0 etime=0.010000 dn="cn=Directory Manager" [14/Mar/2010:14:16:01 +0100] conn=7 op=1 RESULT err=0 tag=109 nentries=0 etime=0.002000 [14/Mar/2010:14:16:01 +0100] conn=7 op=2 UNBIND [14/Mar/2010:14:16:01 +0100] conn=7 op=2 fd=128 closed - U1 Expected Results: Additional MODRDN line in logs like [01/Feb/2010:14:47:10 +0100] conn=439077 op=4 MODRDN dn="uid=toto,ou=users,dc=example,dc=com" newrdn="uid=tata" newsuperior="ou=users,dc=example,dc=com" The tag=109 corresponds to the result of moddn operation, so the RESULT part of the operation is logged, only the MODRDN part is absent.
Andrey, could you provide the content of modrdn.ldif? Did you try this with a regular ldapmodrdn tool as well? Thanks.
The modrdn.ldif file contains any modrdn operation (without changing the superior). Here is how to reproduce it with ldapmodrdn : * import the attached ldif file into the directory server: service dirsrv stop; /usr/lib64/dirsrv/slapd-krb5test/ldif2db -n userRoot -i modrdn-logs-bug.ldif ; service dirsrv start * Make the MODRDN operation: ldapmodrdn -x -h localhost -D "cn=Directory Manager" -w secret123 uid=TVradmin0,ou=Accounting,dc=example,dc=com uid=CoolAdmin * Watch the access log : tail -f /var/log/dirsrv/slapd-<slapd-id>/access The result is: [17/Mar/2010:08:16:08 +0100] conn=2 fd=64 slot=64 connection from 127.0.0.1 to 127.0.0.1 [17/Mar/2010:08:16:08 +0100] conn=2 op=0 BIND dn="cn=Directory Manager" method=128 version=3 [17/Mar/2010:08:16:08 +0100] conn=2 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [17/Mar/2010:08:16:08 +0100] conn=2 op=1 RESULT err=0 tag=109 nentries=0 etime=0 [17/Mar/2010:08:16:08 +0100] conn=2 op=2 UNBIND [17/Mar/2010:08:16:08 +0100] conn=2 op=2 fd=64 closed - U1
Created attachment 400653 [details] Import this file to reproduce the bug
Created attachment 400654 [details] Test case
Created attachment 400890 [details] 0001-Bug-573375-MODRDN-operation-not-logged.patch
Comment on attachment 400890 [details] 0001-Bug-573375-MODRDN-operation-not-logged.patch Ack. Thanks for fixing the bug, Endi!
Pushed to master on behalf of Endi. $ git push Counting objects: 11, done. Delta compression using up to 2 threads. Compressing objects: 100% (6/6), done. Writing objects: 100% (6/6), 740 bytes, done. Total 6 (delta 4), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git 0cd1fc4..d06cce8 master -> master $ git log commit d06cce8da19faba2a8d664c28123cda5808610c9 Author: Endi S. Dewata <edewata> Date: Wed Mar 17 16:05:53 2010 -0500 Bug 573375 - MODRDN operation not logged https://bugzilla.redhat.com/show_bug.cgi?id=573375 Resolves: bug 573375 Bug Description: MODRDN operation not logged Fix Description: The slapi_log_access() should be invoked using LDAP_DEBUG_STATS, LDAP_DEBUG_STATS2, or LDAP_DEBUG_ARGS level. commit 0cd1fc49e67e396cf5391a591c83fd1ad0df9d2b [...]
Pushed to Directory_Server_8_2_Branch. $ git cherry-pick d06cce8da19faba2a8d664c28123cda5808610c9 Finished one cherry-pick. [ds82-local 2e7f973] Bug 573375 - MODRDN operation not logged 1 files changed, 2 insertions(+), 2 deletions(-) $ git log commit 2e7f9732cdc84a4b2d458aae4bc09f8de7b59a73 Author: Endi S. Dewata <edewata> Date: Wed Mar 17 16:05:53 2010 -0500 Bug 573375 - MODRDN operation not logged https://bugzilla.redhat.com/show_bug.cgi?id=573375 Resolves: bug 573375 Bug Description: MODRDN operation not logged Fix Description: The slapi_log_access() should be invoked using LDAP_DEBUG_STATS, LDAP_DEBUG_STATS2, or LDAP_DEBUG_ARGS level. $ git push origin ds82-local:Directory_Server_8_2_Branch Counting objects: 11, done. Delta compression using 4 threads. Compressing objects: 100% (6/6), done. Writing objects: 100% (6/6), 730 bytes, done. Total 6 (delta 4), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git a30b3bd..2e7f973 ds82-local -> Directory_Server_8_2_Branch
verified - RHEL 4 - modrdn operation logged. version: redhat-ds-base-8.2.0-2010060704.el4dsrv [07/Jun/2010:14:41:51 -0400] conn=2 fd=64 slot=64 connection from 10.16.98.157 to 10.16.98.157 [07/Jun/2010:14:41:51 -0400] conn=2 op=0 BIND dn="cn=Directory Manager" method=128 version=3 [07/Jun/2010:14:41:51 -0400] conn=2 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [07/Jun/2010:14:41:51 -0400] conn=2 op=1 MODRDN dn="uid=TVradmin0,ou=Accounting,dc=example,dc=com" newrdn="uid=CoolAdmin" newsuperior="(null)" [07/Jun/2010:14:41:51 -0400] conn=2 op=1 RESULT err=0 tag=109 nentries=0 etime=0 [07/Jun/2010:14:41:51 -0400] conn=2 op=2 UNBIND [07/Jun/2010:14:41:51 -0400] conn=2 op=2 fd=64 closed - U1 and successful # ldapsearch -x -h `hostname` -p 389 -D "cn=Directory Manager" -w Secret123 -b "uid=CoolAdmin,ou=Accounting,dc=example,dc=com" dn uid # extended LDIF # # LDAPv3 # base <uid=CoolAdmin,ou=Accounting,dc=example,dc=com> with scope sub # filter: (objectclass=*) # requesting: dn uid # # CoolAdmin, Accounting, example.com dn: uid=CoolAdmin,ou=Accounting,dc=example,dc=com uid: TVradmin0 uid: CoolAdmin # search result search: 2 result: 0 Success # numResponses: 2