Description of problem: If you upgrade an old version using entrydn (389 v1.2.5 and older) to the newer one v.1.2.6, entrydn index is converted to entryrdn index. But the upgrade tool does not touch the attribute in the entries upgraded from the older version. For instance, searching an upgraded entry with the attribute list containing entrydn shows the old value: ldapsearch -b "o=ace industry,c=us" '(seeAlso=cn="a=abc0,x=xyz",o=ace industry,c=us)' cn seeAlso entrydn dn: cn=a\3Dabc\2Cx\3Dxyz,o=ace industry,c=us cn: a=abc,x=xyz cn: "a=abc,x=xyz" seeAlso: cn=a\3Dabc0\2Cx\3Dxyz,o=ace industry,c=us seeAlso: cn=a\3DABC1\2Cx\3DXYZ,o=ace industry,c=US seeAlso: cn=NORMAL RDN,o=ace industry,c=us entrydn: cn=a=abc\2Cx=xyz,o=ace industry,c=us <=== LEFTOVER If you add a new entry, it does not have such an attribute any more. That gives us an inconsistent experience. ldapsearch -b "o=ace industry,c=us" '(cn="p=pqr,x=xyz")' cn seeAlso entrydn dn: cn=p\3Dpqr\2Cx\3Dxyz,o=ace industry,c=us cn: p=pqr,x=xyz cn: "p=pqr,x=xyz" seeAlso: cn=p\3D123\2Cp\3Dpqr\2Cx\3Dxyz,o=ace industry,c=us seeAlso: cn=pqr \22456\22,o=ace industry,c=us seeAlso: cn=NORMAL RDN,o=ace industry,c=us Side note: There is a bug opened related to this issue. Bug 578296 - Attribute type entrydn needs to be added when subtree rename switch is on.
Created attachment 454233 [details] git patch file (master) Description: If entries created by the 389 v1.2.5 or older, the primary db (id2entry.db4) contains "entrydn: <normalized dn>". Upgrading from the old version to v1.2.6 keeps the entrydn attribute type and its value even though v1.2.6 is not supposed to store the entrydn in the database. 1) This patch drops the entrydn attribute and value in upgrading the db. 2) If an ldif file contains entrydn attribute type and value, import (ldif2db[.pl]) ignores it. 3) A leak was found in the export (db2ldif[.pl]) which is fixed. 4) When nsslapd-subtree-rename-switch configuration attribute has the value "on", entrydn is not used nor created. But the server accepted reindexing entrydn request and generated an entrydn index file. This patch rejects it. 5) Entry and dn cache clear calls (cache_clear) are added to dblayer_instance_close in "#if defined(_USE_VALGRIND)", which is not defined. To enable the code, the server needs to be rebuilt with defining the macro. This is purely for debugging. Files: ldap/servers/slapd/back-ldbm/dblayer.c ldap/servers/slapd/back-ldbm/id2entry.c ldap/servers/slapd/back-ldbm/import-threads.c ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c ldap/servers/slapd/back-ldbm/ldif2ldbm.c ldap/servers/slapd/entry.c ldap/servers/slapd/slapi-plugin.h
Reviewed by Rich (Thank you!!) Pushed to master. $ git merge 592397 Updating 6160200..f0e4ce1 Fast-forward ldap/servers/slapd/back-ldbm/dblayer.c | 11 ++++ ldap/servers/slapd/back-ldbm/id2entry.c | 20 +++++--- ldap/servers/slapd/back-ldbm/import-threads.c | 9 ++-- ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c | 2 +- ldap/servers/slapd/back-ldbm/ldif2ldbm.c | 62 ++++++++++++++++++------ ldap/servers/slapd/entry.c | 13 +++++ ldap/servers/slapd/slapi-plugin.h | 12 +++++ 7 files changed, 101 insertions(+), 28 deletions(-) $ git push Counting objects: 25, done. Delta compression using up to 4 threads. Compressing objects: 100% (13/13), done. Writing objects: 100% (13/13), 2.94 KiB, done. Total 13 (delta 11), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git 6160200..f0e4ce1 master -> master
This bug is supposed to verify in the upgrade test. Once upgraded, run "dbscan -f /var/lib/dirsrv/slapd-ID/db/userRoot/id2entry.db4". The output entries should not include an attribute value pair "entrydn: ..." If they are not seen in the output, this bug is verified.
Followed the verification steps in Comment#5 : [root@aminew ~]# dbscan -f /var/lib/dirsrv/slapd-aminew/db/userRoot/id2entry.db4 id 1 rdn: dc=pnq,dc=redhat,dc=com nsUniqueId: 2a098224-c40d11e0-8cae874c-b7bb5e9e objectClass: top objectClass: domain dc: pnq aci: (targetattr!="userPassword")(version 3.0; acl "Enable anonymous access"; allow (read, search, compare) userdn="ldap:///anyone";) aci: (targetattr="carLicense || description || displayName || facsimileTelepho neNumber || homePhone || homePostalAddress || initials || jpegPhoto || labele dURL || mail || mobile || pager || photo || postOfficeBox || postalAddress || postalCode || preferredDeliveryMethod || preferredLanguage || registeredAddr ess || roomNumber || secretary || seeAlso || st || street || telephoneNumber || telexNumber || title || userCertificate || userPassword || userSMIMECertif icate || x500UniqueIdentifier")(version 3.0; acl "Enable self write for commo n attributes"; allow (write) userdn="ldap:///self";) aci: (targetattr ="*")(version 3.0;acl "Directory Administrators Group";allow (all) (groupdn = "ldap:///cn=Directory Administrators, dc=pnq,dc=redhat,dc=co m");) aci: (targetattr="*")(version 3.0; acl "Configuration Administrators Group"; a llow (all) groupdn="ldap:///cn=Configuration Administrators,ou=Groups,ou=Topo logyManagement,o=NetscapeRoot";) aci: (targetattr="*")(version 3.0; acl "Configuration Administrator"; allow (a ll) userdn="ldap:///uid=admin,ou=Administrators,ou=TopologyManagement,o=Netsc apeRoot";) aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all) groupdn = "l dap:///cn=slapd-aminew,cn=Red Hat Directory Server,cn=Server Group,cn=aminew. pnq.redhat.com,ou=pnq.redhat.com,o=NetscapeRoot";) creatorsName: modifiersName: cn=directory manager createTimestamp: 20110811112924Z modifyTimestamp: 20110811112926Z entryid: 1 numSubordinates: 4 id 2 rdn: cn=Directory Administrators nsUniqueId: 2a098225-c40d11e0-8cae874c-b7bb5e9e objectClass: top objectClass: groupofuniquenames cn: Directory Administrators uniqueMember: cn=Directory Manager creatorsName: modifiersName: createTimestamp: 20110811112924Z modifyTimestamp: 20110811112924Z parentid: 1 entryid: 2 id 3 rdn: ou=Groups nsUniqueId: 2a098226-c40d11e0-8cae874c-b7bb5e9e objectClass: top objectClass: organizationalunit ou: Groups creatorsName: modifiersName: createTimestamp: 20110811112924Z modifyTimestamp: 20110811112924Z parentid: 1 entryid: 3 numSubordinates: 4 id 4 rdn: ou=People nsUniqueId: 2a098227-c40d11e0-8cae874c-b7bb5e9e objectClass: top objectClass: organizationalunit ou: People aci: (targetattr ="userpassword || telephonenumber || facsimiletelephonenumber ")(version 3.0;acl "Allow self entry modification";allow (write)(userdn = "ld ap:///self");) aci: (targetattr !="cn || sn || uid")(targetfilter ="(ou=Accounting)")(version 3.0;acl "Accounting Managers Group Permissions";allow (write)(groupdn = "lda p:///cn=Accounting Managers,ou=groups,dc=pnq,dc=redhat,dc=com");) aci: (targetattr !="cn || sn || uid")(targetfilter ="(ou=Human Resources)")(ve rsion 3.0;acl "HR Group Permissions";allow (write)(groupdn = "ldap:///cn=HR M anagers,ou=groups,dc=pnq,dc=redhat,dc=com");) aci: (targetattr !="cn ||sn || uid")(targetfilter ="(ou=Product Testing)")(ver sion 3.0;acl "QA Group Permissions";allow (write)(groupdn = "ldap:///cn=QA Ma nagers,ou=groups,dc=pnq,dc=redhat,dc=com");) aci: (targetattr !="cn || sn || uid")(targetfilter ="(ou=Product Development)" )(version 3.0;acl "Engineering Group Permissions";allow (write)(groupdn = "ld ap:///cn=PD Managers,ou=groups,dc=pnq,dc=redhat,dc=com");) creatorsName: modifiersName: createTimestamp: 20110811112924Z modifyTimestamp: 20110811112924Z parentid: 1 entryid: 4 id 5 rdn: ou=Special Users nsUniqueId: 2a098228-c40d11e0-8cae874c-b7bb5e9e objectClass: top objectClass: organizationalUnit ou: Special Users description: Special Administrative Accounts creatorsName: modifiersName: createTimestamp: 20110811112924Z modifyTimestamp: 20110811112924Z parentid: 1 entryid: 5 id 6 rdn: cn=Accounting Managers nsUniqueId: 2a098229-c40d11e0-8cae874c-b7bb5e9e objectClass: top objectClass: groupOfUniqueNames cn: Accounting Managers ou: groups description: People who can manage accounting entries uniqueMember: cn=Directory Manager creatorsName: modifiersName: createTimestamp: 20110811112924Z modifyTimestamp: 20110811112924Z parentid: 3 entryid: 6 id 7 rdn: cn=HR Managers nsUniqueId: 2a09822a-c40d11e0-8cae874c-b7bb5e9e objectClass: top objectClass: groupOfUniqueNames cn: HR Managers ou: groups description: People who can manage HR entries uniqueMember: cn=Directory Manager creatorsName: modifiersName: createTimestamp: 20110811112924Z modifyTimestamp: 20110811112924Z parentid: 3 entryid: 7 id 8 rdn: cn=QA Managers nsUniqueId: 2a09822b-c40d11e0-8cae874c-b7bb5e9e objectClass: top objectClass: groupOfUniqueNames cn: QA Managers ou: groups description: People who can manage QA entries uniqueMember: cn=Directory Manager creatorsName: modifiersName: createTimestamp: 20110811112924Z modifyTimestamp: 20110811112924Z parentid: 3 entryid: 8 id 9 rdn: cn=PD Managers nsUniqueId: 2a09822c-c40d11e0-8cae874c-b7bb5e9e objectClass: top objectClass: groupOfUniqueNames cn: PD Managers ou: groups description: People who can manage engineer entries uniqueMember: cn=Directory Manager creatorsName: modifiersName: createTimestamp: 20110811112924Z modifyTimestamp: 20110811112924Z parentid: 3 entryid: 9 [root@aminew ~]# dbscan -f /var/lib/dirsrv/slapd-aminew/db/userRoot/id2entry.db4 | grep entrydn [root@aminew ~]# The output entries do not include an attribute value pair "entrydn: ..." Hence the bug is verified.