Bug 595874 - 99user.ldif getting overpopulated
99user.ldif getting overpopulated
Status: CLOSED CURRENTRELEASE
Product: 389
Classification: Community
Component: Directory Server (Show other bugs)
1.2.6
All Linux
low Severity medium
: ---
: ---
Assigned To: Rich Megginson
Viktor Ashirov
:
Depends On:
Blocks: 434914
  Show dependency treegraph
 
Reported: 2010-05-25 16:15 EDT by Rob Crittenden
Modified: 2015-12-07 11:51 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-12-07 11:51:46 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
kerberos ldif (18.61 KB, text/plain)
2010-05-25 16:15 EDT, Rob Crittenden
no flags Details
online update file (2.12 KB, text/plain)
2010-05-25 16:16 EDT, Rob Crittenden
no flags Details
0001-Bug-595874-99user.ldif-getting-overpopulated.patch (2.73 KB, patch)
2010-05-26 16:01 EDT, Rich Megginson
no flags Details | Diff

  None (edit)
Description Rob Crittenden 2010-05-25 16:15:37 EDT
Created attachment 416505 [details]
kerberos ldif

Description of problem:

After dropping in a new schema file then loading some schema online 99user.ldif gets more than just the online updates.

Version-Release number of selected component (if applicable):

389-ds-base-1.2.6-0.3.a3.fc12.x86_64

Steps to Reproduce:
1. setup-ds.pl to install new basic instance. I took all defaults.
2. cp 60kerberos.ldif to /etc/dirsrv/slapd-INSTANCE/schema
3. service dirsrv restart
4. ldapmodify -x -D "cn=Directory Manager" -W < update.ldif
  
Actual results:

99user.ldif contains the online updates as well as the contents of 60kerberos.ldif. I've also seen other attributes end up in there.

Twice I've seen:

objectClasses: ( 2.16.840.1.113730.3.2.4 NAME 'mailGroup' DESC 'mailGroup' SUP
  top STRUCTURAL MUST mail MAY ( cn $ mgrpRFC822MailMember ) X-ORIGIN 'user d
 efined' )

Expected results:

Just the online schema
Comment 1 Rob Crittenden 2010-05-25 16:16:10 EDT
Created attachment 416506 [details]
online update file
Comment 2 Rich Megginson 2010-05-26 12:43:30 EDT
mailGroup is in your update.ldif file?  That's why it ends up in 99user.ldif - you are allowed to override schema definitions, but it is usually not a good idea
Comment 3 Rob Crittenden 2010-05-26 13:25:22 EDT
Ok, freaky, that is an oversight. This schema is to support the Sun LDAP configuration tool and I guess they assume this attribute isn't available. I cut-and-pasted this. I'll make a note to remove this attribute since it is already there.

Still, this doesn't explain why the kerberos schema is included.
Comment 4 Rich Megginson 2010-05-26 13:32:34 EDT
(In reply to comment #3)
> Ok, freaky, that is an oversight. This schema is to support the Sun LDAP
> configuration tool and I guess they assume this attribute isn't available. I
> cut-and-pasted this. I'll make a note to remove this attribute since it is
> already there.
> 
> Still, this doesn't explain why the kerberos schema is included.    

right - that's a bug
Comment 5 Rich Megginson 2010-05-26 16:01:19 EDT
Created attachment 417013 [details]
0001-Bug-595874-99user.ldif-getting-overpopulated.patch
Comment 6 Andrey Ivanov 2010-05-26 16:03:08 EDT
the bug seems to be similar to https://bugzilla.redhat.com/show_bug.cgi?id=474254 and https://bugzilla.redhat.com/show_bug.cgi?id=529258
Comment 7 Rich Megginson 2010-05-26 16:06:23 EDT
(In reply to comment #6)
> the bug seems to be similar to
> https://bugzilla.redhat.com/show_bug.cgi?id=474254 and
> https://bugzilla.redhat.com/show_bug.cgi?id=529258    

It is related to those.  But those fixes missed the case where a user could provide a "standard" schema file like 60kerberos.ldif with no X-ORIGIN.
Comment 8 Rich Megginson 2010-05-26 16:09:26 EDT
To ssh://git.fedorahosted.org/git/389/ds.git
   84b40e3..df777e3  Directory_Server_8_2_Branch -> Directory_Server_8_2_Branch
commit df777e3de911e3b5428938a7f1c91b76678fb0e2
Author: Rich Megginson <rmeggins@redhat.com>
Date:   Wed May 26 12:18:34 2010 -0600
   8e6e740..2e8fc55  master -> master
commit 2e8fc55fcc185577d0973eae58f1f8f26cbd442b
Author: Rich Megginson <rmeggins@redhat.com>
Date:   Wed May 26 12:18:34 2010 -0600
    Fix Description: The schema code was adding X-ORIGIN 'user defined' to all
    schema elements that had no X-ORIGIN.  It should only add user defined to
    schema elements from the user defined schema file, not to schema defined
    in standard (read only) schema files.  It looks like the code should work
    fine if the schema element has no origin, so there is no reason to add
    an origin for schema other than user defined schema.
    Platforms tested: RHEL5 x86_64
    Flag Day: no
    Doc impact: no
Comment 10 Jenny Galipeau 2010-06-07 15:12:46 EDT
1. placed 60kerberos.ldif in schema directory
2. restarted the directory server
3. did online schema update with the update.ldif
4. only the update schema is in the 99user.ldif file

Is this enough to verify this bug?
Thanks!
Comment 11 Rich Megginson 2010-06-07 15:17:07 EDT
(In reply to comment #10)
> 1. placed 60kerberos.ldif in schema directory
> 2. restarted the directory server
> 3. did online schema update with the update.ldif
> 4. only the update schema is in the 99user.ldif file
> 
> Is this enough to verify this bug?

Yes.

> Thanks!
Comment 12 Jenny Galipeau 2010-06-07 15:30:52 EDT
Thanks Rich - marking verified - RHEL 4

version:
redhat-ds-base-8.2.0-2010060704.el4dsrv

Note You need to log in before you can comment on or make changes to this bug.