Created attachment 425766 [details] scripts.tar.gz The numSubordinates attribute is currently defined in the common schema: attributeTypes: ( 1.3.1.1.4.1.453.16.2.103 NAME 'numSubordinates' DESC 'count of immediate subordinates' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'numSubordinates Internet Draft' ) Since it's an operational attribute, it should not be returned in the search result unless the client requests this attribute specifically. Some applications (e.g. Samba) may use DS only with the core schema, without the common schema. Since in that case the numSubordinates is not defined in the schema, it will be returned in the search result like a regular attribute. How reproducible: consistently. To reproduce the problem, unpack the attached scripts.tar.gz, then execute run.sh. It will execute the following operations: 1. Create slapd instance with core schema only. 2. Add the base entry. 3. Add a child to the base entry. 4. Search the base entry. Actual results: The numSubordinates will be returned in the result of step #4: dn: dc=example,dc=com objectClass: dcObject objectClass: top dc: example numsubordinates: 1 Expected results: The numSubordinates should not be returned unless it's specified in the search attribute list.
Created attachment 425801 [details] 0001-Bug-606545-core-schema-should-include-numSubordinate.patch The numSubordinates attribute type definition has been moved from 02common.ldif into 00core.ldif.
Comment on attachment 425801 [details] 0001-Bug-606545-core-schema-should-include-numSubordinate.patch ok - also need to add these two schema files to the list of schema files in 60upgradeschemafiles.pl
It seems that the files are already included in the list: my @toremove = qw(00core.ldif 01core389.ldif 01common.ldif 02common.ldif 05rfc2247.ldif 05rfc4523.ldif 10presence.ldif 28pilot.ldif 30ns-common.ldif 50ns-directory.ldif 60mozilla.ldif);
Reviewed by Rich. Pushed to master on behalf of Endi. $ git merge work Updating 81fe698..07f9ed2 Fast-forward ldap/schema/00core.ldif | 12 ++++++++++++ ldap/schema/02common.ldif | 1 - 2 files changed, 12 insertions(+), 1 deletions(-) $ git push Counting objects: 11, done. Delta compression using up to 4 threads. Compressing objects: 100% (6/6), done. Writing objects: 100% (6/6), 799 bytes, done. Total 6 (delta 5), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git 81fe698..07f9ed2 master -> master
[root@amsharma scripts]# ps -aef | grep slapd nobody 25898 1 0 12:02 ? 00:00:00 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-example -i /var/run/dirsrv/slapd-example.pid -w /var/run/dirsrv/slapd-example.startpid root 25964 10741 0 12:02 pts/2 00:00:00 grep slapd [root@amsharma scripts]# ldapadd -x -h localhost -p 389 -D "cn=Directory Manager" -w Secret123 << EOF > dn: dc=example,dc=com > objectClass: dcObject > dc: example > EOF adding new entry "dc=example,dc=com" [root@amsharma scripts]# ldapadd -x -h localhost -p 389 -D "cn=Directory Manager" -w xxx << EOF dn: ou=Users,dc=example,dc=com > objectClass: organizationalUnit > ou: Users > EOF adding new entry "ou=Users,dc=example,dc=com" [root@amsharma scripts]# ldapsearch -x -D "cn=Directory Manager" -w xxx -b dc=example,dc=com -s base # extended LDIF # # LDAPv3 # base <dc=example,dc=com> with scope baseObject # filter: (objectclass=*) # requesting: ALL # # example.com dn: dc=example,dc=com objectClass: dcObject objectClass: top dc: example # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 "No numsubordinates returns in the search" Hence VERIFIED.