Description of problem: The Managed Entry Plugin doesn't allow for the use of a source object's "DN" value to be used as a mappable attribute. A workaround might have been that I could use the 'cn' as a string substitution: cn=$cn,$SUFFIX, however, Managed Entries doesn't stop at the "," so that doesn't work either Version-Release number of selected component (if applicable): How reproducible: Attempt to create a Managed Entry ldif with a DN as a source attribute, the system will complain that "dn" is not a valid attr. Also try to create a mapping with a $cn,$SUFFIX Actual results: Installation of FreeIPA is successful, however, when attempting to create the object that should trigger the second's creation, it fails with errors regarding the attr. Expected results: One object created who has an attribute (memberHost) which is the DN of the source (cn=production,hostgroups,accounts,$SUFFIX) Additional info:
There are a few things we should do to resolve this. The first is to allow a mapping in the template entry that maps the DN like this: attr: $dn The second thing we need to do is to stop parsing an attribute variable at the first character that is not legal in an attribute name (see RFC 4512 for what is legal). This would allow a mapping like this to work: attr: cn=$cn,dc=example,dc=com The third thing we should do is to allow quoting of an attribute variable. This will allow one to append anything to the end of a mapped attribute value, even if it begins with a character that is valid for use in an attribute name. An example of this sort of mapping is: attr: ${cn}test
Created attachment 463847 [details] Patch
Do we need to release a 1.2.7.2 with this fix or can this wait until 1.2.8?
Pushed to master. Thanks to Rich for his review! Counting objects: 15, done. Delta compression using up to 2 threads. Compressing objects: 100% (8/8), done. Writing objects: 100% (8/8), 1.83 KiB, done. Total 8 (delta 5), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git bae65ae..0f49793 master -> master
Created attachment 467320 [details] Additional patch The previous patch introduced an invalid free. This fixes it.
Pushed additional patch to master. Thanks to Noriko for her review! Counting objects: 13, done. Delta compression using up to 2 threads. Compressing objects: 100% (7/7), done. Writing objects: 100% (7/7), 877 bytes, done. Total 7 (delta 4), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git bfe31ac..6d7ddbb master -> master
Can you please define the steps for "Attempt to create a Managed Entry ldif with a DN as a source attribute, the system will complain that "dn" is not a valid attr." for verifying this issue. Thanks
(In reply to comment #8) > Can you please define the steps for "Attempt to create a Managed Entry ldif > with a DN as a source attribute, the system will complain that "dn" is not a > valid attr." for verifying this issue. Thanks Set up the Managed Entry plug-in according to the description at http://directory.fedoraproject.org/wiki/Managed_Entry_Design, but use $dn as a mapped attribute in the template like this: mepMappedAttr: description: $dn
[root@testvm scripts]# ldapmodify -x -a -h localhost -p 389 -D "cn=Directory Manager" -w xxx << EOF > dn: cn=UPG Template,dc=test,dc=com > objectclass: mepTemplateEntry > cn: UPG Template > mepRDNAttr: cn > mepStaticAttr: objectclass: posixGroup > mepMappedAttr: cn: $uid > mepMappedAttr: gidNumber: $gidNumber > mepMappedAttr: description: $dn > EOF adding new entry "cn=UPG Template,dc=test,dc=com"