While checking the the entries the DNA plugin creates in the replicated part of the tree I noticed that there is an attribute that looks just wrong. The dnahostname attribute contains a value that is the RDN linearized like if it weren't a multivalue one. # f2.ipa.ssimo.org + 389, posix-ids, dna, ipa, etc, ipa.ssimo.org dn: dnaHostname=f2.ipa.ssimo.org+dnaPortNum=389,cn=posix-ids,cn=dna,cn=ipa,cn= ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ etc,dc=ipa,dc=ssimo,dc=org objectClass: extensibleObject objectClass: top dnahostname: f2.ipa.ssimo.org dnahostname: f2.ipa.ssimo.org+dnaPortNum=389 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ dnaportnum: 389 dnasecureportnum: 636 dnaremainingvalues: 0 Nathan suggests this is a bug in the server when checking if the RDN is present as an attribute in the entry.
On a closer look I have more interesting data. In my setup I have 2 servers: f1.ipa.ssimo.org is a Fedora 14 VM (i686.PAE) using 389-ds-base 1.2.7.1-1 f2.ipa.ssimo.org is a Fedora 13 VM (x86_64) using 389-ds-base 1.2.7-2 The following 2 entries were created by the respective DNA plugins: # f1.ipa.ssimo.org + 389, posix-ids, dna, ipa, etc, ipa.ssimo.org dn: dnaHostname=f1.ipa.ssimo.org+dnaPortNum=389,cn=posix-ids,cn=dna,cn=ipa,cn= etc,dc=ipa,dc=ssimo,dc=org objectClass: extensibleObject objectClass: top dnahostname: f1.ipa.ssimo.org dnaportnum: 389 dnasecureportnum: 636 dnaremainingvalues: 999995 # f2.ipa.ssimo.org + 389, posix-ids, dna, ipa, etc, ipa.ssimo.org dn: dnaHostname=f2.ipa.ssimo.org+dnaPortNum=389,cn=posix-ids,cn=dna,cn=ipa,cn= etc,dc=ipa,dc=ssimo,dc=org objectClass: extensibleObject objectClass: top dnahostname: f2.ipa.ssimo.org dnahostname: f2.ipa.ssimo.org+dnaPortNum=389 dnaportnum: 389 dnasecureportnum: 636 dnaremainingvalues: 0
Created attachment 472121 [details] Patch
This bug can be easily reproduced without configuring the DNA plug-in. To reproduce, simply use ldapmodify to perform the following operation on a platform where 389-ds-base is built against the MozLDAP client libraries (such as F13): dn: foo=test+bar=test,dc=example,dc=com changetype: add objectclass: extensibleobject foo: test bar: test The bug will cause an extra value to be added for the "bar" attribute with a value of "test+foo=test".
Pushed to master. Thanks to Noriko for her review! Counting objects: 11, done. Delta compression using up to 2 threads. Compressing objects: 100% (6/6), done. Writing objects: 100% (6/6), 793 bytes, done. Total 6 (delta 4), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git 90f26ec..8c30b05 master -> master
/usr/lib64/mozldap/ldapmodify -h localhost -p 389 -D "cn=Directory Manager" -w Secret123 << EOF > dn: foo=test+bar=test,ou=people,dc=test,dc=com > changetype: add > objectclass: extensibleobject > foo: test > bar: test > EOF adding new entry foo=test+bar=test,ou=people,dc=test,dc=com Entry Added: # test + test, people, test.com dn: bar=test+foo=test,ou=people,dc=test,dc=com objectClass: extensibleobject objectClass: top foo: test bar: test [root@testvm scripts]# /usr/lib64/mozldap/ldapmodify -h localhost -p 389 -D "cn=Directory Manager" -w Secret123 << EOF > dn: bar=txt,ou=people,dc=test,dc=com > changetype: add > objectclass: extensibleobject > foo: test > bar: test > EOF adding new entry bar=txt,ou=people,dc=test,dc=com Entry Added # txt, people, test.com dn: bar=txt,ou=people,dc=test,dc=com objectClass: extensibleobject objectClass: top foo: test bar: test bar: txt # 0, people, test.com dn: bar=0,ou=people,dc=test,dc=com objectClass: extensibleobject objectClass: top foo: test bar: test bar: 0