Bug 729378 - delete user subtree container in AD + modify password in DS == DS crash
Summary: delete user subtree container in AD + modify password in DS == DS crash
Alias: None
Product: 389
Classification: Retired
Component: Sync Service
Version: 1.2.8
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
Assignee: Rich Megginson
QA Contact: Viktor Ashirov
Depends On:
Blocks: 434915 389_1.2.9 729817
TreeView+ depends on / blocked
Reported: 2011-08-09 17:42 UTC by Rich Megginson
Modified: 2015-12-07 16:54 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 729817 (view as bug list)
Last Closed: 2015-12-07 16:54:19 UTC

Attachments (Terms of Use)
0001-Bug-729378-delete-user-subtree-container-in-AD-modif.patch (1.44 KB, patch)
2011-08-09 18:23 UTC, Rich Megginson
nhosoi: review+
nkinder: review+
Details | Diff

Description Rich Megginson 2011-08-09 17:42:15 UTC
setup windows sync to have a sub-container entry for users e.g.
dn: cn=testusers,cn=users,dc=example,dc=com
objectclass: top
objectclass: container
cn: testusers

You can use ldapmodify or (on Windows) Run->adsiedit.msc

Setup windows sync to use cn=testusers,cn=users,dc=example,dc=com as the AD subtree (and use ou=people,dc=example,dc=com or whatever on the DS side) - make sure to set up SSL too in order to test syncing password changes from DS to AD (setting up PassSync is not required) - make sure the sync agreement uses SSL or TLS

Make sure sync is working - e.g. add a user to one side and make sure it syncs to the other side

on the AD side, remove the user entry and the sub-container entry - immediately after this, do an ldap modify operation for the userPassword of the DS user - you should see a crash in the DS shortly thereafter

Comment 1 Rich Megginson 2011-08-09 18:23:37 UTC
Created attachment 517460 [details]

Comment 2 Rich Megginson 2011-08-09 20:16:47 UTC
To ssh://git.fedorahosted.org/git/389/ds.git
   93c1399..1e357c1  master -> master
commit 1e357c1cb5e45e20299faa1d28e90d934fe7accd
Author: Rich Megginson <rmeggins@redhat.com>
Date:   Tue Aug 9 12:20:10 2011 -0600
    Reviewed by: nkinder, nhosoi (Thanks!)
    Branch: master
    Fix Description: Check for NULL DN in send_password_modify - return error
    if the DN is NULL.
    Platforms tested: RHEL6 x86_64, Windows 2008 64-bit
    Flag Day: no
    Doc impact: no

Comment 3 Sankar Ramalingam 2011-08-25 10:12:20 UTC
No crash observed on DS, when changing the password of the deleted AD user. hence marking the bug as verified.

Note You need to log in before you can comment on or make changes to this bug.