setup windows sync to have a sub-container entry for users e.g. dn: cn=testusers,cn=users,dc=example,dc=com objectclass: top objectclass: container cn: testusers You can use ldapmodify or (on Windows) Run->adsiedit.msc Setup windows sync to use cn=testusers,cn=users,dc=example,dc=com as the AD subtree (and use ou=people,dc=example,dc=com or whatever on the DS side) - make sure to set up SSL too in order to test syncing password changes from DS to AD (setting up PassSync is not required) - make sure the sync agreement uses SSL or TLS Make sure sync is working - e.g. add a user to one side and make sure it syncs to the other side on the AD side, remove the user entry and the sub-container entry - immediately after this, do an ldap modify operation for the userPassword of the DS user - you should see a crash in the DS shortly thereafter
Created attachment 517460 [details] 0001-Bug-729378-delete-user-subtree-container-in-AD-modif.patch
To ssh://git.fedorahosted.org/git/389/ds.git 93c1399..1e357c1 master -> master commit 1e357c1cb5e45e20299faa1d28e90d934fe7accd Author: Rich Megginson <rmeggins> Date: Tue Aug 9 12:20:10 2011 -0600 Reviewed by: nkinder, nhosoi (Thanks!) Branch: master Fix Description: Check for NULL DN in send_password_modify - return error if the DN is NULL. Platforms tested: RHEL6 x86_64, Windows 2008 64-bit Flag Day: no Doc impact: no
No crash observed on DS, when changing the password of the deleted AD user. hence marking the bug as verified.