RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 729817 - delete user subtree container in AD + modify password in DS == DS crash
Summary: delete user subtree container in AD + modify password in DS == DS crash
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: 389-ds-base
Version: 6.2
Hardware: Unspecified
OS: Unspecified
urgent
high
Target Milestone: rc
: ---
Assignee: Rich Megginson
QA Contact:
URL:
Whiteboard:
Depends On: 729378
Blocks: 730147
TreeView+ depends on / blocked
 
Reported: 2011-08-10 22:41 UTC by Rich Megginson
Modified: 2011-12-06 17:56 UTC (History)
5 users (show)

Fixed In Version: 389-ds-base-1.2.9.11-1.el6
Doc Type: Bug Fix
Doc Text:
Clone Of: 729378
Environment:
Last Closed: 2011-12-06 17:56:00 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2011:1711 0 normal SHIPPED_LIVE 389-ds-base bug fix and enhancement update 2011-12-06 01:02:20 UTC

Description Rich Megginson 2011-08-10 22:41:12 UTC 
+++ This bug was initially created as a clone of Bug #729378 +++

setup windows sync to have a sub-container entry for users e.g.
dn: cn=testusers,cn=users,dc=example,dc=com
objectclass: top
objectclass: container
cn: testusers

You can use ldapmodify or (on Windows) Run->adsiedit.msc

Setup windows sync to use cn=testusers,cn=users,dc=example,dc=com as the AD subtree (and use ou=people,dc=example,dc=com or whatever on the DS side) - make sure to set up SSL too in order to test syncing password changes from DS to AD (setting up PassSync is not required) - make sure the sync agreement uses SSL or TLS

Make sure sync is working - e.g. add a user to one side and make sure it syncs to the other side

on the AD side, remove the user entry and the sub-container entry - immediately after this, do an ldap modify operation for the userPassword of the DS user - you should see a crash in the DS shortly thereafter

--- Additional comment from rmeggins on 2011-08-09 14:23:37 EDT ---

Created attachment 517460 [details]
0001-Bug-729378-delete-user-subtree-container-in-AD-modif.patch

--- Additional comment from rmeggins on 2011-08-09 16:16:47 EDT ---

To ssh://git.fedorahosted.org/git/389/ds.git
   93c1399..1e357c1  master -> master
commit 1e357c1cb5e45e20299faa1d28e90d934fe7accd
Author: Rich Megginson <rmeggins>
Date:   Tue Aug 9 12:20:10 2011 -0600
    Reviewed by: nkinder, nhosoi (Thanks!)
    Branch: master
    Fix Description: Check for NULL DN in send_password_modify - return error
    if the DN is NULL.
    Platforms tested: RHEL6 x86_64, Windows 2008 64-bit
    Flag Day: no
    Doc impact: no
Comment 3 Chandrasekar Kannan 2011-09-16 21:33:43 UTC 
ds-replication is no longer a component of rhel. folding back to 389-ds-base.
Comment 5 Amita Sharma 2011-09-21 17:20:37 UTC 
As Clone https://bugzilla.redhat.com/show_bug.cgi?id=729378 is already verified hence marking this as VERIFIED.
Comment 6 errata-xmlrpc 2011-12-06 17:56:00 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2011-1711.html
Note You need to log in before you can comment on or make changes to this bug.