Description of problem: When adding an AutoMember definition, it is possible to receive an error 32 because the plugin is searching for children prior to the definition existing. Error Message: auto-membership-plugin - automember_parse_config_entry: Error searching for child rule entries for config "cn=hostgroup,cn=automember,cn=etc,dc=example,dc=com" (err=32) How reproducible: The problem seems to manifest itself when you use 2 separate LDIFs. 1st LDIF contains the cn=config modification to point at cn=config 2d LDIF contains the cn=Hostgroup/cn=Group,cn=automember,cn=etc,$SUFFIX Steps to Reproduce: 1. Install FreeIPA 2. Insert modification to cn=config to point to cn=automember,cn=etc,$SUFFIX 3. Insert modification to add cn=Hostgroup/cn=Group,cn=automember,cn=etc,$SUFFIX Actual results: Error Message: auto-membership-plugin - automember_parse_config_entry: Error searching for child rule entries for config "cn=hostgroup,cn=automember,cn=etc,dc=example,dc=com" (err=32) Expected results: Expected that the definitions get created successfully without having to search for children prior to their own existence.
To reproduce without having to install/setup FreeIPA, do the following: - Run setup-ds.pl to create a new DS instance with a suffix of 'dc=example,dc=com'. - Use ldapmodify to apply the operations in ldif1.ldif (attached). - Do a 'service dirsrv restart' to apply the config area change from ldif1.ldif. - Use ldapmodify to apply the operations in ldif2.ldif (attached). This will fail with an err=53. The fix should cause the second ldif to apply with no errors.
Created attachment 519675 [details] test ldif (ldif1)
Created attachment 519676 [details] test ldif (ldif2)
Created attachment 519679 [details] Patch
Checked into master and 389-ds-base-1.2.9 branch. Thanks to Rich for his review! Counting objects: 13, done. Delta compression using up to 2 threads. Compressing objects: 100% (7/7), done. Writing objects: 100% (7/7), 1.10 KiB, done. Total 7 (delta 4), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git 971dded..7e43a28 master -> master Counting objects: 13, done. Delta compression using up to 2 threads. Compressing objects: 100% (7/7), done. Writing objects: 100% (7/7), 1.12 KiB, done. Total 7 (delta 4), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git 5ff4af3..6ceca02 129-local -> 389-ds-base-1.2.9
[root@snmaptest ~]# netstat -nlp | grep 389 tcp 0 0 :::389 :::* LISTEN 3455/ns-slapd [root@snmaptest ~]# [root@snmaptest ~]# ldapmodify -x -h localhost -p 389 -D "cn=Directory Manager" -w Secret123 << EOF > dn: ou=etc,dc=example,dc=com > changetype: add > objectclass: organizationalUnit > ou: etc > > dn: cn=Auto Membership Plugin,cn=plugins,cn=config > changetype: modify > replace: nsslapd-pluginConfigArea > nsslapd-pluginConfigArea: ou=etc,dc=example,dc=com > EOF adding new entry "ou=etc,dc=example,dc=com" modifying entry "cn=Auto Membership Plugin,cn=plugins,cn=config" [root@snmaptest ~]# service dirsrv restart Shutting down dirsrv: M1... [ OK ] M2... [ OK ] M3... [ OK ] M4... [ OK ] snmaptest... [ OK ] snmaptest1... [ OK ] Starting dirsrv: M1... [ OK ] M2... [ OK ] M3... [ OK ] M4... [ OK ] snmaptest... [ OK ] snmaptest1... [ OK ] [root@snmaptest ~]# ldapmodify -x -h localhost -p 389 -D "cn=Directory Manager" -w Secret123 << EOF > dn: cn=Hostgroups,ou=etc,dc=example,dc=com > changetype: add > objectclass: autoMemberDefinition > cn: Hostgroups > autoMemberScope: dc=example,dc=com > autoMemberFilter: objectclass=posixAccount > autoMemberDefaultGroup: cn=orphans,cn=hostgroups,dc=example,dc=com > autoMemberGroupingAttr: member:dn > EOF adding new entry "cn=Hostgroups,ou=etc,dc=example,dc=com" Hence VERIFIED.