+++ This bug was initially created as a clone of Bug #742163 +++ Created attachment 525495 [details] Slapd configuration file Description of problem: Overlay constraint with count option work bad with modify operation. When I add more then permitted attribute values with ldapmodify, the operation is success. With ldapadd works well. Version-Release number of selected component (if applicable): openldap-servers-2.4.23-19.el6 How reproducible: always Steps to Reproduce: 1.slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/ (slapd.conf is in attachement) 2.slapadd -l data.ldif (data.ldif is in attachement) 3.Test modify operation Content of count_modify.ldif: dn: cn=usr2, dc=my-domain,dc=com add: description description: check - add: description description: constraint count - add: description description: with modify Run: ldapmodify -D cn=Manager,dc=my-domain,dc=com -w x -f count_modify.ldif Actual results: Operation success. Expected results: Operation fail with Constraint violation (19). Additional info: With ldapadd wors well. Example: count.ldif dn: cn=usr1, dc=my-domain,dc=com objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top cn: usr1 sn: usr1 mail: usr uid: usr1 description: usr1 description: check description: constraint count ldapadd -D cn=Manager,dc=my-domain,dc=com -w x -f count.ldif --- Additional comment from dspurek on 2011-09-29 11:34:43 CEST --- Created attachment 525496 [details] data.ldif --- Additional comment from omoris on 2011-10-17 15:59:55 CEST --- Jan, do you think that this bug could have an important impact in 6.2.0? May be we should consider proposing an exception for this and include it in 6.2.0. However, I am not sure if it might cause anything serious. --- Additional comment from jvcelak on 2012-01-12 15:04:04 CET --- Found the problem. The constraint validator verifies operations one by one, therefore this violation is catched: dn: cn=usr2, dc=my-domain,dc=com add: description description: check description: constraint count description: with modify And this is not: dn: cn=usr2, dc=my-domain,dc=com add: description description: check - add: description description: constraint count - add: description description: with modify --- Additional comment from jsynacek on 2012-02-08 14:35:47 CET --- Created attachment 560260 [details] Fixes constraint (count) problem --- Additional comment from jsynacek on 2012-02-08 14:38:02 CET --- I attached a patch that should fix the problems mentioned above. --- Additional comment from jsynacek on 2012-02-09 09:05:28 CET --- Created attachment 560469 [details] Constraint count patch Revised and fixed the last patch, which has been causing slapd to loop forever. --- Additional comment from jvcelak on 2012-02-09 14:15:17 CET --- Comment on attachment 560469 [details] Constraint count patch patch looks good, but there are still some problems (I will attach some tests) --- Additional comment from jvcelak on 2012-02-09 14:19:38 CET --- Created attachment 560577 [details] simple test cases run with ./run_test.sh (optionally set SLAPD and SLAPADD environmental variables before) == results with old version == Operations with expected success. [t_ok_01.ldif] OK [t_ok_02.ldif] OK [t_ok_03.ldif] OK [t_ok_04.ldif] OK [t_ok_05.ldif] OK [t_ok_06.ldif] OK [t_ok_07.ldif] FAIL [t_ok_08.ldif] FAIL [t_ok_09.ldif] FAIL [t_ok_10.ldif] FAIL Operations with expected failure. [t_fail_01.ldif] FAIL [t_fail_02.ldif] FAIL [t_fail_03.ldif] OK [t_fail_04.ldif] OK [t_fail_05.ldif] OK [t_fail_06.ldif] FAIL [t_fail_07.ldif] FAIL == results with patched version == Operations with expected success. [t_ok_01.ldif] OK [t_ok_02.ldif] OK [t_ok_03.ldif] OK [t_ok_04.ldif] OK [t_ok_05.ldif] OK [t_ok_06.ldif] FAIL [t_ok_07.ldif] FAIL [t_ok_08.ldif] FAIL [t_ok_09.ldif] OK [t_ok_10.ldif] OK Operations with expected failure. [t_fail_01.ldif] FAIL [t_fail_02.ldif] FAIL [t_fail_03.ldif] FAIL [t_fail_04.ldif] FAIL [t_fail_05.ldif] FAIL [t_fail_06.ldif] OK [t_fail_07.ldif] FAIL --- Additional comment from jsynacek on 2012-02-13 14:09:14 CET --- Created attachment 561537 [details] Constraint count patch --- Additional comment from jsynacek on 2012-02-13 14:11:01 CET --- Fixed the previous patch. It should work as intended now. --- Additional comment from jsynacek on 2012-02-13 15:00:43 CET --- Created attachment 561553 [details] Constraint count patch Additional tweaks. --- Additional comment from jsynacek on 2012-02-15 15:39:23 CET --- Created attachment 562235 [details] Constraint count patch Some more patch tweaking. --- Additional comment from jvcelak on 2012-02-15 15:43:28 CET --- Comment on attachment 562235 [details] Constraint count patch looks good, works fine (my tests are passning) --- Additional comment from jsynacek on 2012-02-16 15:15:01 CET --- Patch proposed upstream: http://www.openldap.org/its/index.cgi?findid=7168
Resolved in: openldap-2.4.29-3.fc17 openldap-2.4.29-3.fc18
openldap-2.4.29-3.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/openldap-2.4.29-3.fc17
Package openldap-2.4.29-3.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing openldap-2.4.29-3.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-2113/openldap-2.4.29-3.fc17 then log in and leave karma (feedback).
openldap-2.4.29-3.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.