Bug 838706 - referint modrdn not working if case is different
Summary: referint modrdn not working if case is different
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: 389-ds-base
Version: 6.4
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Rich Megginson
QA Contact: Sankar Ramalingam
Depends On:
TreeView+ depends on / blocked
Reported: 2012-07-09 20:51 UTC by Nathan Kinder
Modified: 2013-02-21 08:20 UTC (History)
2 users (show)

Fixed In Version: 389-ds-base-
Doc Type: Bug Fix
Doc Text:
Cause: Enabling the Referential Integrity plugin, with existing ou=People and ou=Groups container entries (note - begins with upper case letter), and renaming a user in ou=People that is also a member of one or more groups in ou=Groups, and the modrdn operation specifies the user DN using ou=people (note begins with lower case letter). Consequence: Group entries that have a member DN of the user that have an upper case ou=People are not changed to reflect the new name of the user. Fix: Make sure to do case-insensitive comparisons and/or normalize the DNs so that comparisons work. Result: The member attributes are updated when the user is renamed.
Clone Of:
Last Closed: 2013-02-21 08:20:01 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:0503 normal SHIPPED_LIVE Moderate: 389-ds-base security, bug fix, and enhancement update 2013-02-21 08:18:44 UTC

Description Nathan Kinder 2012-07-09 20:51:36 UTC
This bug is created as a clone of upstream ticket:

* setup directory server with DIT
ou=People,dc=example,dc=com # NOTE uppercase People
* Enable referint
* Add group entry cn=allusers,ou=Groups,dc=example,dc=com like this:
dn: cn=allusers,ou=Groups,dc=example,dc=com
objectClass: top
objectClass: groupofNames
cn: allusers
description: default group for users

* Add a user entry uid=testuser1,ou=People,dc=example,dc=com
* Add member: uid=testuser1,ou=people,dc=example,dc=com to cn=allusers group
* modrdn uid=testuser1
ldapmodify ... <<EOF
changetype: modrdn
newrdn: uid=testuser1changed
deleteoldrdn: 1

* search cn=allusers - it still lists the old dn
member: uid=testuser1,ou=people,dc=example,dc=com

Looking at the referint code, _update_one_per_mod() and _update_all_per_mod() are doing a PL_strstr - comparing a case normalized value against an un-case normalized value (that is, normalized but not case normalized).

Comment 1 Rich Megginson 2012-07-09 22:40:02 UTC
r6718 | rmeggins@REDHAT.COM | 2012-07-09 16:37:36 -0600 (Mon, 09 Jul 2012) | 1 line
Changed paths:
   M /trunk/testcases/DS/6.0/mbo/acceptance/mboModRdn.sh
   M /trunk/testcases/DS/6.0/mbo/acceptance/mboScen

added test for Bug 838706 - referint modrdn not working if case is different

Comment 3 Amita Sharma 2013-01-29 06:28:21 UTC
Mbo startup 	100% (3/3) 	  	 
MemberOf run 	100% (75/75) 	  	 
MemberOf cleanup 	100% (1/1)
All tests passed in the acceptance with 389-ds-base.x86_64 0: build on rhel64.

Hence marking bug as VERIFIED.

Comment 4 errata-xmlrpc 2013-02-21 08:20:01 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.