Bug 840153 - Impossible to rename entry (modrdn) with Attribute Uniqueness plugin enabled
Impossible to rename entry (modrdn) with Attribute Uniqueness plugin enabled
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: 389-ds-base (Show other bugs)
6.4
Unspecified Unspecified
medium Severity unspecified
: rc
: ---
Assigned To: Rich Megginson
Sankar Ramalingam
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-07-13 18:03 EDT by Rich Megginson
Modified: 2013-02-21 03:20 EST (History)
3 users (show)

See Also:
Fixed In Version: 389-ds-base-1.2.11.12-1.el6
Doc Type: Bug Fix
Doc Text:
Cause: Using the Attribute Uniqueness plugin and performing an LDAP RENAME operation on an entry containing one of the attributes being tested for uniqueness by the plugin. Consequence: LDAP RENAME operation fails with err 19 Constraint Violation - Another entry with the same attribute value already exists. Fix: The Attribute Uniqueness code was doing comparisons of un-normalized values. The fix is to make sure comparisons are done between values normalized the same way. Result: LDAP RENAME operations do not return err 19 when there is no conflict.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-02-21 03:20:06 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Rich Megginson 2012-07-13 18:03:03 EDT
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/389/ticket/406

I'm testing 389 v1.2.10.12 on CentOS 5.8 x86_64. With Attribute Uniqueness plugin enabled for one of the attributes of the entry (not the naming attribute) modrdn operation for this entry fails with:

ldap_rename: Constraint violation (19)
        additional info: Another entry with the same attribute value already exists (attribute: "X-UniqueId")

In our case we need the uniqueness of the X-UniqueId attribute. The modrdn was changing the uid attribute. In the latest version of 1.2.9.x this problem did not exist.

It's a blocking issue for the upgrade 1.2.9.x->1.2.10x on our production servers.

Typical log trace:
''[11/Jul/2012:16:20:40 +0200] conn=5 op=6 MODRDN dn="uid=somelogin,ou=Personnel,ou=Utilisateurs,dc=id,dc=polytechnique,dc=edu" newrdn="uid=somelogin.test" newsuperior="ou=Personnel,ou=Utilisateurs,dc=id,dc=polytechnique,dc=edu"
[11/Jul/2012:16:20:41 +0200] conn=5 op=6 RESULT err=19 tag=109 nentries=0 etime=0.012000
''
Comment 1 Rich Megginson 2012-07-13 18:06:12 EDT
r6731 | rmeggins@REDHAT.COM | 2012-07-13 16:05:21 -0600 (Fri, 13 Jul 2012) | 5 lines

Bug 840153 - Impossible to rename entry (modrdn) with Attribute Uniqueness plugin enabled

Added tests - the tests are the ic5X tests - these tests verify the bug is
fixed and test other aspects of modrdn with attribute uniqueness enabled

Sending        uid/tet_scen.sh
Sending        uid/uid.sh
Comment 3 Amita Sharma 2013-01-29 01:46:52 EST
Uid startup 	100% (1/1) 	  	 
Uid run 	100% (9/9) 	  	 
Uid cleanup 	100% (1/1)
All tests passed in the acceptance with 389-ds-base.x86_64 0:1.2.11.15-10.el6 build on rhel64.

Hence marking bug as VERIFIED.
Comment 4 Amita Sharma 2013-01-29 01:51:33 EST
Uid startup 	100% (1/1) 	  	 
Uid run 	100% (9/9) 	  	 
Uid cleanup 	100% (1/1)
All tests passed in the acceptance with 389-ds-base.x86_64 0:1.2.11.15-10.el6 build on rhel64.

Hence marking bug as VERIFIED.
Comment 5 errata-xmlrpc 2013-02-21 03:20:06 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0503.html

Note You need to log in before you can comment on or make changes to this bug.