Bug 864013 - nsslapd-enablePlugin should not be multivalued
nsslapd-enablePlugin should not be multivalued
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: 389-ds-base (Show other bugs)
Unspecified Unspecified
medium Severity unspecified
: rc
: ---
Assigned To: Rich Megginson
Sankar Ramalingam
Depends On:
  Show dependency treegraph
Reported: 2012-10-08 07:17 EDT by Ján Rusnačko
Modified: 2014-06-17 22:55 EDT (History)
5 users (show)

See Also:
Fixed In Version: 389-ds-base-
Doc Type: Bug Fix
Doc Text:
Cause: Adding multiple plugin configuration attributes. Consequence: Some plugin configuration attributes are not designed to multi-valued. This can lead unexpected results. Fix: Updated the core server schema to include these attributes, and set their proper syntax. Result: Plugin configuration updates comply with expected schema syntax.
Story Points: ---
Clone Of:
Last Closed: 2014-06-13 05:33:03 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Ján Rusnačko 2012-10-08 07:17:33 EDT
Description of problem:

nsslapd-pluginEnabled attribute present in plugin configuration determines whether plugin is enabled or not. This attribute seems to be multivalued - so it is possible to add new value that contradicts original one.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
ldapmodify ....<<EOF
dn: cn=PAM Pass Through Auth,cn=plugins,cn=config
changetype: modify
add: nsslapd-pluginEnabled
nsslapd-pluginEnabled: on

ldapsearch ... -b "cn=PAM Pass Through Auth,cn=plugins,cn=config" nsslapd-pluginEnabled
dn: cn=PAM Pass Through Auth,cn=plugins,cn=config
nsslapd-pluginEnabled: on
nsslapd-pluginEnabled: off

Actual results:
Succceeds and plugin is both enabled and disabled.

Expected results:
Should fail.

Additional info:
This problem seems to be present for all plugins, not just PAM PTA plugin.
Comment 2 Rich Megginson 2012-10-08 11:11:57 EDT
Upstream ticket:
Comment 6 Ján Rusnačko 2013-06-10 09:25:32 EDT
Automated in pam_passthrough testsuite.
Comment 7 Rich Megginson 2013-10-01 19:26:24 EDT
moving all ON_QA bugs to MODIFIED in order to add them to the errata (can't add bugs in the ON_QA state to an errata).  When the errata is created, the bugs should be automatically moved back to ON_QA.
Comment 9 Ján Rusnačko 2013-11-12 07:57:17 EST
Automated in pampassthrough as Bug864013. Passing on RHEL 7 daily acceptance for 389-ds-base- :

----------------- Starting Test Bug864013 -------------------------
nsslapd-enablePlugin should not be multivalued
Set nsslapd-pluginEnabled to off
modifying entry cn=PAM Pass Through Auth,cn=plugins,cn=config

bug864013: expect=0 actual=0
Try to add new nsslapd-pluginEnabled attribute with value "on"
ldap_modify: Object class violation
ldap_modify: additional info: single-valued attribute "nsslapd-pluginEnabled" has multiple values

modifying entry cn=PAM Pass Through Auth,cn=plugins,cn=config

bug864013: expect=65 actual=65
Comment 10 Ludek Smid 2014-06-13 05:33:03 EDT
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.

Note You need to log in before you can comment on or make changes to this bug.