Red Hat Bugzilla – Bug 908861
Error messages encountered when using POSIX winsync
Last modified: 2013-11-21 16:03:59 EST
Description of problem: memberOf attribute failed to synced to DS when an user from AD synced with memberOf attribute. Configured "Posix Winsync" plugin with "posixwinsynccreatememberoftask" set to TRUE. Refer this link to configure posix winsync plugin http://port389.org/wiki/WinSync_Posix Version-Release number of selected component (if applicable): 389-ds-base-1.2.11.15-11 How reproducible: Consistently. Steps to Reproduce: 1. Install 389-ds-base-1.2.11.15-11 or latest which has support for Posix winsync 2. Configre replication agreement for Pasword synchronization. 3. Make sure users and groups synced from DS to AD and vice versa. 4. Configure Posix Winsync plugin as per the design doc. http://port389.org/wiki/WinSync_Posix 5. Configure memberOf plugin on Directory server instance. 6. Created users/groups with memberOf attribute on AD. 7. Check whether users/groups synced to DS with memberOf attributes. 8. memberOf attributes failed to sync from AD to DS. 9. The same way the memberOf attributes failed to sync from DS to AD. Actual results: memberOf attribute failed to be synced. Expected results: memberOf attribute should get synced bi-directional. Additional info: Not sure this error message is related to this issue: [06/Feb/2013:05:55:53 -0500] - slapi_modify_internal_set_pb: NULL parameter [06/Feb/2013:05:55:53 -0500] - allow_operation: component identity is NULL [06/Feb/2013:05:55:53 -0500] - slapi_modify_internal_set_pb: NULL parameter [06/Feb/2013:05:55:53 -0500] - allow_operation: component identity is NULL Simo's comment for the same issue: Memberof attributes cannot be synchronized anyway IIRC.. They are linked attributes on AD and are created when you create the corresponding member attribute. Also keep in mind that our memberof attributes include indirect members where AD one does not, so we should never try to sync this attribute. Simo.
This request was not resolved in time for the current release. Red Hat invites you to ask your support representative to propose this request, if still desired, for consideration in the next release of Red Hat Enterprise Linux.
The QE testcase starts posixWinsyncCreateMemberOfTask task: dn: cn=Posix Winsync API,cn=plugins,cn=config changetype: modify replace: posixWinsyncCreateMemberOfTask posixWinsyncCreateMemberOfTask: TRUE It eventually calls posix_group_fix_memberuid, which registers posix_group_fix_memberuid_callback that is supposed to fix up broken group list in entries if any. But even if there is nothing to fix up, it calls the internal modify function which fails immediately with the reported errors. Instead of calling the internal modify, we could just skip if there is nothing to fix up. The error messages are annoying, but the symptom is benign. I'm attaching the diff to reduce the errors next.
Created attachment 696298 [details] git diff posix-winsync/posix-group-task.c Fix description: not to call an internal modify if the mods is NULL.
ack
Marking the bug as verified since this problem doesn't occur in the Winsync setup. tested build - 389-ds-base-1.2.11.15-27 passsync build - passsync-1.1.5
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-1653.html