https://bugzilla.redhat.com/show_bug.cgi?id=249327
The directory server updates the modifyTimestamp on operations other than Modify operations. See http://tools.ietf.org/html/rfc4512. However, attributes can be modified by operations other than Modify. For example, with password policy enabled, a Bind operation may update one or more operational attributes in a user's entry. Admin's do not expect modifyTimestamp to be updated under this and similar circumstances. See also http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5040;page=2
batch move to milestone 1.3
This was fixed for password policy after the bug was filed.
I expanded the original fix with a "set" pblock function, so now plugins that are doing internal modifies have the option of not setting the "modify attrs". Currently this only effects the Account Policy plugin.
2826 case SLAPI_SKIP_MODIFIED_ATTRS: 2827 if(value == 0){ 2828 pblock->pb_op->o_flags &= OP_FLAG_SKIP_MODIFIED_ATTRS; 2829 } else {
Should the line 2828 be something like this (not to affect the other bits)??? 2828 pblock->pb_op->o_flags &= ~OP_FLAG_SKIP_MODIFIED_ATTRS;
Nice catch!
I think we might also want to use this new flag in all of our plugins that do internal modifies. Look at ticket #111 to see what I'm talking about.
The pblock code for case SLAPI_SKIP_MODIFIED_ATTRS should first check to see if pblock->pb_op is not NULL. Although I can't foresee anyone using SLAPI_SKIP_MODIFIED_ATTRS outside the context of an operation, I've still seen similar cases where we've been bitten by segfaults.
attachment 0001-Ticket-129-Should-only-update-modifyTimestamp-modifi.patch
[mareynol@localhost slapd]$ git merge ticket129 Updating ee32016..3e60f7f Fast-forward ldap/servers/plugins/acctpolicy/acct_plugin.c | 1 + ldap/servers/slapd/pblock.c | 10 +++++++++- 2 files changed, 10 insertions(+), 1 deletions(-)
[mareynol@localhost slapd]$ git push origin master Counting objects: 17, done. Delta compression using up to 4 threads. Compressing objects: 100% (9/9), done. Writing objects: 100% (9/9), 1.10 KiB, done. Total 9 (delta 7), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git ee32016..3e60f7f master -> master
originally targeted for 1.2.11.rc1, but actually in the 1.2.11.a1 release
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=834054
Added initial screened field value.
Metadata Update from @nhosoi: - Issue assigned to mreynolds - Issue set to the milestone: 1.2.11.a1
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/129
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Login to comment on this ticket.