#26 Please support setting defaultNamingContext in the rootdse.
Closed: wontfix None Opened 9 years ago by mkosek.

https://bugzilla.redhat.com/show_bug.cgi?id=742317

When multiple naming contexts are available it is hard to find out what a
client should use by default (usually the identity mgmt related tree where to
find users/groups).

It would be really helpful to allow cn=Directory Manager to be able to write
the 'defaultNamingcontext' attribute to the rootdse so that clients do not need
to do strange probings.

AD and also openldap apparently have it so many clients already know how to
handle this attribute.

Proposal:
. Introduce nsslapd-defaultNamingContext to cn=config to store defaultNamingContext.
. If no namingContexts are found, none is assigned to defaultNamingContext.
. When the first namingContext is added, it will be assigned to defaultNamingContext.
. Once one namingContext (e.g., dc=test,dc=com) is assigned to defaultNamingContext, the following config attribute is added to cn=config.
nsslapd-defaultNamingContext: dc=test,dc=com
. It could be switched to other namingContext by replacing the value. The modify fails if the new value is not found in the namingContexts.
. If the namingContext is removed (i.e., the backend as well as the suffix are deleted), the defaultNamingContext is removed, as well.
Note that the nsslapd-defaultNamingContext attribute value pair will be entirely removed.

Valgrind reports this invalid read on deleting a suffix/backend.
==10342== Invalid read of size 4
==10342== at 0x404953F: dse_call_callback (dse.c:2198)
==10342== by 0x40493B3: dse_delete (dse.c:2153)
==10342== by 0x404057F: op_shared_delete (delete.c:365)
==10342== by 0x403FDAD: do_delete (delete.c:128)
==10342== by 0x8057D29: connection_dispatch_operation (connection.c:573)
==10342== by 0x805951A: connection_threadmain (connection.c:2328)
==10342== by 0x361A964: _pt_root (ptthread.c:187)
==10342== by 0x789E98: start_thread (in /lib/libpthread-2.13.so)
==10342== by 0x6CFD2D: clone (in /lib/libc-2.13.so)
==10342== Address 0x41bf7c8 is 32 bytes inside a block of size 36 free'd
==10342== at 0x4005B0A: free (vg_replace_malloc.c:325)
==10342== by 0x403BB0F: slapi_ch_free (ch_malloc.c:363)
==10342== by 0x40458E0: dse_callback_delete (dse.c:261)
==10342== by 0x4045B1B: dse_callback_removefromlist (dse.c:351)
==10342== by 0x40494BA: dse_remove_callback (dse.c:2171)
==10342== by 0x4049758: slapi_config_remove_callback (dse.c:2247)
==10342== by 0x639ABF4: vlv_remove_callbacks (vlv.c:465)
==10342== by 0x6380794: ldbm_instance_unregister_callbacks (ldbm_instance_config.c:1062)
==10342== by 0x6380AB7: ldbm_instance_post_delete_instance_entry_callback (ldbm_instance_config.c:1161)
==10342== by 0x40495F6: dse_call_callback (dse.c:2206)
==10342== by 0x40493B3: dse_delete (dse.c:2153)
==10342== by 0x404057F: op_shared_delete (delete.c:365)
==10342== by 0x403FDAD: do_delete (delete.c:128)
==10342== by 0x8057D29: connection_dispatch_operation (connection.c:573)
==10342== by 0x805951A: connection_threadmain (connection.c:2328)
==10342== by 0x361A964: _pt_root (ptthread.c:187)
==10342== by 0x789E98: start_thread (in /lib/libpthread-2.13.so)
==10342== by 0x6CFD2D: clone (in /lib/libc-2.13.so)

Thanks for the review, Nathan. I ran more tests over the weekend and found some deadlocks. :( Thread 35 (Thread 0x7f46248ed700 (LWP 10163)): #0 __lll_lock_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:140 #1 0x0000003240609b0c in _L_lock_911 () from /lib64/libpthread.so.0 #2 0x0000003240609ac5 in __pthread_mutex_lock (mutex=0x2467d50) at pthread_mutex_lock.c:105 #3 0x0000003253e22df9 in PR_Lock (lock=0x2467d50) at ../../../mozilla/nsprpub/pr/src/pthreads/ptsynch.c:206 #4 0x00000031340c0f37 in slapi_lock_mutex (mutex=0x2467d50) at ldap/servers/slapd/slapi2nspr.c:101 #5 0x00007f462a447e94 in cos_cache_backend_state_change ( handle=0x7f462a447e6f, be_name=0x7f460c003900 "multiple2", old_be_state=3, new_be_state=1) at ldap/servers/plugins/cos/cos_cache.c:3590 #6 0x0000003134083528 in mtn_be_state_change ( be_name=0x7f460c003900 "multiple2", old_state=3, new_state=1) at ldap/servers/slapd/mapping_tree.c:235 #7 0x0000003134085ea9 in mapping_tree_entry_add_callback (pb=0x1e6e010, entryBefore=0x7f460c002e00, e=0x0, returncode=0x7f46248e6ae4, returntext=0x7f46248e68e0 "", arg=0x0) at ldap/servers/slapd/mapping_tree.c:1416 #8 0x0000003134057b6d in dse_call_callback (pdse=0x1ccc160, pb=0x1e6e010, operation=16, flags=1, entryBefore=0x7f460c002e00, entryAfter=0x0, returncode=0x7f46248e6ae4, returntext=0x7f46248e68e0 "") at ldap/servers/slapd/dse.c:2196 #9 0x0000003134057421 in dse_add (pb=0x1e6e010) at ldap/servers/slapd/dse.c:2034 #10 0x0000003134040117 in op_shared_add (pb=0x1e6e010) at ldap/servers/slapd/add.c:680 #11 0x000000313403f2a1 in do_add (pb=0x1e6e010) at ldap/servers/slapd/add.c:258 #12 0x0000000000413cbc in connection_dispatch_operation (conn=0x7f46248f3410, op=0x1d00840, pb=0x1e6e010) at ldap/servers/slapd/connection.c:568 #13 0x0000000000415654 in connection_threadmain () at ldap/servers/slapd/connection.c:2328 #14 0x0000003253e28553 in _pt_root (arg=0x2466490) at ../../../mozilla/nsprpub/pr/src/pthreads/ptthread.c:187 #15 0x0000003240607b31 in start_thread (arg=0x7f46248ed700) at pthread_create.c:305 #16 0x000000323fedfd2d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

I'm going to separate the Invalid read issue and open a new ticket for it.

Ticket #259 (new defect)
Valgrind reports Invalid read on removing a suffix/backend

Pushed to master.

$ git merge trac26
Updating c43a508..a8bacba
Fast-forward
ldap/admin/src/scripts/DSCreate.pm.in | 1 +
ldap/servers/plugins/usn/usn.c | 8 --
ldap/servers/slapd/entry.c | 11 +++-
ldap/servers/slapd/libglobs.c | 88 +++++++++++++++++++++-
ldap/servers/slapd/mapping_tree.c | 131 ++++++++++++++++++++++++++++++---
ldap/servers/slapd/plugin.c | 2 +-
ldap/servers/slapd/proto-slap.h | 3 +-
ldap/servers/slapd/rdn.c | 12 +++
ldap/servers/slapd/rootdse.c | 8 ++-
ldap/servers/slapd/slap.h | 2 +
ldap/servers/slapd/slapi-plugin.h | 14 +++-
11 files changed, 253 insertions(+), 27 deletions(-)

$ git push
Counting objects: 46, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (25/25), done.
Writing objects: 100% (26/26), 5.59 KiB, done.
Total 26 (delta 20), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
c43a508..a8bacba master -> master

Steps to verify:
1. install DS (preferably with the admin server and Console)
2. Search nsslapd-defaultnamingcontext in cn=config and defaultnamingcontext in the rootdse.
$ ldapsearch -LLLx -h localhost -p <port> -D 'cn=directory manager' -w <pw> -b "cn=config" -s base nsslapd-defaultnamingcontext
dn: cn=config
nsslapd-defaultnamingcontext: <default suffix (e.g., dc=example,dc=com)>
$ ldapsearch -LLLx -h localhost -p <port> -b "" -s base | egrep namingcontext
namingContexts: dc=example,dc=com
defaultnamingcontext: dc=example,dc=com
3. Add a new suffix "dc=test,dc=com" and verify nsslapd-defaultnamingcontext and defaultnamingcontext are not changed.
4. Remove the new suffix "dc=test,dc=com" and verify nsslapd-defaultnamingcontext and defaultnamingcontext are not changed.
5. Remove the original suffix "dc=example,dc=com" and verify nsslapd-defaultnamingcontext and defaultnamingcontext are both removed.
$ ldapsearch -LLLx -h localhost -p <port> -D 'cn=directory manager' -w <pw> -b "cn=config" -s base nsslapd-defaultnamingcontext
dn: cn=config
nsslapd-defaultnamingcontext:
$ ldapsearch -LLLx -h localhost -p <port> -b "" -s base | egrep namingcontext
$
6. Add a new suffix "dc=newtest,dc=com" and verify the new suffix is set to nsslapd-defaultnamingcontext and defaultnamingcontext.
$ ldapsearch -LLLx -h localhost -p <port> -D 'cn=directory manager' -w <pw> -b "cn=config" -s base nsslapd-defaultnamingcontext
dn: cn=config
nsslapd-defaultnamingcontext: dc=newtest,dc=com
$ ldapsearch -LLLx -h localhost -p 10389 -b "" -s base | egrep namingcontext
namingContexts: dc=newtest,dc=com
defaultnamingcontext: dc=newtest,dc=com

Fix description:
If a config param is set to nsslapd-allowed-to-delete-attrs,
the value is allowed to delete. nsslapd-defaultnamingcontext
is set to the value, by default. The config set API is not
designed to allow deleting a param. Instead, it sets NULL to
represent the deletion. But it turned out it was not allowed,
either. This patch allows to the config params set in the
nsslapd-allowed-to-delete-attrs to pass NULL value.

ok - but note that it is ok to pass a NULL to slapi_ch_strdup - it will just return a NULL - so you don't have to check for (value)

Replying to [comment:19 rmeggins]:

ok - but note that it is ok to pass a NULL to slapi_ch_strdup - it will just return a NULL - so you don't have to check for (value)

Good point! I'm modifying it. Thanks, Rich!

Reviewed by Rich (Thank you!!)

$ git merge work
Updating c013442..d664d54
Fast-forward
ldap/servers/slapd/configdse.c | 23 +---------------
ldap/servers/slapd/libglobs.c | 56 +++++++++++++++++++++++++++++++-------
ldap/servers/slapd/proto-slap.h | 2 +
3 files changed, 48 insertions(+), 33 deletions(-)

$ git push
Counting objects: 15, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (8/8), done.
Writing objects: 100% (8/8), 1.52 KiB, done.
Total 8 (delta 6), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
c013442..d664d54 master -> master

Cherry-picked and pushed to 389-ds-base-1.2.10

$ git cherry-pick d664d54
[ds1210 f676eb1] Trac Ticket #26 - Please support setting defaultNamingContext in the rootdse.
3 files changed, 48 insertions(+), 33 deletions(-)

$ git push origin ds1210:389-ds-base-1.2.10
Counting objects: 15, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (8/8), done.
Writing objects: 100% (8/8), 1.52 KiB, done.
Total 8 (delta 6), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
7373fbf..f676eb1 ds1210 -> 389-ds-base-1.2.10

commit changeset:f676eb1/389-ds-base
Author: Noriko Hosoi nhosoi@redhat.com
Date: Tue Feb 14 18:15:51 2012 -0800
1.2.10 branch

Added initial screened field value.

Metadata Update from @rmeggins:
- Issue assigned to nhosoi
- Issue set to the milestone: 1.2.10.a7

4 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/26

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Fixed)

9 months ago

Login to comment on this ticket.

Metadata