#321 krbExtraData is being null modified and replicated on each ssh login
Closed: wontfix None Opened 10 years ago by nkinder.

https://bugzilla.redhat.com/show_bug.cgi?id=782975 (Red Hat Enterprise Linux 6)

This bug is created as a clone of upstream ticket:

krbExtraData is apparently NOT being modified but the ldap server believes it
is which triggers an ldap mod & replication event because of it.

ssh logins should not trigger a modification that is replicated to FreeIPA
replica servers due to storm concerns.

IPA would like to see this in the 1.2.11 timeframe. Adjusting the milestone to 1.2.11 so we can begin looking into ways to solve this.

Added a new config attribute for the repl agmt:



nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName internalModifyTimestamp

Sending fix out for review...

Looks good, but you can simplify the code a great deal by using
charray_utf8_inlist - you can add a slapi wrapper for this if you want, or just use it via slapi-private

Thanks for the review Rich!

git merge ticket321
Updating 8ba2982..59ac943
ldap/schema/01core389.ldif | 3 +-
ldap/servers/plugins/replication/repl5.h | 2 +
ldap/servers/plugins/replication/repl5_agmt.c | 25 ++++++++++
.../plugins/replication/repl5_protocol_util.c | 50 ++++++++++++++------
ldap/servers/plugins/replication/repl_globals.c | 1 +
ldap/servers/slapd/charray.c | 5 ++
ldap/servers/slapd/slapi-plugin.h | 9 ++++
7 files changed, 80 insertions(+), 15 deletions(-)

[mareynol@localhost servers]$ git push origin master
Counting objects: 29, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (15/15), done.
Writing objects: 100% (15/15), 2.65 KiB, done.
Total 15 (delta 13), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
8ba2982..59ac943 master -> master

free mod order 0001-Ticket-321-krbExtraData-is-being-null-modified-and-r.patch

To ssh://git.fedorahosted.org/git/389/ds.git
8eaa3c6..758a68d master -> master
commit changeset:758a68d/389-ds-base
Author: Rich Megginson rmeggins@redhat.com
Date: Mon May 21 09:08:04 2012 -0600

To ssh://git.fedorahosted.org/git/389/ds.git
b5f3f98..5769e19 389-ds-base-1.2.11 -> 389-ds-base-1.2.11
commit changeset:5769e19/389-ds-base
Author: Rich Megginson rmeggins@redhat.com
Date: Mon May 21 09:08:04 2012 -0600

Added initial screened field value.

Metadata Update from @rmeggins:
- Issue assigned to mreynolds
- Issue set to the milestone:

5 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/321

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Fixed)

2 years ago

Login to comment on this ticket.