https://bugzilla.redhat.com/show_bug.cgi?id=782975 (Red Hat Enterprise Linux 6)
This bug is created as a clone of upstream ticket: https://fedorahosted.org/freeipa/ticket/2220 krbExtraData is apparently NOT being modified but the ldap server believes it is which triggers an ldap mod & replication event because of it. ssh logins should not trigger a modification that is replicated to FreeIPA replica servers due to storm concerns.
IPA would like to see this in the 1.2.11 timeframe. Adjusting the milestone to 1.2.11 so we can begin looking into ways to solve this.
Added a new config attribute for the repl agmt:
nsds5ReplicaStripAttrs
Example:
nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName internalModifyTimestamp
Sending fix out for review...
Looks good, but you can simplify the code a great deal by using slapi_str2charray_ext and charray_utf8_inlist - you can add a slapi wrapper for this if you want, or just use it via slapi-private
attachment 0001-Ticket-321-krbExtraData-is-being-null-modified-and-r.patch
Excellent!
Thanks for the review Rich!
git merge ticket321 Updating 8ba2982..59ac943 Fast-forward ldap/schema/01core389.ldif | 3 +- ldap/servers/plugins/replication/repl5.h | 2 + ldap/servers/plugins/replication/repl5_agmt.c | 25 ++++++++++ .../plugins/replication/repl5_protocol_util.c | 50 ++++++++++++++------ ldap/servers/plugins/replication/repl_globals.c | 1 + ldap/servers/slapd/charray.c | 5 ++ ldap/servers/slapd/slapi-plugin.h | 9 ++++ 7 files changed, 80 insertions(+), 15 deletions(-)
[mareynol@localhost servers]$ git push origin master Counting objects: 29, done. Delta compression using up to 4 threads. Compressing objects: 100% (15/15), done. Writing objects: 100% (15/15), 2.65 KiB, done. Total 15 (delta 13), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git 8ba2982..59ac943 master -> master
free mod order 0001-Ticket-321-krbExtraData-is-being-null-modified-and-r.patch 0001-Ticket-321-krbExtraData-is-being-null-modified-and-r.2.patch
To ssh://git.fedorahosted.org/git/389/ds.git 8eaa3c6..758a68d master -> master commit changeset:758a68d/389-ds-base Author: Rich Megginson rmeggins@redhat.com Date: Mon May 21 09:08:04 2012 -0600
To ssh://git.fedorahosted.org/git/389/ds.git b5f3f98..5769e19 389-ds-base-1.2.11 -> 389-ds-base-1.2.11 commit changeset:5769e19/389-ds-base Author: Rich Megginson rmeggins@redhat.com Date: Mon May 21 09:08:04 2012 -0600
Added initial screened field value.
Metadata Update from @rmeggins: - Issue assigned to mreynolds - Issue set to the milestone: 1.2.11.4
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/321
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Login to comment on this ticket.