When renaming object, all letters in its CN get converted into lower case.
corresponding ticket in FreeIPA: https://fedorahosted.org/freeipa/ticket/2620
ldapsearch -x -D "cn=directory manager" -w baconbacon -b "cn=permissions,cn=pbac,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com" cn=permission1 # extended LDIF # # LDAPv3 # base <cn=permissions,cn=pbac,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com> with scope subtree # filter: cn=permission1 # requesting: ALL # # Permission1, permissions, pbac, idm.lab.bos.redhat.com dn: cn=Permission1,cn=permissions,cn=pbac,dc=idm,dc=lab,dc=bos,dc=redhat,dc=co m objectClass: groupofnames objectClass: ipapermission objectClass: top cn: Permission1 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 ====================================================================================================== rdn.txt: cn=Permission1,cn=permissions,cn=pbac,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com cn=Permission2 =========================================== ldapmodrdn -x -w baconbacon -D "cn=directory manager" -r -v -f rdn.txt ldap_initialize( <DEFAULT> ) Renaming "cn=Permission1,cn=permissions,cn=pbac,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com" new rdn="cn=Permission2" (delete old rdn) Rename Result: Success (0) =========================================== ldapsearch -x -D "cn=directory manager" -w baconbacon -b "cn=permissions,cn=pbac,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com" cn=permission2 # extended LDIF # # LDAPv3 # base <cn=permissions,cn=pbac,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com> with scope subtree # filter: cn=permission2 # requesting: ALL # # permission2, permissions, pbac, idm.lab.bos.redhat.com dn: cn=permission2,cn=permissions,cn=pbac,dc=idm,dc=lab,dc=bos,dc=redhat,dc=co m objectClass: groupofnames objectClass: ipapermission objectClass: top cn: permission2 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1
Rich Megginson wrote:
The culprit is modrdn.c:194 slapi_dn_ignore_case( newrdn ); Much of the code that follows this assumes newrdn is normalized for a DN (DN and case normalized). The problem is that we need to keep track of the rawrdn passed in to apply to the new RDN attribute and value. This could be done by using a Slapi_RDN* instead of a char * for SLAPI_MODRDN_NEWRDN, but that would involve changing a lot of code.
The culprit is modrdn.c:194
slapi_dn_ignore_case( newrdn );
Much of the code that follows this assumes newrdn is normalized for a DN (DN and case normalized). The problem is that we need to keep track of the rawrdn passed in to apply to the new RDN attribute and value. This could be done by using a Slapi_RDN* instead of a char * for SLAPI_MODRDN_NEWRDN, but that would involve changing a lot of code.
git patch file (master) 0001-Trac-Ticket-338-letters-in-object-s-cn-get-converted.patch
Fix description: The value of newrdn was normalized as dn then decapitalized. The decapitalization was not just needed but the cause of the reported bug.
This patch removes the decapitalization call (slapi_dn_ignore_case).
revised git patch file (master) 0001-Trac-Ticket-338-letters-in-object-s-cn-get-converted.2.patch
This patch removes the decapitalization call (slapi_dn_ignore_case) and adds slapi_dn_ignore_case to acl_access_allowed_modrdn (acl.c) and referint_postop_modrdn (referint/referint.c).
Additionally, unnecessary code is being removed from chaining_ back_modrdn (chainingdb/cb_modrdn.c).
Note: the testcase is in subtreeRename.
Reviewed by Rich (Thanks!!)
Pushed to master.
$ git merge trac338-2 Updating b5d3cf1..178fe6a Fast-forward ldap/servers/plugins/acl/acl.c | 16 +++++++++---- ldap/servers/plugins/acl/acllist.c | 4 +- ldap/servers/plugins/chainingdb/cb_add.c | 2 +- ldap/servers/plugins/chainingdb/cb_compare.c | 2 +- ldap/servers/plugins/chainingdb/cb_delete.c | 2 +- ldap/servers/plugins/chainingdb/cb_modify.c | 2 +- ldap/servers/plugins/chainingdb/cb_modrdn.c | 32 ++----------------------- ldap/servers/plugins/chainingdb/cb_search.c | 4 +- ldap/servers/plugins/referint/referint.c | 6 +++- ldap/servers/plugins/replication/urp.c | 1 + ldap/servers/plugins/retrocl/retrocl_po.c | 1 + ldap/servers/plugins/uiduniq/7bit.c | 4 +- ldap/servers/plugins/uiduniq/uid.c | 1 + ldap/servers/slapd/auditlog.c | 1 + ldap/servers/slapd/back-ldbm/ldbm_modrdn.c | 4 +++ ldap/servers/slapd/modrdn.c | 7 +++++- ldap/servers/slapd/plugin_acl.c | 5 +++- 17 files changed, 46 insertions(+), 48 deletions(-)
$ git push Enter passphrase for key '/home/nhosoi/.ssh/id_rsa': Counting objects: 127, done. Delta compression using up to 4 threads. Compressing objects: 100% (49/49), done. Writing objects: 100% (49/49), 6.28 KiB, done. Total 49 (delta 44), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git b5d3cf1..178fe6a master -> master
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=821542
Added initial screened field value.
Metadata Update from @nhosoi: - Issue assigned to nhosoi - Issue set to the milestone: 1.2.11.rc1
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/338
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Login to comment on this ticket.