#447 Possible to add invalid attribute to nsslapd-allowed-to-delete-attrs
Closed: wontfix None Opened 11 years ago by nkinder.

https://bugzilla.redhat.com/show_bug.cgi?id=853355 (Red Hat Enterprise Linux 7)

Description of problem:

See Bug 602456. Adding attribute to nsslapd-allowed-to-delete-attrs should
allow attribute to be deleted. However, it is possible to add invalid attribute
to nsslapd-allowed-to-delete-attrs.


Version-Release number of selected component (if applicable):
389-ds-base-1.2.10.2-15.el6.x86_64

How reproducible:
always


Steps to Reproduce:
1.
ldapmodify -h localhost -p 389 -D "cn=directory manager" -w dirmanager <<EOF
dn: cn=config
changetype: modify
replace: nsslapd-allowed-to-delete-attrs
nsslapd-allowed-to-delete-attrs: invalid-attr
EOF
modifying entry "cn=config"

[jrusnack@dhcp-31-42 /]$ echo $?
0


Actual results: Succeeds


Expected results: Should fail


Additional info: See related Bug 853106.

Fix description: This patch is adding a code to check if the value
of config parameter nsslapd-allowed-to-delete-attrs includes any
invalid attributes or not. If it does, the server ignores the
invalid ones, and the following search returns only the valid
attributes. Also, it is logged in the error log:
nsslapd-allowed-to-delete-attrs: Unknown attribute bogus will be
ignored

Reviewed by Rich (Thank you!!)

Pushed to master.

commit 94b1237

Bug description: If given value of nsslapd-allowed-to-delete-attrs are
all invalid attributes, e.g.,
nsslapd-allowed-to-delete-attrs: invalid0 invalid1
they were logged as invalid, but accidentally set to nsslapd-allowed-
to-delete-attrs.

Fix description: This patch checks the validation result and if there
is no valid attributes given to nsslapd-allowed-to-delete-attrs, it
issues a message in the error log:
nsslapd-allowed-to-delete-attrs: Given attributes are all invalid.
No effects.
and it returns an error. The modify operation fails with "DSA is
unwilling to perform".

Reviewed by Rich (Thank you!!)

Pushed to master:
1a1b4f8..31cd7a8 master -> master
commit 31cd7a8

Pushed to 389-ds-base-1.3.2:
258bcb5..eab3222 389-ds-base-1.3.2 -> 389-ds-base-1.3.2
commit eab3222

Pushed to 389-ds-base-1.3.1:
dea2a25..c392aa8 389-ds-base-1.3.1 -> 389-ds-base-1.3.1
commit c392aa8

Pushed to 389-ds-base-1.3.0:
78f20ee..9936fdd 389-ds-base-1.3.0 -> 389-ds-base-1.3.0
commit 9936fdd435a2ab5bfe6d9a102124d607748c7a05

Metadata Update from @nhosoi:
- Issue assigned to nhosoi
- Issue set to the milestone: 1.3.0.rc1

7 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/447

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Fixed)

3 years ago

Login to comment on this ticket.

Metadata