https://bugzilla.redhat.com/show_bug.cgi?id=858580 (Red Hat Enterprise Linux 6)
Description of problem: 389 server prevents from adding a posixaccount with userpassword after a schema reload has been issued with error: [root@server ~]# ldapmodify -a -f test2.ldif -D "cn=directory manager" -w "redhat123" adding new entry "cn=testuser,dc=redhat,dc=local" ldap_add: Object class violation (65) additional info: attribute "unhashed#user#password" not allowed Version-Release number of selected component (if applicable): from version: 389-ds-base-1.2.10.2-15.el6 onward (and up to build 1.2.11.14-1.el6) How reproducible: Always Steps to Reproduce: 1. install 389-ds-base and create a new instance with default setup 2. issue a schema reload: /usr/lib64/dirsrv/slapd-<instance>/schema-reload.pl -D "cn=directory manager" -w "redhat123" 3. try adding a new posixaccount entry containing a cleartext userpassword: # ldapmodify -a -f test2.ldif -D "cn=directory manager" -w "redhat123" Actual results: entry addition fails with: adding new entry "cn=testuser,dc=redhat,dc=local" ldap_add: Object class violation (65) additional info: attribute "unhashed#user#password" not allowed Expected results: entry addition should succeed Additional info: - if the server gets restarted the problem goes away until a new schema reload is issued - versions including 389-ds-base-1.2.9.14-1.el6_2.2 and below are not affected hence it looks to be a regression.
git patch file (master) 0001-Trac-Ticket-470-389-prevents-from-adding-a-posixacco.patch
Bug description: Schema reload task reloads schema files in the schema directory. Not just them, DS has several internal schema which are not stored in the schema file, which were lost after the schema reload task is executed. One of them unhashed# user#password was necessary for adding a posixaccount.
Fix description: When registering an internal schema, the schema is stashed in a hash table. When schema reload is executed, the internal schema are reloaded with the external schema.
Reviewed by Rich (Thank you!!)
Pushed to master.
$ git merge trac470 Updating 47c44d4..628e2b3 Fast-forward ldap/servers/plugins/schema_reload/schema_reload.c | 11 ++- ldap/servers/slapd/attrsyntax.c | 83 +++++++++++++++++++- ldap/servers/slapd/slapi-plugin.h | 9 ++ 3 files changed, 98 insertions(+), 5 deletions(-)
$ git push Counting objects: 19, done. Delta compression using up to 4 threads. Compressing objects: 100% (9/9), done. Writing objects: 100% (10/10), 2.04 KiB, done. Total 10 (delta 7), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git 47c44d4..628e2b3 master -> master
Cherry-picked and pushed to origin/389-ds-base-1.2.11, as well.
$ git cherry-pick -e -x 628e2b3 [389-ds-base-1.2.11-ext 03d1cbd] Trac Ticket #470 - 389 prevents from adding a posixaccount with userpassword after schema reload
$ git push origin 389-ds-base-1.2.11-ext:389-ds-base-1.2.11 Counting objects: 19, done. Delta compression using up to 4 threads. Compressing objects: 100% (9/9), done. Writing objects: 100% (10/10), 2.07 KiB, done. Total 10 (delta 7), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git 535511d..03d1cbd 389-ds-base-1.2.11-ext -> 389-ds-base-1.2.11
Metadata Update from @nhosoi: - Issue assigned to nhosoi - Issue set to the milestone: 1.2.11.15
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/470
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Login to comment on this ticket.