#470 389 prevents from adding a posixaccount with userpassword after schema reload
Closed: Fixed None Opened 6 years ago by nkinder.

https://bugzilla.redhat.com/show_bug.cgi?id=858580 (Red Hat Enterprise Linux 6)

Description of problem:

389 server prevents from adding a posixaccount with userpassword after a schema
reload has been issued with error:
[root@server ~]# ldapmodify -a -f test2.ldif -D "cn=directory manager" -w
"redhat123"
adding new entry "cn=testuser,dc=redhat,dc=local"
ldap_add: Object class violation (65)
        additional info: attribute "unhashed#user#password" not allowed

Version-Release number of selected component (if applicable):
from version: 389-ds-base-1.2.10.2-15.el6 onward
(and up to build 1.2.11.14-1.el6)

How reproducible:

Always

Steps to Reproduce:

1. install 389-ds-base and create a new instance with default setup
2. issue a schema reload: /usr/lib64/dirsrv/slapd-<instance>/schema-reload.pl
-D "cn=directory manager" -w "redhat123"
3. try adding a new posixaccount entry containing a cleartext userpassword:
  # ldapmodify -a -f test2.ldif -D "cn=directory manager" -w "redhat123"

Actual results:

entry addition fails with:
adding new entry "cn=testuser,dc=redhat,dc=local"
ldap_add: Object class violation (65)
        additional info: attribute "unhashed#user#password" not allowed

Expected results:

entry addition should succeed

Additional info:

- if the server gets restarted the problem goes away until a new schema reload
is issued
- versions including 389-ds-base-1.2.9.14-1.el6_2.2 and below are not affected
hence it looks to be a regression.

Bug description: Schema reload task reloads schema files in the
schema directory. Not just them, DS has several internal schema
which are not stored in the schema file, which were lost after
the schema reload task is executed. One of them unhashed#
user#password was necessary for adding a posixaccount.

Fix description: When registering an internal schema, the schema
is stashed in a hash table. When schema reload is executed, the
internal schema are reloaded with the external schema.

Reviewed by Rich (Thank you!!)

Pushed to master.

$ git merge trac470
Updating 47c44d4..628e2b3
Fast-forward
ldap/servers/plugins/schema_reload/schema_reload.c | 11 ++-
ldap/servers/slapd/attrsyntax.c | 83 +++++++++++++++++++-
ldap/servers/slapd/slapi-plugin.h | 9 ++
3 files changed, 98 insertions(+), 5 deletions(-)

$ git push
Counting objects: 19, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (9/9), done.
Writing objects: 100% (10/10), 2.04 KiB, done.
Total 10 (delta 7), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
47c44d4..628e2b3 master -> master

Cherry-picked and pushed to origin/389-ds-base-1.2.11, as well.

$ git cherry-pick -e -x 628e2b3
[389-ds-base-1.2.11-ext 03d1cbd] Trac Ticket #470 - 389 prevents from adding a posixaccount with userpassword after schema reload

$ git push origin 389-ds-base-1.2.11-ext:389-ds-base-1.2.11
Counting objects: 19, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (9/9), done.
Writing objects: 100% (10/10), 2.07 KiB, done.
Total 10 (delta 7), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
535511d..03d1cbd 389-ds-base-1.2.11-ext -> 389-ds-base-1.2.11

Metadata Update from @nhosoi:
- Issue assigned to nhosoi
- Issue set to the milestone: 1.2.11.15

2 years ago

Login to comment on this ticket.

Metadata