Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1029959
Description of problem: From RHEL 7 most DS plugins are converted to be betxn - if their operation fails, whole transaction should fail and not be comitted to database. In case of Managed Entries plugin, we can create a situation where plugin fails to create managed entry, e.g. due to mapped attribute missing. Version-Release number of selected component (if applicable): RHEL 7 389-ds-base-1.3.1.6-8.el7.x86_64 Steps to Reproduce: # enable plugin ldapmodify -D "cn=directory manager" -w Secret123 <<EOF dn: cn=Managed Entries,cn=plugins,cn=config changetype: modify replace: nsslapd-pluginEnabled nsslapd-pluginEnabled: on EOF # add template entry ldapmodify -D "cn=directory manager" -w Secret123 -a <<EOF dn: cn=template,dc=example,dc=com objectclass: top objectclass: mepTemplateEntry cn: template mepRDNAttr: cn mepStaticAttr: objectclass: top mepStaticAttr: objectclass: person mepStaticAttr: objectclass: inetOrgPerson mepMappedAttr: cn: \$cn mepMappedAttr: uid: \$uid mepMappedAttr: sn: \$sn EOF # add definition entry ldapmodify -D "cn=directory manager" -w Secret123 -a <<EOF dn: cn=definition,cn=Managed Entries, cn=plugins,cn=config objectclass: top objectclass: extensibleObject cn: definition originScope: ou=people,dc=example,dc=com originFilter: objectclass=person managedBase: ou=Groups,dc=example,dc=com managedTemplate: cn=template,dc=example,dc=com EOF # Add new entry - adding managed entry should fail ldapmodify -a -D "cn=directory manager" -w Secret123 <<EOF dn: cn=tuser,ou=people,dc=example,dc=com objectclass: top objectclass: person cn: tuser sn: tuser EOF # Returns entry ldapsearch -D "cn=directory manager" -w Secret123 -LLL -b "cn=tuser,ou=people,dc=example,dc=com" # Returns no such object ldapsearch -D "cn=directory manager" -w Secret123 -LLL -b "cn=tuser,ou=groups,dc=example,dc=com" Actual results: [13/Nov/2013:01:47:02 -0700] managed-entries-plugin - mep_parse_mapped_attr: Mapped attribute "uid" is not present in origin entry "cn=tuser,ou=People,dc=example,dc=com". Please correct template to only map attributes required by the schema. [13/Nov/2013:01:47:02 -0700] managed-entries-plugin - mep_create_managed_entry: Error parsing mapped attribute in template "cn=template,dc=example,dc=com". [13/Nov/2013:01:47:02 -0700] managed-entries-plugin - mep_add_managed_entry: Unable to create a managed entry from origin entry "cn=tuser,ou=People,dc=example,dc=com" using config "cn=definition,cn=Managed Entries,cn=plugins,cn=config". and original entry is successfully added: [root@localhost jrusnack]# ldapsearch -D "cn=directory manager" -w Secret123 -LLL -b "cn=tuser,ou=people,dc=example,dc=com" dn dn: cn=tuser,ou=People,dc=example,dc=com Expected results: If the plugins operation is part of transaction, failure to add managed entry should not commit original entry to the database.
attachment 0001-Ticket-47644-Managed-Entry-Plugin-transaction-not-ab.patch
ack
Note that this may be a general problem with many post-op plugins - before they were betxn post-op, it didn't matter what value they returned, because the return value could not change the outcome of the original operation, nor could the error be returned to clients, so many post-op plugins may have just returned any value.
Replying to [comment:6 rmeggins]:
ack Note that this may be a general problem with many post-op plugins - before they were betxn post-op, it didn't matter what value they returned, because the return value could not change the outcome of the original operation, nor could the error be returned to clients, so many post-op plugins may have just returned any value.
That's a good point. I'll open a new ticket to investigate the other plugins.
git merge ticket47644 Updating 43cd7db..ea6ac91 Fast-forward ldap/servers/plugins/mep/mep.c | 44 +++++++++++++++++++++++++++++++++++--------- 1 file changed, 35 insertions(+), 9 deletions(-)
git push origin master 43cd7db..ea6ac91 master -> master
commit ea6ac91 Author: Mark Reynolds mreynolds@redhat.com Date: Fri May 30 14:57:15 2014 -0400
attachment 0001-Ticket-47466-Fix-coverity-issue.patch
Coverity fix:
ea6ac91..fa31627 master -> master commit fa31627
Metadata Update from @mreynolds: - Issue assigned to mreynolds - Issue set to the milestone: 1.3.3 backlog
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/981
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Log in to comment on this ticket.