#48295 Entry cache is not rolled back -- Linked Attributes plug-in - wrong behaviour when adding valid and broken links
Closed: Fixed None Opened 4 years ago by nhosoi.

Description of problem:
When we use one operation to add two(or more) links to some entry, and the
value of the first attribute is valid, but other values are unexisting entries,
then the managed attribute will be added, but the link attribute won't.

How reproducible:
Always

Steps to Reproduce:
1) Enable Linked Attributes plug-in;
ldapmodify -h localhost -p 389 -D "cn=Directory manager" -W
cn=Linked Attributes,cn=plugins,cn=config
changetype: modify
replace: nsslapd-pluginEnabled
nsslapd-pluginEnabled: on

2) Create the plug-in instance;
ldapmodify -h localhost -p 389 -D "cn=Directory manager" -W
dn: cn=Manager Link,cn=Linked Attributes,cn=plugins,cn=config
changetype: add
objectClass: top
objectClass: extensibleObject
cn: Manager Link
linkType: directReport
managedType: manager

3) Add two entries;
ldapmodify -h localhost -p 389 -D "cn=Directory manager" -W
dn: uid=employee1,ou=People,dc=example,dc=com
changetype: add
objectClass: extensibleobject
objectClass: inetorgperson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: Employee 1
sn: Employee 1
uid: employee1

dn: uid=manager1,ou=People,dc=example,dc=com
changetype: add
objectClass: extensibleobject
objectClass: inetorgperson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: manager 1
sn: manager 1
uid: manager1

4) Execute link operation with existing and unexisting entries;
ldapmodify -h localhost -p 389 -D "cn=Directory manager" -W
dn: uid=manager1,ou=People,dc=example,dc=com
changetype: modify
add: directreport
directreport: uid=employee1,ou=People,dc=example,dc=com
directreport: uid=doNotExist,ou=People,dc=example,dc=com

Actual results:
ldapsearch -h localhost -p 389 -D "cn=Directory manager" -W -b
ou=people,dc=example,dc=com

employee1, people, example.com

dn: uid=employee1,ou=People,dc=example,dc=com
objectClass: extensibleobject
objectClass: inetorgperson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: Employee 1
sn: Employee 1
uid: employee1
manager: uid=manager1,ou=People,dc=example,dc=com

manager1, people, example.com

dn: uid=manager1,ou=People,dc=example,dc=com
objectClass: extensibleobject
objectClass: inetorgperson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: manager 1
sn: manager 1
uid: manager1

Expected results:
ldapsearch -h localhost -p 389 -D "cn=Directory manager" -W -b
ou=people,dc=example,dc=com

employee1, people, example.com

dn: uid=employee1,ou=People,dc=example,dc=com
objectClass: extensibleobject
objectClass: inetorgperson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: Employee 1
sn: Employee 1
uid: employee1
manager: uid=manager1,ou=People,dc=example,dc=com

manager1, people, example.com

dn: uid=manager1,ou=people,dc=example,dc=com
objectClass: extensibleobject
objectClass: inetorgperson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: manager 1
sn: manager 1
uid: manager1
directreport: uid=employee1,ou=People,dc=example,dc=com

Additional info:
1) If we execute the link operation like this:
ldapmodify -h localhost -p 389 -D "cn=Directory manager" -W
dn: uid=manager1,ou=People,dc=example,dc=com
changetype: modify
add: directreport
directreport: uid=doNotExist,ou=People,dc=example,dc=com
directreport: uid=employee1,ou=People,dc=example,dc=com

Then nothing will be added.

2) If we try to repair it with fixup-linkedattrs.pl or "cn=fixup linked
attributes task", then no directreport attribute will be added to
uid=manager1,ou=People,dc=example,dc=com.
Manager attribute will be deleted from
uid=employee1,ou=People,dc=example,dc=com.


In this test case,

dn: uid=manager1,ou=People,dc=example,dc=com
changetype: modify
add: directreport
directreport: uid=employee1,ou=People,dc=example,dc=com
directreport: uid=doNotExist,ou=People,dc=example,dc=com
the first directreport add has no problem and it also successfully add the managedtype to uid=employee1,ou=People,dc=example,dc=com. But the second directreport add fails since adding managedtype attempt fails due to the missing entry (uid=doNotExist).

Then, the Linked Attributes plug-in returns the failure at SLAPI_PLUGIN_BE_TXN_POST_MODIFY_FN in ldbm_back_modify, which makes the main operation fail and rollback.

The fist directreport add success was successfully done. That means, the managed entry has "manager: uid=manager1,ou=People,dc=example,dc=com" in the entry uid=employee1, which is in the entry cache as well as in the db cache. The latter one is rolled back automatically, but the former has no way to rolled back for now.

Although it is against the original expectation, what we could do is if the second or the after operation fails, undoing the successfully finished operation(s). That makes the entire operation fail if one of them does.

Reviewed by Mark (Thanks!!)

Pushed to master:
08c40e8..63b8ece master -> master
commit 088ddec
commit 63b8ece

Metadata Update from @nhosoi:
- Issue assigned to nhosoi
- Issue set to the milestone: 1.3.5 backlog

2 years ago

Login to comment on this ticket.

Metadata