389-ds-base

Clone
Source Code
GIT

#48875 SyncRepl does not handle MODRDN correctly if entry falls out of scope
Closed: wontfix 3 years ago by spichugi. Opened 7 years ago by pspacek.

Closed: wontfix
Reopen Issue

SyncRepl does not send message about (imaginary) entry deletion when the entry falls out of scope as result of MODRDN.

Imagine SyncRepl with following LDAP filter:
'(&(objectClass=idnsServerConfigObject)(idnsServerId=pspacek.brq.redhat.com.))'

It correctly returns "new" entry in message with phase = LDAP_SYNC_CAPI_ADD (0x1) when MODRDN is used to set idnsServerId attribute to value specified in the filter.

On the other hand, it does not send message with phase = LDAP_SYNC_CAPI_DELETE (0x3) when MODRDN is used to rename entry so it does not match the filter anymore.

Hi, Petr.

Can we have your input about the urgency of this issue?
Is the fix needed for the current version 1.3.4.x for F23 and 1.3.5.x for F24?
Or can it be waited until the next version 1.3.6.x?

Thanks!
--noriko

It is not blocking IPA but users might be impacted by it when doing MODRDN. Having said that, I would like to see fix in next release which is not yet totally full.

Is this reasoning good enough?

Replying to [comment:3 pspacek]:

It is not blocking IPA but users might be impacted by it when doing MODRDN. Having said that, I would like to see fix in next release which is not yet totally full.

Is this reasoning good enough?
Thank you for your response, Petr! Setting the milestone to 1.3.6...

in the MODRDN operation, do you set deleteoldrdn: 1 ?
otehrwise the old value remains and the filter still applies

=== minimal reproducer ===
Start with following object:
{{{
dn: cn=test,cn=dns,dc=dom-058-082,dc=abc,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com
changetype: add
objectClass: nsContainer
objectClass: top
cn: test
}}}

Start syncrepl session with base DN cn=dns,dc=dom-058-082,dc=abc,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com and filter (objectClass=nsContainer)(cn=test):
{{{
ldap_sync_search_entry:
cookie is not present
phase: LDAP_SYNC_CAPI_ADD (0x1)
entry count: 1
entryUUID: 1824fb01-473e-11e6-9e16-cffadbbff471 (length 16 bytes = 128 bits)
DN: cn=test,cn=dns,dc=dom-058-082,dc=abc,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com
attribute cn: 'test' (length 4 bytes)
attribute objectClass: 'nsContainer' (length 11 bytes)
attribute objectClass: 'top' (length 3 bytes)

ldap_sync_intermediate:
cookie 'vm-058-082.abc.idm.lab.eng.brq.redhat.com:389#cn=directory manager:cn=dns,dc=dom-058-082,dc=abc,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com:(&(objectClass=nsContainer)(cn=test))#1087' (length 183 bytes)
phase: LDAP_SYNC_CAPI_DONE (0x50)
=> refresh phase is complete
entry count: 0

===================== refresh done =====================
==================== persist begins ====================
}}}

Now rename the entry, i.e. change CN attribute & delete the old one:
{{{
dn: cn=test,cn=dns,dc=dom-058-082,dc=abc,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com
changetype: moddn
newrdn: cn=test2
deleteoldrdn: 1
newsuperior: cn=dns,dc=dom-058-082,dc=abc,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com
}}}

Nothing gets sent to the SyncRepl client.

Metadata Update from @pspacek:
- Issue set to the milestone: 1.3.6.0
7 years ago

Metadata Update from @mreynolds:
- Issue close_status updated to: None
- Issue set to the milestone: 1.3.7 backlog (was: 1.3.6.0)
6 years ago

Metadata Update from @mreynolds:
- Issue set to the milestone: 1.4 backlog (was: 1.3.7 backlog)
6 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/1934

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix
- Issue status updated to: Closed (was: Open)
3 years ago

Login to comment on this ticket.

Metadata
None
None
None
None
major
None
None
IPA
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.