SyncRepl does not send message about (imaginary) entry deletion when the entry falls out of scope as result of MODRDN.
Imagine SyncRepl with following LDAP filter: '(&(objectClass=idnsServerConfigObject)(idnsServerId=pspacek.brq.redhat.com.))'
It correctly returns "new" entry in message with phase = LDAP_SYNC_CAPI_ADD (0x1) when MODRDN is used to set idnsServerId attribute to value specified in the filter.
phase = LDAP_SYNC_CAPI_ADD (0x1)
idnsServerId
On the other hand, it does not send message with phase = LDAP_SYNC_CAPI_DELETE (0x3) when MODRDN is used to rename entry so it does not match the filter anymore.
phase = LDAP_SYNC_CAPI_DELETE (0x3)
Hi, Petr.
Can we have your input about the urgency of this issue? Is the fix needed for the current version 1.3.4.x for F23 and 1.3.5.x for F24? Or can it be waited until the next version 1.3.6.x?
Thanks! --noriko
It is not blocking IPA but users might be impacted by it when doing MODRDN. Having said that, I would like to see fix in next release which is not yet totally full.
Is this reasoning good enough?
Replying to [comment:3 pspacek]:
It is not blocking IPA but users might be impacted by it when doing MODRDN. Having said that, I would like to see fix in next release which is not yet totally full. Is this reasoning good enough? Thank you for your response, Petr! Setting the milestone to 1.3.6...
Is this reasoning good enough? Thank you for your response, Petr! Setting the milestone to 1.3.6...
in the MODRDN operation, do you set deleteoldrdn: 1 ? otehrwise the old value remains and the filter still applies
=== minimal reproducer === Start with following object: {{{ dn: cn=test,cn=dns,dc=dom-058-082,dc=abc,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com changetype: add objectClass: nsContainer objectClass: top cn: test }}}
Start syncrepl session with base DN cn=dns,dc=dom-058-082,dc=abc,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com and filter (objectClass=nsContainer)(cn=test): {{{ ldap_sync_search_entry: cookie is not present phase: LDAP_SYNC_CAPI_ADD (0x1) entry count: 1 entryUUID: 1824fb01-473e-11e6-9e16-cffadbbff471 (length 16 bytes = 128 bits) DN: cn=test,cn=dns,dc=dom-058-082,dc=abc,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com attribute cn: 'test' (length 4 bytes) attribute objectClass: 'nsContainer' (length 11 bytes) attribute objectClass: 'top' (length 3 bytes)
cn=dns,dc=dom-058-082,dc=abc,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com
(objectClass=nsContainer)(cn=test)
ldap_sync_intermediate: cookie 'vm-058-082.abc.idm.lab.eng.brq.redhat.com:389#cn=directory manager:cn=dns,dc=dom-058-082,dc=abc,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com:(&(objectClass=nsContainer)(cn=test))#1087' (length 183 bytes) phase: LDAP_SYNC_CAPI_DONE (0x50) => refresh phase is complete entry count: 0
===================== refresh done ===================== ==================== persist begins ==================== }}}
Now rename the entry, i.e. change CN attribute & delete the old one: {{{ dn: cn=test,cn=dns,dc=dom-058-082,dc=abc,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com changetype: moddn newrdn: cn=test2 deleteoldrdn: 1 newsuperior: cn=dns,dc=dom-058-082,dc=abc,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com }}}
Nothing gets sent to the SyncRepl client.
Metadata Update from @pspacek: - Issue set to the milestone: 1.3.6.0
Metadata Update from @mreynolds: - Issue close_status updated to: None - Issue set to the milestone: 1.3.7 backlog (was: 1.3.6.0)
Metadata Update from @mreynolds: - Issue set to the milestone: 1.4 backlog (was: 1.3.7 backlog)
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/1934
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.