#49283 memberOf plug-in doesn't perform syntax checking when not enabled
Closed: wontfix 6 months ago by tbordaz. Opened 3 years ago by ilias95.

Issue Description

The memberOf doesn't perform syntax checking when not enabled. So somebody can disable the plug-in, then set some invalid attribute (using lib389's dsconf for example). If they later enable the plug-in again Directory Server will fail.

Package Version and Platform

Git master on Fedora 25.

Steps to reproduce

  1. Disable memberOf plugin and restart the server.
  2. Set some illegal value to any of each attributes (using lib389's dsconf for example).
  3. Enable the plugin and try to restart the server again.

I'll promptly attach a reproducer.

I think the way to solve this is to make a memberOf objectClasses type, that has the properly defined attributes in syntax. We need a new syntax type that validates "valid objectClass" and "valid attribute type".

So we would have say:

memberOfAutoAddOc ... .SYNTAX <new oid>

Where the new OID, is added to syntaxes, and it validates the content is a valid oc/attr according to schema.

This would allow offline checking of the type :)

Metadata Update from @firstyear:
- Custom field type adjusted to defect

3 years ago

Metadata Update from @mreynolds:
- Issue set to the milestone:

3 years ago

Metadata Update from @mreynolds:
- Custom field origin adjusted to None
- Custom field reviewstatus adjusted to None
- Issue set to the milestone: 1.4.2 (was:

a year ago

Ideally it would be nice to have but it raises some issues:

Invalid values have no effect until the plugin is started, this is a potential issue. When plugin is enabled, invalid values are detected and some logs will explain what needs to be changed. Fixing it will force the admin to have valid values even for unused plugins.

Also the complexity is that some plugins may load/verify their config at init (rarely) or at startup(most frequently). If a plugin is not enabled it would mean to move the load/verify at init. This is not minor change and should be done on all plugins not in memberof only.

Closing it as wontfix.

Metadata Update from @tbordaz:
- Issue close_status updated to: wontfix
- Issue status updated to: Closed (was: Open)

6 months ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/2342

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.