#49541 Server allows to set nsds5replicaid=65535 in the existing replica entry
Closed: fixed 2 years ago Opened 2 years ago by mreynolds.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1533828

Description of problem:
We can break the nsds5replicaid attribute rules (it should be 1 to 65534 for
masters) if we'll try to modify the existing replication entry.

Version-Release number of selected component (if applicable):
389-ds-base-1.3.7.5-11.el7.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Install an instance
2. Add a replica entry:
[root@qeos-19 upstream]# ldapmodify -a -h localhost -p 389 -D "cn=Directory
manager" -w Secret123 << EOF
> dn: cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
> cn: replica
> nsDS5Flags: 1
> nsDS5ReplicaBindDN: cn=sync user,cn=config
> nsDS5ReplicaId: 65535
> nsDS5ReplicaRoot: dc=example,dc=com
> nsDS5ReplicaType: 3
> objectClass: top
> objectClass: nsDS5Replica
> objectClass: extensibleobject
> EOF
adding new entry "cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping
tree,cn=config"

AND another use case ::

1. Existing MMR
2. On M1 try ::
[root@qeos-19 upstream]# ldapmodify -h localhost -p 39001 -D "cn=Directory
manager" -w password << EOF
> dn: cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
> changetype: modify
> replace: nsDS5ReplicaId
> nsDS5ReplicaId: 65535
> EOF
modifying entry "cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping
tree,cn=config"


Actual results: Operation is Successful


Expected results: It should fail with error message ::
ldap_modify: Server is unwilling to perform (53)
        additional info: Attribute nsDS5ReplicaId value (wrong_id) is invalid,
must be a number between 1 and 65535.

Additional info:

Metadata Update from @mreynolds:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1533828

2 years ago

c8b388b..ebb00a4 master -> master

400e6eb..2cabb08 389-ds-base-1.3.7 -> 389-ds-base-1.3.7

Metadata Update from @mreynolds:
- Custom field component adjusted to None
- Custom field origin adjusted to None
- Custom field reviewstatus adjusted to ack
- Custom field type adjusted to None
- Custom field version adjusted to None
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

2 years ago

That last commit addressed the adding the replica, not modifying it. This does:

branch master updated (d86e0f9 -> 56f9881)

49291b7..c5ad6e5 389-ds-base-1.3.7 -> 389-ds-base-1.3.7

Login to comment on this ticket.

Metadata