#609 nsDS5BeginReplicaRefresh attribute accepts any value and it doesn't throw any error when server restarts.
Closed: Fixed None Opened 7 years ago by nkinder.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 881372

Description of problem: nsDS5BeginReplicaRefresh attribute accepts any values
and it doesn't throw any error messages when the server restarts too.

Version-Release number of selected component (if applicable):
389-ds-base-1.2.11.15

How reproducible: Consistently

Steps to Reproduce:
1. Create replication agreement with two masters.
2. Run ldapmodify to initialize the replication agreement. Eg:
PORT=1189;/usr/lib64/mozldap/ldapmodify -h 10.65.206.72 -p $PORT -D
"cn=Directory Manager" -w Secret123 << EOFdn:
cn=WinPassSync,cn=replica,cn="dc=passsync,dc=com",cn=mapping tree,cn=config
changetype: modify
replace: nsDS5BeginReplicaRefresh
nsDS5BeginReplicaRefresh: start
EOF
3. Once the incremental update started, run an another ldapmodify command to
stop the incremental updates. However, this is not the right way disable the
replication updates.
PORT=1189;/usr/lib64/mozldap/ldapmodify -h 10.65.206.72 -p $PORT -D
"cn=Directory Manager" -w Secret123 << EOFdn:
cn=WinPassSync,cn=replica,cn="dc=passsync,dc=com",cn=mapping tree,cn=config
changetype: modify
replace: nsDS5BeginReplicaRefresh
nsDS5BeginReplicaRefresh: junk_value123
EOF
4. The above ldapmodify completed successfully. No error message observed in
the access/error logs even after server restarts.

Actual results: nsDS5BeginReplicaRefresh attribute accepts any value and it
doesn't throw any error when server restarts.

Expected results: It should ignore the invlaid values.

Once the incremental update started, ...
"the total update"?

On the DS-DS replication, setting a bogus value to nsDS5BeginReplicaRefresh does not stop the total update.
my steps:
$ ldapmodify -h M0 [...] -f init.mod; sleep 3; sudo egrep -i --color nsDS5BeginReplicaRefresh /etc/dirsrv/slapd-M0/dse.ldif; ldapmodify -h M0 [...] -f init.invalid.mod ; sudo egrep -i --color nsDS5BeginReplicaRefresh /etc/dirsrv/slapd-M0/dse.ldif
modifying entry cn=M0_to_M1,cn=replica,cn="dc=example,dc=com",cn=mapping tree,cn=config

nsds5BeginReplicaRefresh: start

modifying entry cn=M0_to_M1,cn=replica,cn="dc=example,dc=com",cn=mapping tree,cn=config

nsds5BeginReplicaRefresh: junk_value123

while true; do sudo egrep -i --color nsDS5BeginReplicaRefresh /etc/dirsrv/slapd-M0/dse.ldif; echo "========="; sleep 5; done
nsds5BeginReplicaRefresh: junk_value123
=========
nsds5BeginReplicaRefresh: junk_value123
=========
nsds5BeginReplicaRefresh: junk_value123
=========
nsds5BeginReplicaRefresh: junk_value123
=========
nsds5BeginReplicaRefresh: junk_value123
=========
nsds5BeginReplicaRefresh: junk_value123
=========
=========
==> init.mod <==
dn: cn=M0_to_M1,cn=replica,cn="dc=example,dc=com",cn=mapping tree,cn=config
changetype: modify
replace: nsDS5BeginReplicaRefresh
nsDS5BeginReplicaRefresh: start

==> init.invalid.mod <==
dn: cn=M0_to_M1,cn=replica,cn="dc=example,dc=com",cn=mapping tree,cn=config
changetype: modify
replace: nsDS5BeginReplicaRefresh
nsDS5BeginReplicaRefresh: junk_value123

The bogus value is set to nsDS5BeginReplicaRefresh, but it does not affect the existing operation nor initiate any new operation.

A culprit is the bogus value set to nsDS5BeginReplicaRefresh won't be removed as "start" is. It prevents adding a valid value:
nsds5BeginReplicaRefresh: junk_value123
ldapmodify ...
dn: cn=M0_to_M1,cn=replica,cn="dc=example,dc=com",cn=mapping tree,cn=config
changetype: modify
add: nsDS5BeginReplicaRefresh
nsDS5BeginReplicaRefresh: start

modifying entry cn=M0_to_M1,cn=replica,cn="dc=example,dc=com",cn=mapping tree,cn=config
ldap_modify: Object class violation
ldap_modify: additional info: single-valued attribute "nsds5BeginReplicaRefresh" has multiple values

But of course, if "replace" is used, there's no problem to reset it to "start".

Since this original bug was reported against windows sync, I'm going to test it with it next.

If the replication log level is enabled, this info is logged.
"Invalid value (junk_value123) value supplied for attr (nsds5BeginReplicaRefresh)"

Bug description: If an invalid value is set to ds5BeginReplicaRefresh
in an agreement, it does not affect the behaviour, but it does not get
purged from the agreement and causes an error if "ds5BeginReplicaRefresh:
start" is added.

Fix description: Adding an invalid ds5BeginReplicaRefresh is rejected
with "DSA is unwilling to perform" and the following error is returned:
ldap_modify: additional info: Invalid value (junk_value123) value
supplied for attr (nsds5BeginReplicaRefresh); Ignoring ...

Reviewed by Rich (Thank you!!)

Pushed to master:
b00b8ac..b6b8d7b master -> master
commit b6b8d7b

Metadata Update from @nhosoi:
- Issue assigned to nhosoi
- Issue set to the milestone: 1.3.2 - 09/13 (September)

3 years ago

Login to comment on this ticket.

Metadata