Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 881372
Description of problem: nsDS5BeginReplicaRefresh attribute accepts any values and it doesn't throw any error messages when the server restarts too. Version-Release number of selected component (if applicable): 389-ds-base-1.2.11.15 How reproducible: Consistently Steps to Reproduce: 1. Create replication agreement with two masters. 2. Run ldapmodify to initialize the replication agreement. Eg: PORT=1189;/usr/lib64/mozldap/ldapmodify -h 10.65.206.72 -p $PORT -D "cn=Directory Manager" -w Secret123 << EOFdn: cn=WinPassSync,cn=replica,cn="dc=passsync,dc=com",cn=mapping tree,cn=config changetype: modify replace: nsDS5BeginReplicaRefresh nsDS5BeginReplicaRefresh: start EOF 3. Once the incremental update started, run an another ldapmodify command to stop the incremental updates. However, this is not the right way disable the replication updates. PORT=1189;/usr/lib64/mozldap/ldapmodify -h 10.65.206.72 -p $PORT -D "cn=Directory Manager" -w Secret123 << EOFdn: cn=WinPassSync,cn=replica,cn="dc=passsync,dc=com",cn=mapping tree,cn=config changetype: modify replace: nsDS5BeginReplicaRefresh nsDS5BeginReplicaRefresh: junk_value123 EOF 4. The above ldapmodify completed successfully. No error message observed in the access/error logs even after server restarts. Actual results: nsDS5BeginReplicaRefresh attribute accepts any value and it doesn't throw any error when server restarts. Expected results: It should ignore the invlaid values.
Once the incremental update started, ... "the total update"?
On the DS-DS replication, setting a bogus value to nsDS5BeginReplicaRefresh does not stop the total update. my steps: $ ldapmodify -h M0 [...] -f init.mod; sleep 3; sudo egrep -i --color nsDS5BeginReplicaRefresh /etc/dirsrv/slapd-M0/dse.ldif; ldapmodify -h M0 [...] -f init.invalid.mod ; sudo egrep -i --color nsDS5BeginReplicaRefresh /etc/dirsrv/slapd-M0/dse.ldif modifying entry cn=M0_to_M1,cn=replica,cn="dc=example,dc=com",cn=mapping tree,cn=config
nsds5BeginReplicaRefresh: start
modifying entry cn=M0_to_M1,cn=replica,cn="dc=example,dc=com",cn=mapping tree,cn=config
nsds5BeginReplicaRefresh: junk_value123
while true; do sudo egrep -i --color nsDS5BeginReplicaRefresh /etc/dirsrv/slapd-M0/dse.ldif; echo "========="; sleep 5; done nsds5BeginReplicaRefresh: junk_value123 ========= nsds5BeginReplicaRefresh: junk_value123 ========= nsds5BeginReplicaRefresh: junk_value123 ========= nsds5BeginReplicaRefresh: junk_value123 ========= nsds5BeginReplicaRefresh: junk_value123 ========= nsds5BeginReplicaRefresh: junk_value123 ========= ========= ==> init.mod <== dn: cn=M0_to_M1,cn=replica,cn="dc=example,dc=com",cn=mapping tree,cn=config changetype: modify replace: nsDS5BeginReplicaRefresh nsDS5BeginReplicaRefresh: start
==> init.invalid.mod <== dn: cn=M0_to_M1,cn=replica,cn="dc=example,dc=com",cn=mapping tree,cn=config changetype: modify replace: nsDS5BeginReplicaRefresh nsDS5BeginReplicaRefresh: junk_value123
The bogus value is set to nsDS5BeginReplicaRefresh, but it does not affect the existing operation nor initiate any new operation.
A culprit is the bogus value set to nsDS5BeginReplicaRefresh won't be removed as "start" is. It prevents adding a valid value: nsds5BeginReplicaRefresh: junk_value123 ldapmodify ... dn: cn=M0_to_M1,cn=replica,cn="dc=example,dc=com",cn=mapping tree,cn=config changetype: modify add: nsDS5BeginReplicaRefresh nsDS5BeginReplicaRefresh: start
modifying entry cn=M0_to_M1,cn=replica,cn="dc=example,dc=com",cn=mapping tree,cn=config ldap_modify: Object class violation ldap_modify: additional info: single-valued attribute "nsds5BeginReplicaRefresh" has multiple values
But of course, if "replace" is used, there's no problem to reset it to "start".
Since this original bug was reported against windows sync, I'm going to test it with it next.
If the replication log level is enabled, this info is logged. "Invalid value (junk_value123) value supplied for attr (nsds5BeginReplicaRefresh)"
Bug description: If an invalid value is set to ds5BeginReplicaRefresh in an agreement, it does not affect the behaviour, but it does not get purged from the agreement and causes an error if "ds5BeginReplicaRefresh: start" is added.
Fix description: Adding an invalid ds5BeginReplicaRefresh is rejected with "DSA is unwilling to perform" and the following error is returned: ldap_modify: additional info: Invalid value (junk_value123) value supplied for attr (nsds5BeginReplicaRefresh); Ignoring ...
git patch file (master) 0001-Ticket-609-nsDS5BeginReplicaRefresh-attribute-accept.patch
Reviewed by Rich (Thank you!!)
Pushed to master: b00b8ac..b6b8d7b master -> master commit b6b8d7b
Metadata Update from @nhosoi: - Issue assigned to nhosoi - Issue set to the milestone: 1.3.2 - 09/13 (September)
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/609
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Login to comment on this ticket.