From 1feebbd2cb12aac834f4101bbfb4171f751950b9 Mon Sep 17 00:00:00 2001 From: Rich Megginson Date: May 02 2011 15:48:01 +0000 Subject: Bug 700145 - userpasswd not replicating https://bugzilla.redhat.com/show_bug.cgi?id=700145 Resolves: bug 700145 Bug Description: userpasswd not replicating Reviewed by: nkinder, nhosoi (Thanks!) Branch: 389-ds-base-1.2.8 Fix Description: The problem is happening because we are replicating the unhashed#user#password attribute. The consumer gets this sequence: delete: unhashed#user#password - add: unhashed#user#password unhashed#user#password: value The code in entry_wsi_apply_mod attempts to apply the delete, but since the attribute does not exist, it returns LDAP_NO_SUCH_ATTRIBUTE and the entire modify operation is rejected. The server removes unhashed#user#password before doing database operations in the non-replicated case, but in the replicated case it is assumed we can just apply the operations as they are given by the supplier. pw_change is never set in the replicated case, so the consumer never removes unhashed#user#password. The solution is to just remove unhashed#user#password even if pw_change is not set. If the attribute is not in the mods list, remove_mod is a no-op. Platforms tested: RHEL6 x86_64 Flag Day: no Doc impact: no (cherry picked from commit 74e81521ccc3913e8672cdd5713f832a2c6a09c3) --- diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c index ca580fb..7308871 100644 --- a/ldap/servers/slapd/modify.c +++ b/ldap/servers/slapd/modify.c @@ -873,9 +873,11 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw) /* Remove the unhashed password pseudo-attribute prior */ /* to db access */ - if (pw_change) - { - slapi_mods_init_passin (&smods, mods); + slapi_mods_init_passin (&smods, mods); + if (!unhashed_pw_attr) { + unhashed_pw_attr = slapi_attr_syntax_normalize(PSEUDO_ATTR_UNHASHEDUSERPASSWORD); + } + if (slapi_mods_get_num_mods(&smods)) { remove_mod (&smods, unhashed_pw_attr, &unhashed_pw_smod); slapi_pblock_set (pb, SLAPI_MODIFY_MODS, (void*)slapi_mods_get_ldapmods_passout (&smods)); @@ -936,8 +938,9 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw) } slapi_pblock_set (pb, SLAPI_MODIFY_MODS, (void*)slapi_mods_get_ldapmods_passout (&smods)); - slapi_mods_done(&unhashed_pw_smod); /* can finalize now */ } + slapi_mods_done(&unhashed_pw_smod); /* can finalize now */ + slapi_pblock_set(pb, SLAPI_PLUGIN_OPRETURN, &rc); plugin_call_plugins(pb, internal_op ? SLAPI_PLUGIN_INTERNAL_POST_MODIFY_FN :