Issue #4537: Update RI config for plugin version shipped in DS 1.3.3.2 - freeipa

freeipa

#4537 Update RI config for plugin version shipped in DS 1.3.3.2

Closed: Fixed None Opened 8 years ago by mkosek.

After upgrade to 389-ds-base 1.3.3.2, Referential Integrity plugin no longer works:

# ipa user-add --first=Foo --last=Bar --manager admin fbar

# ipa user-add --first=Foo --last=Bar --manager fbar fbar2
------------------
Added user "fbar2"
------------------
...
  Manager: uid=fbar,cn=users,cn=accounts,dc=mkosek-fedora20,dc=test
...

# ipa user-del fbar
-------------------
Deleted user "fbar"
-------------------

# ipa user-show fbar2 --all
  dn: uid=fbar2,cn=users,cn=accounts,dc=mkosek-fedora20,dc=test
...
  Manager: fbar   <<<<
...

This is caused by changed RI plugin which no longer expects RI attributes by nsslapd-pluginargX bur rather in referint-membership-attr:

# ldapsearch -h `hostname` -D "cn=Directory Manager" -x -w Secret123 -b
'cn=referential integrity postoperation,cn=plugins,cn=config'
# extended LDIF
#
# LDAPv3
# base <cn=referential integrity postoperation,cn=plugins,cn=config> with scope
subtree
# filter: (objectclass=*)
# requesting: ALL
#

# referential integrity postoperation, plugins, config
dn: cn=referential integrity postoperation,cn=plugins,cn=config
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
cn: referential integrity postoperation
nsslapd-pluginPath: libreferint-plugin
nsslapd-pluginInitfunc: referint_postop_init
nsslapd-pluginType: betxnpostoperation
nsslapd-pluginEnabled: on
nsslapd-pluginprecedence: 40
referint-update-delay: 0
referint-logfile: /var/log/dirsrv/slapd-MKOSEK-FEDORA20-TEST/referint
referint-logchanges: 0
referint-membership-attr: member
referint-membership-attr: uniquemember
referint-membership-attr: owner
referint-membership-attr: seeAlso
nsslapd-plugin-depends-on-type: database
nsslapd-pluginId: referint
nsslapd-pluginVersion: 1.3.3.2.a1
nsslapd-pluginVendor: 389 Project
nsslapd-pluginDescription: referential integrity plugin
nsslapd-pluginarg7: manager
nsslapd-pluginarg8: secretary
nsslapd-pluginarg9: memberuser
nsslapd-pluginarg10: memberhost
nsslapd-pluginarg11: sourcehost
nsslapd-pluginarg12: memberservice
nsslapd-pluginarg13: managedby
nsslapd-pluginarg14: memberallowcmd
nsslapd-pluginarg15: memberdenycmd
nsslapd-pluginarg16: ipasudorunas
nsslapd-pluginarg17: ipasudorunasgroup
nsslapd-pluginentryscope: dc=mkosek-fedora20,dc=test
nsslapd-plugincontainerscope: dc=mkosek-fedora20,dc=test
nsslapd-pluginarg18: ipatokenradiusconfiglink

# search result
search: 2
result: 0 Success

# numResponses: 2

mkosek commented 8 years ago

Petr is working on that, this needs to go in 4.0.3.

mkosek commented 8 years ago

master:

d61fb40 Update referential integrity config for DS 1.3.3

ipa-4-1:

f8771db Update referential integrity config for DS 1.3.3

ipa-4-0:

c6baece Update referential integrity config for DS 1.3.3

pviktori commented 8 years ago

Fedora bug: https://bugzilla.redhat.com/show_bug.cgi?id=1141335

mkosek commented 8 years ago

Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1141335 (Fedora)

Metadata Update from @mkosek:
- Issue assigned to pviktori
- Issue set to the milestone: FreeIPA 4.0.3

6 years ago

Metadata

Assignee

pviktori

Tags

None

Blocking

None

Depending on

None

Priority

important

Milestone

FreeIPA 4.0.3

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1141335

tester

None

changelog

None

design

None

freeipa

Source Code

#4537 Update RI config for plugin version shipped in DS 1.3.3.2 Closed: Fixed None Opened 8 years ago by mkosek.

Metadata

#4537 Update RI config for plugin version shipped in DS 1.3.3.2

Closed: Fixed None Opened 8 years ago by mkosek.