Ticket #171 (closed defect: worksforme)

Opened 2 years ago

Last modified 2 years ago

ldclt adds a leading space to values when using -e attrreplace

Reported by: rmeggins Owned by: nhosoi
Priority: major Milestone: 1.2.11.a1
Component: Command Line Utilities Version: 1.2.10
Keywords: Cc:
Blocked By: Blocking:
Review: Needs Review Ticket origin:
Red Hat Bugzilla: 715064

Description

https://bugzilla.redhat.com/show_bug.cgi?id=715064

Description of problem: LDCLT fails to complete the modify(attrreplace)
operation when operational attributes are used.
For eg: When try to replace the "lastLoginTime" attribute of the users to
activate them which are inactivated by Account Policy plugin, it throws an
error 21(Invalid Syntax error).

How reproducible: Consistently

Steps to Reproduce:
1. Configure Global Account policy plugin using the following ldif file.

cat Account.ldif
----------------------------
dn: cn=Account Policy Plugin,cn=plugins,cn=config
changetype: modify
replace: nsslapd-pluginEnabled
nsslapd-pluginEnabled: on
-
replace: nsslapd-pluginarg0
nsslapd-pluginarg0: cn=config,cn=Account Policy Plugin,cn=plugins,cn=config

dn: cn=config,cn=Account Policy Plugin,cn=plugins,cn=config
changetype: modify
replace: alwaysrecordlogin
alwaysrecordlogin: yes
-
replace: stateattrname
stateattrname: lastLoginTime
-
replace: altstateattrname
altstateattrname: createTimestamp
-
replace: specattrname
specattrname: acctPolicySubentry
-
replace: limitattrname
limitattrname: accountInactivityLimit
-
replace: accountInactivityLimit
accountInactivityLimit: 60
--------------------------------
2. Add 1000 users using ldclt operation.
        ldclt -v -h $HOST -p $PORT -D "cn=directory manager" -w $PASSWD -b
"$SUFFIX" -e
object=/tmp/Users.ldif,rdn=uid:test_01stress[A=INCRNNOLOOP(1000;1999;4)] -e
add,commoncounter -n 20 -N 120 -T 100

3. Run ldclt operations to bind to each users to create the lastLoginTime
attribute.
        ldclt -v -h $HOST -p $PORT -D "uid=test_01stressXXXX,$SUFFIX" -w
$USERPW -b "$SUFFIX" -e esearch -f "uid=test_01stress*" -e
"randombinddn,randombinddnlow=1000,randombinddnhigh=1999" -n 20 -N 20 -I 19

4. Wait for 60 secs(to reach AccountInactivityLimit) to make the account
inactivated by the Account Policy plugin.

5. Run ldclt operation to reset the "lastLoginTime" attribute, so that the
accounts will be activated.

NewLoginTime=`date -u +"%Y%m%d%H%M%SZ"`

ldclt -v -h $HOST -p $PORT -D "cn=directory manager" -w $PASSWD -b "$SUFFIX" -f
uid=test_01stressXXXX -e incr -e noloop -r 1000 -R 1999 -e
attreplace='lastLoginTime:$NewLoginTime' -n 1 -N 20 -T 1000

LDCLT operations fail to activate the user accounts and logs "Invalid syntax
error"- 21.

Actual results:
ldclt modify operation fails to replace the operational attributes.

Expected results:
ldclt operation should successfully modify the operational attributes as like
ldapmodify.

Additional info:
ldclt operation to reset the "lastLoginTime" attribute succeeds when setting
the "nsslapd-syntaxcheck" is set to off.

Change History

comment:1 Changed 2 years ago by rmeggins

  • Milestone changed from NEEDS_TRIAGE to 1.2.10.rc1

batch move to 1.2.10.rc1

comment:2 Changed 2 years ago by rmeggins

  • Owner rmeggins deleted

comment:3 Changed 2 years ago by nhosoi

  • Owner set to nhosoi
  • Status changed from new to assigned

Cannot reproduce the problem.

Here's the steps I tried:

  1. Check nsslapd-syntaxcheck is enabled.

# egrep nsslapd-syntaxcheck /etc/dirsrv/slapd-jiji/dse.ldif
nsslapd-syntaxcheck: on

  1. Set NewLoginTime? as suggested.

NewLoginTime?=`date -u +"%Y%m%d%H%M%SZ"
$ echo $NewLoginTime?
20120125231440Z

  1. Run ldclt with '-v'; make sure attribute's head does not start with space(s).

$ ldclt -v -h localhost -p 389 -D 'cn=directory manager' -w <pw> -b "dc=example,dc=com" -f uid=testX -e incr -e noloop -r 0 -R 9 -e attreplace="lastLoginTime:$NewLoginTime?" -n 1 -T 10
[...]
Attribute's head = "20120125231440Z"
Note: no space in front of the value
Attribute's tail = ""
[...]

  1. Search entries with lastLoginTime in the attrlist.

$ ldapsearch -LLLx -h localhost -p 389 -D 'cn=directory manager' -w <pw> -b "dc=example,dc=com" lastLoginTime
dn: dc=example,dc=com
dn: uid=test0,dc=example,dc=com
lastLoginTime: 20120125231440Z
dn: uid=test1,dc=example,dc=com
lastLoginTime: 20120125231440Z
[...]

  1. Run dbscan against the primary db file and see the lastLoginTime values are not base64 encoded.

# dbscan -f id2entry.db4 | egrep lastLoginTime

lastLoginTime: 20120125231440Z
lastLoginTime: 20120125231440Z
[...]

comment:4 Changed 2 years ago by nkinder

  • Milestone changed from 1.2.10.rc1 to 1.2.11.rc1

comment:5 Changed 2 years ago by nhosoi

  • Resolution set to worksforme
  • Status changed from assigned to closed

The original bug 715064 was closed as WORKSFORME.

Problem doesn't seems to be reproducible. In my ldclt command, I used single
quotes to attreplace='lastLoginTime:$NewLoginTime?', instead of double quotes.

When I use the double quotes for the same, the problem disappears.

attreplace="lastLoginTime:$NewLoginTime?".

Hence closing the bug as WORKSFORME as Noriko stated.

comment:6 Changed 2 years ago by rmeggins

  • Milestone changed from 1.2.11.rc1 to 1.2.11.a1

originally targeted for 1.2.11.rc1, but actually in the 1.2.11.a1 release

comment:7 Changed 20 months ago by nkinder

  • screened set to 1

Added initial screened field value.

Note: See TracTickets for help on using tickets.