https://bugzilla.redhat.com/show_bug.cgi?id=715064
Description of problem: LDCLT fails to complete the modify(attrreplace) operation when operational attributes are used. For eg: When try to replace the "lastLoginTime" attribute of the users to activate them which are inactivated by Account Policy plugin, it throws an error 21(Invalid Syntax error). How reproducible: Consistently Steps to Reproduce: 1. Configure Global Account policy plugin using the following ldif file. cat Account.ldif ---------------------------- dn: cn=Account Policy Plugin,cn=plugins,cn=config changetype: modify replace: nsslapd-pluginEnabled nsslapd-pluginEnabled: on - replace: nsslapd-pluginarg0 nsslapd-pluginarg0: cn=config,cn=Account Policy Plugin,cn=plugins,cn=config dn: cn=config,cn=Account Policy Plugin,cn=plugins,cn=config changetype: modify replace: alwaysrecordlogin alwaysrecordlogin: yes - replace: stateattrname stateattrname: lastLoginTime - replace: altstateattrname altstateattrname: createTimestamp - replace: specattrname specattrname: acctPolicySubentry - replace: limitattrname limitattrname: accountInactivityLimit - replace: accountInactivityLimit accountInactivityLimit: 60 -------------------------------- 2. Add 1000 users using ldclt operation. ldclt -v -h $HOST -p $PORT -D "cn=directory manager" -w $PASSWD -b "$SUFFIX" -e object=/tmp/Users.ldif,rdn=uid:test_01stress[A=INCRNNOLOOP(1000;1999;4)] -e add,commoncounter -n 20 -N 120 -T 100 3. Run ldclt operations to bind to each users to create the lastLoginTime attribute. ldclt -v -h $HOST -p $PORT -D "uid=test_01stressXXXX,$SUFFIX" -w $USERPW -b "$SUFFIX" -e esearch -f "uid=test_01stress*" -e "randombinddn,randombinddnlow=1000,randombinddnhigh=1999" -n 20 -N 20 -I 19 4. Wait for 60 secs(to reach AccountInactivityLimit) to make the account inactivated by the Account Policy plugin. 5. Run ldclt operation to reset the "lastLoginTime" attribute, so that the accounts will be activated. NewLoginTime=`date -u +"%Y%m%d%H%M%SZ"` ldclt -v -h $HOST -p $PORT -D "cn=directory manager" -w $PASSWD -b "$SUFFIX" -f uid=test_01stressXXXX -e incr -e noloop -r 1000 -R 1999 -e attreplace='lastLoginTime:$NewLoginTime' -n 1 -N 20 -T 1000 LDCLT operations fail to activate the user accounts and logs "Invalid syntax error"- 21. Actual results: ldclt modify operation fails to replace the operational attributes. Expected results: ldclt operation should successfully modify the operational attributes as like ldapmodify. Additional info: ldclt operation to reset the "lastLoginTime" attribute succeeds when setting the "nsslapd-syntaxcheck" is set to off.
batch move to 1.2.10.rc1
Cannot reproduce the problem.
Here's the steps I tried: 1. Check nsslapd-syntaxcheck is enabled.
nsslapd-syntaxcheck: on
Set NewLoginTime as suggested. NewLoginTime=`date -u +"%Y%m%d%H%M%SZ" $ echo $NewLoginTime 20120125231440Z
Run ldclt with '-v'; make sure attribute's head does not start with space(s). $ ldclt -v -h localhost -p 389 -D 'cn=directory manager' -w <pw> -b "dc=example,dc=com" -f uid=testX -e incr -e noloop -r 0 -R 9 -e attreplace="lastLoginTime:$NewLoginTime" -n 1 -T 10 [...] Attribute's head = "20120125231440Z" ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Note: no space in front of the value Attribute's tail = "" [...]
Search entries with lastLoginTime in the attrlist. $ ldapsearch -LLLx -h localhost -p 389 -D 'cn=directory manager' -w <pw> -b "dc=example,dc=com" lastLoginTime dn: dc=example,dc=com dn: uid=test0,dc=example,dc=com lastLoginTime: 20120125231440Z dn: uid=test1,dc=example,dc=com lastLoginTime: 20120125231440Z [...]
Run dbscan against the primary db file and see the lastLoginTime values are not base64 encoded.
lastLoginTime: 20120125231440Z lastLoginTime: 20120125231440Z [...]
The original bug 715064 was closed as WORKSFORME.
Problem doesn't seems to be reproducible. In my ldclt command, I used single quotes to attreplace='lastLoginTime:$NewLoginTime', instead of double quotes. When I use the double quotes for the same, the problem disappears. attreplace="lastLoginTime:$NewLoginTime". Hence closing the bug as WORKSFORME as Noriko stated.
Problem doesn't seems to be reproducible. In my ldclt command, I used single quotes to attreplace='lastLoginTime:$NewLoginTime', instead of double quotes.
When I use the double quotes for the same, the problem disappears. attreplace="lastLoginTime:$NewLoginTime".
Hence closing the bug as WORKSFORME as Noriko stated.
originally targeted for 1.2.11.rc1, but actually in the 1.2.11.a1 release
Added initial screened field value.
Metadata Update from @nhosoi: - Issue assigned to nhosoi - Issue set to the milestone: 1.2.11.a1
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/171
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Invalid)
Login to comment on this ticket.