https://bugzilla.redhat.com/show_bug.cgi?id=742317
When multiple naming contexts are available it is hard to find out what a client should use by default (usually the identity mgmt related tree where to find users/groups). It would be really helpful to allow cn=Directory Manager to be able to write the 'defaultNamingcontext' attribute to the rootdse so that clients do not need to do strange probings. AD and also openldap apparently have it so many clients already know how to handle this attribute.
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=766322
Proposal: . Introduce nsslapd-defaultNamingContext to cn=config to store defaultNamingContext. . If no namingContexts are found, none is assigned to defaultNamingContext. . When the first namingContext is added, it will be assigned to defaultNamingContext. . Once one namingContext (e.g., dc=test,dc=com) is assigned to defaultNamingContext, the following config attribute is added to cn=config. nsslapd-defaultNamingContext: dc=test,dc=com . It could be switched to other namingContext by replacing the value. The modify fails if the new value is not found in the namingContexts. . If the namingContext is removed (i.e., the backend as well as the suffix are deleted), the defaultNamingContext is removed, as well. Note that the nsslapd-defaultNamingContext attribute value pair will be entirely removed.
Valgrind reports this invalid read on deleting a suffix/backend. ==10342== Invalid read of size 4 ==10342== at 0x404953F: dse_call_callback (dse.c:2198) ==10342== by 0x40493B3: dse_delete (dse.c:2153) ==10342== by 0x404057F: op_shared_delete (delete.c:365) ==10342== by 0x403FDAD: do_delete (delete.c:128) ==10342== by 0x8057D29: connection_dispatch_operation (connection.c:573) ==10342== by 0x805951A: connection_threadmain (connection.c:2328) ==10342== by 0x361A964: _pt_root (ptthread.c:187) ==10342== by 0x789E98: start_thread (in /lib/libpthread-2.13.so) ==10342== by 0x6CFD2D: clone (in /lib/libc-2.13.so) ==10342== Address 0x41bf7c8 is 32 bytes inside a block of size 36 free'd ==10342== at 0x4005B0A: free (vg_replace_malloc.c:325) ==10342== by 0x403BB0F: slapi_ch_free (ch_malloc.c:363) ==10342== by 0x40458E0: dse_callback_delete (dse.c:261) ==10342== by 0x4045B1B: dse_callback_removefromlist (dse.c:351) ==10342== by 0x40494BA: dse_remove_callback (dse.c:2171) ==10342== by 0x4049758: slapi_config_remove_callback (dse.c:2247) ==10342== by 0x639ABF4: vlv_remove_callbacks (vlv.c:465) ==10342== by 0x6380794: ldbm_instance_unregister_callbacks (ldbm_instance_config.c:1062) ==10342== by 0x6380AB7: ldbm_instance_post_delete_instance_entry_callback (ldbm_instance_config.c:1161) ==10342== by 0x40495F6: dse_call_callback (dse.c:2206) ==10342== by 0x40493B3: dse_delete (dse.c:2153) ==10342== by 0x404057F: op_shared_delete (delete.c:365) ==10342== by 0x403FDAD: do_delete (delete.c:128) ==10342== by 0x8057D29: connection_dispatch_operation (connection.c:573) ==10342== by 0x805951A: connection_threadmain (connection.c:2328) ==10342== by 0x361A964: _pt_root (ptthread.c:187) ==10342== by 0x789E98: start_thread (in /lib/libpthread-2.13.so) ==10342== by 0x6CFD2D: clone (in /lib/libc-2.13.so)
I'm going to separate the Invalid read issue and open a new ticket for it.
Ticket #259 (new defect) Valgrind reports Invalid read on removing a suffix/backend
git patch file (master) 0001-Trac-Ticket-26-Please-support-setting.patch
Pushed to master.
$ git merge trac26 Updating c43a508..a8bacba Fast-forward ldap/admin/src/scripts/DSCreate.pm.in | 1 + ldap/servers/plugins/usn/usn.c | 8 -- ldap/servers/slapd/entry.c | 11 +++- ldap/servers/slapd/libglobs.c | 88 +++++++++++++++++++++- ldap/servers/slapd/mapping_tree.c | 131 ++++++++++++++++++++++++++++++--- ldap/servers/slapd/plugin.c | 2 +- ldap/servers/slapd/proto-slap.h | 3 +- ldap/servers/slapd/rdn.c | 12 +++ ldap/servers/slapd/rootdse.c | 8 ++- ldap/servers/slapd/slap.h | 2 + ldap/servers/slapd/slapi-plugin.h | 14 +++- 11 files changed, 253 insertions(+), 27 deletions(-)
$ git push Counting objects: 46, done. Delta compression using up to 4 threads. Compressing objects: 100% (25/25), done. Writing objects: 100% (26/26), 5.59 KiB, done. Total 26 (delta 20), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git c43a508..a8bacba master -> master
Steps to verify: 1. install DS (preferably with the admin server and Console) 2. Search nsslapd-defaultnamingcontext in cn=config and defaultnamingcontext in the rootdse. $ ldapsearch -LLLx -h localhost -p <port> -D 'cn=directory manager' -w <pw> -b "cn=config" -s base nsslapd-defaultnamingcontext dn: cn=config nsslapd-defaultnamingcontext: <default suffix (e.g., dc=example,dc=com)> $ ldapsearch -LLLx -h localhost -p <port> -b "" -s base | egrep namingcontext namingContexts: dc=example,dc=com defaultnamingcontext: dc=example,dc=com 3. Add a new suffix "dc=test,dc=com" and verify nsslapd-defaultnamingcontext and defaultnamingcontext are not changed. 4. Remove the new suffix "dc=test,dc=com" and verify nsslapd-defaultnamingcontext and defaultnamingcontext are not changed. 5. Remove the original suffix "dc=example,dc=com" and verify nsslapd-defaultnamingcontext and defaultnamingcontext are both removed. $ ldapsearch -LLLx -h localhost -p <port> -D 'cn=directory manager' -w <pw> -b "cn=config" -s base nsslapd-defaultnamingcontext dn: cn=config nsslapd-defaultnamingcontext: $ ldapsearch -LLLx -h localhost -p <port> -b "" -s base | egrep namingcontext $ 6. Add a new suffix "dc=newtest,dc=com" and verify the new suffix is set to nsslapd-defaultnamingcontext and defaultnamingcontext. $ ldapsearch -LLLx -h localhost -p <port> -D 'cn=directory manager' -w <pw> -b "cn=config" -s base nsslapd-defaultnamingcontext dn: cn=config nsslapd-defaultnamingcontext: dc=newtest,dc=com $ ldapsearch -LLLx -h localhost -p 10389 -b "" -s base | egrep namingcontext namingContexts: dc=newtest,dc=com defaultnamingcontext: dc=newtest,dc=com
Fix description: If a config param is set to nsslapd-allowed-to-delete-attrs, the value is allowed to delete. nsslapd-defaultnamingcontext is set to the value, by default. The config set API is not designed to allow deleting a param. Instead, it sets NULL to represent the deletion. But it turned out it was not allowed, either. This patch allows to the config params set in the nsslapd-allowed-to-delete-attrs to pass NULL value.
ok - but note that it is ok to pass a NULL to slapi_ch_strdup - it will just return a NULL - so you don't have to check for (value)
Replying to [comment:19 rmeggins]:
Good point! I'm modifying it. Thanks, Rich!
revised git patch file (master) 0001-Trac-Ticket-26-Please-support-setting-defaultNamingC.patch
Reviewed by Rich (Thank you!!)
$ git merge work Updating c013442..d664d54 Fast-forward ldap/servers/slapd/configdse.c | 23 +--------------- ldap/servers/slapd/libglobs.c | 56 +++++++++++++++++++++++++++++++------- ldap/servers/slapd/proto-slap.h | 2 + 3 files changed, 48 insertions(+), 33 deletions(-)
$ git push Counting objects: 15, done. Delta compression using up to 4 threads. Compressing objects: 100% (8/8), done. Writing objects: 100% (8/8), 1.52 KiB, done. Total 8 (delta 6), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git c013442..d664d54 master -> master
Cherry-picked and pushed to 389-ds-base-1.2.10
$ git cherry-pick d664d54 [ds1210 f676eb1] Trac Ticket #26 - Please support setting defaultNamingContext in the rootdse. 3 files changed, 48 insertions(+), 33 deletions(-)
$ git push origin ds1210:389-ds-base-1.2.10 Counting objects: 15, done. Delta compression using up to 4 threads. Compressing objects: 100% (8/8), done. Writing objects: 100% (8/8), 1.52 KiB, done. Total 8 (delta 6), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git 7373fbf..f676eb1 ds1210 -> 389-ds-base-1.2.10
commit changeset:f676eb1/389-ds-base Author: Noriko Hosoi nhosoi@redhat.com Date: Tue Feb 14 18:15:51 2012 -0800 1.2.10 branch
Added initial screened field value.
Metadata Update from @rmeggins: - Issue assigned to nhosoi - Issue set to the milestone: 1.2.10.a7
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/26
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Login to comment on this ticket.