I'm testing 389 v1.2.10.12 on CentOS 5.8 x86_64. With Attribute Uniqueness plugin enabled for one of the attributes of the entry (not the naming attribute) modrdn operation for this entry fails with:
ldap_rename: Constraint violation (19) additional info: Another entry with the same attribute value already exists (attribute: "X-UniqueId")
In our case we need the uniqueness of the X-UniqueId attribute. The modrdn was changing the uid attribute. In the latest version of 1.2.9.x this problem did not exist.
It's a blocking issue for the upgrade 1.2.9.x->1.2.10x on our production servers.
Typical log trace: [11/Jul/2012:16:20:40 +0200] conn=5 op=6 MODRDN dn="uid=somelogin,ou=Personnel,ou=Utilisateurs,dc=id,dc=polytechnique,dc=edu" newrdn="uid=somelogin.test" newsuperior="ou=Personnel,ou=Utilisateurs,dc=id,dc=polytechnique,dc=edu" [11/Jul/2012:16:20:41 +0200] conn=5 op=6 RESULT err=19 tag=109 nentries=0 etime=0.012000
Can you provide your attribute uniqueness configuration?
Here it is (the same conf works ok in version 1.2.9.10)
cn=attribute uniqueness,cn=plugins,cn=config objectClass: top objectClass: nsSlapdPlugin objectClass: extensibleObject cn: attribute uniqueness nsslapd-pluginPath: libattr-unique-plugin nsslapd-pluginInitfunc: NSUniqueAttr_Init nsslapd-pluginType: preoperation nsslapd-pluginEnabled: on nsslapd-pluginarg0: uid nsslapd-pluginarg1: dc=id,dc=polytechnique,dc=edu nsslapd-plugin-depends-on-type: database nsslapd-pluginId: NSUniqueAttr nsslapd-pluginVersion: 1.2.10.12 nsslapd-pluginVendor: 389 Project nsslapd-pluginDescription: Enforce unique attribute values
cn=X-UniqueId uniqueness,cn=plugins,cn=config objectClass: top objectClass: nsSlapdPlugin objectClass: extensibleObject cn: X-UniqueId uniqueness nsslapd-pluginPath: libattr-unique-plugin nsslapd-pluginInitfunc: NSUniqueAttr_Init nsslapd-pluginType: preoperation nsslapd-pluginEnabled: on nsslapd-pluginarg0: X-UniqueId nsslapd-pluginarg1: dc=id,dc=polytechnique,dc=edu nsslapd-plugin-depends-on-type: database nsslapd-pluginId: NSUniqueAttr nsslapd-pluginVersion: 1.2.10.12 nsslapd-pluginVendor: 389 Project nsslapd-pluginDescription: Enforce unique attribute values
Wiki puts an additional question mark in the name of the attribute, don't know how to get rid of it.
Ok, i've found how to get rid of the question mark: {{{
cn=X-UniqueId uniqueness,cn=plugins,cn=config objectClass: top objectClass: nsSlapdPlugin objectClass: extensibleObject cn: X-UniqueId uniqueness nsslapd-pluginPath: libattr-unique-plugin nsslapd-pluginInitfunc: NSUniqueAttr_Init nsslapd-pluginType: preoperation nsslapd-pluginEnabled: on nsslapd-pluginarg0: X-UniqueId nsslapd-pluginarg1: dc=id,dc=polytechnique,dc=edu nsslapd-plugin-depends-on-type: database nsslapd-pluginId: NSUniqueAttr nsslapd-pluginVersion: 1.2.10.12 nsslapd-pluginVendor: 389 Project nsslapd-pluginDescription: Enforce unique attribute values }}}
I have not been able to reproduce so far. This is what I've done: setup a plain directory server with 3 attribute uniqueness plugins - the default (for uid), one for nsuniqueid, and one for uidNumber. I'm adding a user entry like this: {{{ dn: uid=testuser1,ou=People,dc=example,dc=com objectClass: top objectClass: person objectClass: organizationalperson objectClass: inetorgperson objectClass: posixaccount uidNumber: 999 gidNumber: 999 gecos: Test User1 sn: User1 homeDirectory: /home/testuser1 givenName: Test cn: Test User1 uid: testuser1 }}}
Then I do a modrdn operation like this: {{{ [11/Jul/2012:15:09:54 -0600] conn=1 op=4 MODRDN dn="uid=testuser1,ou=people,dc=example,dc=com" newrdn="uid=testuser1changed" newsuperior="ou=people,dc=example,dc=com" [11/Jul/2012:15:09:54 -0600] conn=1 op=4 RESULT err=0 tag=109 nentries=0 etime=0 }}}
I've tried this with the latest 1.2.11 branch and the latest 1.2.10 branch (on EL6 - have not tried on EL5).
Are you using any other plugins?
Hi Rich,
i've tested it only on EL5(.8) x86_64
There is also an additional index on {{{ X-UniqueId }}} for presence and equality: {{{ 207 cn=x-uniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config objectClass: top objectClass: nsIndex nsSystemIndex: false cn: x-uniqueid nsIndexType: pres nsIndexType: eq }}}
And here are some of the other used plugins and non-default config attributes:
entryusn plugin pam passthrough plugin memberOf plugin
{{{
}}}
I'll try to narrow down the problem tomorrow by disabling plugins one by one.
I've tried it with enabling many plugins at once - still works fine.
I have a CentOS 5 x86_64 machine I can use. It's possible it is related to EL5 and/or mozldap.
Tried with CentOS 5 x86_64 with 389-ds-base 1.2.10.11 from epel-testing - cannot reproduce
Hi Rich, here are the exact steps to reproduce it on CentOS5.8 x86_64 with the latest epel testing rpm :
{{{ cat /etc/redhat-release CentOS release 5.8 (Final)
cat /proc/version Linux version 2.6.18-308.11.1.el5 (mockbuild@builder10.centos.org) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-52)) #1 SMP Tue Jul 10 08:48:43 EDT 2012
yum --enablerepo=epel-testing install 389-ds-base.x86_64 389-admin.x86_64
rpm -qi 389-ds-base Name : 389-ds-base Relocations: (not relocatable) Version : 1.2.10.11 Vendor: Fedora Project Release : 1.el5 Build Date: Wed 27 Jun 2012 02:55:21 AM CEST Install Date: Thu 12 Jul 2012 12:37:22 PM CEST Build Host: x86-14.phx2.fedoraproject.org Group : System Environment/Daemons Source RPM: 389-ds-base-1.2.10.11-1.el5.src.rpm Size : 4995092 License: GPLv2 with exceptions Signature : DSA/SHA1, Thu 28 Jun 2012 04:09:37 PM CEST, Key ID 119cc036217521f6 Packager : Fedora Project URL : http://port389.org/ Summary : 389 Directory Server (base) Description : 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration.
./setup-ds-admin.pl ... "2. Typical" installation with dc=example,dc=com ...
ldapmodify -x -h localhost -D "cn= Directory Manager" -w 'mypassword' <<EOF dn: cn=schema changetype: modify add: attributeTypes attributeTypes: ( 1.3.6.1.4.123803.0.7 NAME 'X-UniqueId' DESC 'Identifiant uni que de la personne' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGI N 'user defined' ) - add: objectClasses objectClasses: ( 1.3.6.1.4.1.123803.1.1 NAME 'X-Misc' DESC 'Additional attribu tes for Ecole Polytechnique' SUP top STRUCTURAL MAY ( X-UniqueId ) X-ORIGIN ' user defined' ) EOF
ldapadd -x -h localhost -D "cn= Directory Manager" -w 'mypassword' <<EOF dn: uid=my.account, ou=People,dc=example,dc=com uid: my.account objectClass: X-Misc objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top cn: Test Account givenName: Test sn: Account X-UniqueId: some-id EOF
ldapadd -x -h localhost -D "cn= Directory Manager" -w 'mypassword' <<EOF dn: cn=X-UniqueId uniqueness,cn=plugins,cn=config objectClass: top objectClass: nsSlapdPlugin objectClass: extensibleObject cn: attribute uniqueness cn: X-UniqueId uniqueness nsslapd-pluginPath: libattr-unique-plugin nsslapd-pluginInitfunc: NSUniqueAttr_Init nsslapd-pluginType: preoperation nsslapd-pluginEnabled: on nsslapd-pluginarg0: X-UniqueId nsslapd-pluginarg1: dc=example,dc=com nsslapd-plugin-depends-on-type: database nsslapd-pluginId: NSUniqueAttr nsslapd-pluginVersion: 1.2.10.12 nsslapd-pluginVendor: 389 Project nsslapd-pluginDescription: Enforce unique attribute values EOF
/etc/init.d/dirsrv restart
ldapmodify -a -x -h localhost -D "cn= Directory Manager" -w 'mypassword' <<EOF dn: uid=my.account,ou=People,dc=example,dc=com changetype: modrdn newrdn: uid=my.account.test deleteoldrdn: 1 newsuperior: ou=People,dc=example,dc=com EOF
modifying rdn of entry "uid=my.account,ou=People,dc=example,dc=com" rename completed ldapmodify: Constraint violation (19) additional info: Another entry with the same attribute value already exists (attribute: "X-UniqueId")
The logs :
{{{ ==> /var/log/dirsrv/slapd-example/errors <== [12/Jul/2012:12:47:03 +0200] - slapd shutting down - signaling operation threads [12/Jul/2012:12:47:03 +0200] - slapd shutting down - closing down internal subsystems and plugins [12/Jul/2012:12:47:03 +0200] - Waiting for 4 database threads to stop [12/Jul/2012:12:47:03 +0200] - All database threads now stopped [12/Jul/2012:12:47:03 +0200] - slapd stopped. [12/Jul/2012:12:47:05 +0200] - 389-Directory/1.2.10.11 B2012.179.054 starting up [12/Jul/2012:12:47:05 +0200] - slapd started. Listening on All Interfaces port 389 for LDAP requests
==> /var/log/dirsrv/slapd-example/access <== [12/Jul/2012:12:47:44 +0200] conn=2 fd=64 slot=64 connection from 127.0.0.1 to 127.0.0.1 [12/Jul/2012:12:47:44 +0200] conn=2 op=0 BIND dn="cn=Directory Manager" method=128 version=3 [12/Jul/2012:12:47:44 +0200] conn=2 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [12/Jul/2012:12:47:44 +0200] conn=2 op=1 MODRDN dn="uid=my.account,ou=People,dc=example,dc=com" newrdn="uid=my.account.test" newsuperior="ou=People,dc=example,dc=com" [12/Jul/2012:12:47:44 +0200] conn=2 op=1 RESULT err=19 tag=109 nentries=0 etime=0 [12/Jul/2012:12:47:44 +0200] conn=2 op=2 UNBIND [12/Jul/2012:12:47:44 +0200] conn=2 op=2 fd=64 closed - U1
0001-Ticket-406-Impossible-to-rename-entry-modrdn-with-At.patch 0001-Ticket-406-Impossible-to-rename-entry-modrdn-with-At.patch
69ce800..832a52d 389-ds-base-1.2.11 -> 389-ds-base-1.2.11 commit changeset:832a52d/389-ds-base Author: Rich Megginson rmeggins@redhat.com Date: Thu Jul 12 19:56:55 2012 -0600 c0151f7..d7876a2 master -> master commit changeset:d7876a2/389-ds-base Author: Rich Megginson rmeggins@redhat.com Date: Thu Jul 12 19:56:55 2012 -0600
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=840153
branch 389-ds-base-1.2.10 commit changeset:93011a3/389-ds-base Author: Rich Megginson rmeggins@redhat.com Date: Thu Jul 12 19:56:55 2012 -0600
fixed in 1.2.10.13
Added initial screened field value.
Metadata Update from @pj101: - Issue assigned to rmeggins - Issue set to the milestone: 1.2.11.8
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/406
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Login to comment on this ticket.