Most DS plugins are converted to be betxn - if their operation fails, whole transaction should fail and not be comitted to database. In case of Auto Membership plugin, we can create a situation where plugin fails to add user to group, e.g. due to non-existent group entry.
Steps to Reproduce: 1. Add definition entry: ldapmodify -D "cn=directory manager" -w Secret123 -a <<EOF dn: cn=testGroup,cn=Auto Membership Plugin,cn=plugins,cn=config objectclass: autoMemberDefinition autoMemberScope: ou=People,dc=example,dc=com autoMemberFilter: cn=tuser autoMemberDefaultGroup: cn=testgroup,ou=groups,dc=example,dc=com autoMemberGroupingAttr: member:dn EOF
Make sure cn=testgroup,ou=groups,dc=example,dc=com does not exist.
The operation is successful: [jrusnack@localhost 6.0]$ ldapsearch -LLL -h localhost -p 34368 -D "cn=directory manager" -w Secret123 -b "cn=tuser,dc=autoMembers,dc=com" dn: cn=tuser,dc=autoMembers,dc=com objectClass: person objectClass: top cn: tuser sn: tuser
Actual results: [jrusnack@localhost 6.0]$ tail -n1 /var/log/dirsrv/slapd-dstet/errors [28/Nov/2013:07:55:17 -0700] auto-membership-plugin - automember_add_member_value: Unable to add "cn=tuser,dc=automembers,dc=com" as a "member" value to group "cn=testgroup,dc=autoMembers,dc=com" (No such object).
Expected results: User should not be added, if plugin operation fails.
attachment 0001-Ticket-47622-Automember-betxnpreoperation-transactio.patch
git merge ticket47622 Updating 98ccb60..67a0764 Fast-forward ldap/servers/plugins/automember/automember.c | 117 +++++++++++++++++++------- ldap/servers/slapd/back-ldbm/ldbm_add.c | 4 +- ldap/servers/slapd/back-ldbm/ldbm_delete.c | 5 + ldap/servers/slapd/back-ldbm/ldbm_modify.c | 2 + ldap/servers/slapd/back-ldbm/ldbm_modrdn.c | 3 + ldap/servers/slapd/plugin.c | 3 +- 6 files changed, 102 insertions(+), 32 deletions(-)
git push origin master Counting objects: 27, done. Delta compression using up to 4 threads. Compressing objects: 100% (14/14), done. Writing objects: 100% (14/14), 2.59 KiB, done. Total 14 (delta 11), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git 98ccb60..67a0764 master -> master
commit 67a0764 Author: Mark Reynolds mreynolds@redhat.com Date: Mon Dec 9 16:57:35 2013 -0500
1.3.2
65c5155..1214168 389-ds-base-1.3.2 -> 389-ds-base-1.3.2
1.3.1
8a2c666..6de4616 389-ds-base-1.3.1 -> 389-ds-base-1.3.1
Metadata Update from @mreynolds: - Issue assigned to mreynolds - Issue set to the milestone: 1.3.1.17
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/959
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Login to comment on this ticket.