Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1034325
Description of problem: From RHEL 7 most DS plugins are converted to be betxn - if their operation fails, whole transaction should fail and not be comitted to database. In case of Linked Attributes plugin, we can create a situation where plugin fails to create linked attribute in managed entry, e.g. due to non-existent managed entry. Version-Release number of selected component (if applicable): 389-ds-base-1.3.1.6-8.el7.x86_64 How reproducible: always Steps to Reproduce: # Enable plugin [jrusnack@localhost slapd-dstet]$ ldapmodify -h $HOST -p $PORT -D "cn=directory manager" -w Secret123 -a <<EOF > dn: cn=Linked Attributes,cn=plugins,cn=config > changetype: modify > replace: nsslapd-pluginEnabled > nsslapd-pluginEnabled: on > EOF modifying entry "cn=Linked Attributes,cn=plugins,cn=config" # Set up new linked attribute seeAlso [jrusnack@localhost slapd-dstet]$ ldapmodify -h $HOST -p $PORT -D "cn=directory manager" -w Secret123 -a <<EOF > dn: cn=Manager Link,cn=Linked Attributes,cn=plugins,cn=config > changetype: add > objectClass: top > objectClass: extensibleObject > cn: Manager Link > linkType: seeAlso > managedType: seeAlso > EOF adding new entry "cn=Manager Link,cn=Linked Attributes,cn=plugins,cn=config" # Restart DS to apply changes [jrusnack@localhost slapd-dstet]$ sudo systemctl restart dirsrv.target # Add manager entry, which links to non-existent uid=user [jrusnack@localhost slapd-dstet]$ ldapmodify -h $HOST -p $PORT -D "cn=directory manager" -w Secret123 -a <<EOF > dn: uid=manager,ou=people,dc=example,dc=com > objectclass: person > objectclass: inetOrgPerson > objectclass: top > cn: manager > sn: manager > uid: manager > seeAlso: uid=user,ou=people,dc=example,dc=com > EOF adding new entry "uid=manager,ou=people,dc=example,dc=com" [jrusnack@localhost slapd-dstet]$ ldapsearch -h $HOST -p $PORT -D "cn=directory manager" -w Secret123 -b "uid=manager,ou=people,dc=example,dc=com" -LLL dn: uid=manager,ou=People,dc=example,dc=com objectClass: person objectClass: inetOrgPerson objectClass: top objectClass: organizationalPerson cn: manager sn: manager uid: manager seeAlso: uid=user,ou=people,dc=example,dc=com [jrusnack@localhost slapd-dstet]$ ldapsearch -h $HOST -p $PORT -D "cn=directory manager" -w Secret123 -b "uid=user,ou=people,dc=example,dc=com" -LLL No such object (32) Matched DN: ou=people,dc=example,dc=com Actual results: Manager entry is created even though creating linked attribute in entry uid=user failed (uid=user does not exist).
Reproduced issue on master branch, investigating...
Looks good. One question... slapi_pblock_set is setting the given value duplicated.
{{{ 1977 int 1978 slapi_pblock_set( Slapi_PBlock pblock, int arg, void value ) 1979 { ... 3398 case SLAPI_PB_RESULT_TEXT: 3399 slapi_ch_free((void)&(pblock->pb_result_text)); 3400 pblock->pb_result_text = slapi_ch_strdup ((char ) value); 3401 break; }}} The err_msg string can be freed once it's set to the pblock? {{{ 1495 if(rc != LDAP_SUCCESS){ 1496 char err_msg = NULL; 1497 1498 err_msg = PR_smprintf("Linked Attrs Plugin: Failed to update " 1499 "link to target entry (%s) error %d", 1500 targetdn, rc); 1501 slapi_log_error(SLAPI_LOG_PLUGIN, LINK_PLUGIN_SUBSYSTEM, "%s\n", err_msg); 1502 slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, err_msg); 1503 slapi_sdn_free(&targetsdn); 1504 rc = LDAP_UNWILLING_TO_PERFORM; 1505 break; }}}
revision 0001-Ticket-47640-Linked-attributes-transaction-not-abort.patch
Replying to [comment:8 nhosoi]:
Looks good. One question... slapi_pblock_set is setting the given value duplicated. {{{ 1977 int 1978 slapi_pblock_set( Slapi_PBlock pblock, int arg, void value ) 1979 { ... 3398 case SLAPI_PB_RESULT_TEXT: 3399 slapi_ch_free((void)&(pblock->pb_result_text)); 3400 pblock->pb_result_text = slapi_ch_strdup ((char ) value); 3401 break; }}} The err_msg string can be freed once it's set to the pblock? {{{ 1495 if(rc != LDAP_SUCCESS){ 1496 char err_msg = NULL; 1497 1498 err_msg = PR_smprintf("Linked Attrs Plugin: Failed to update " 1499 "link to target entry (%s) error %d", 1500 targetdn, rc); 1501 slapi_log_error(SLAPI_LOG_PLUGIN, LINK_PLUGIN_SUBSYSTEM, "%s\n", err_msg); 1502 slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, err_msg); 1503 slapi_sdn_free(&targetsdn); 1504 rc = LDAP_UNWILLING_TO_PERFORM; 1505 break; }}}
Yes it can, nice catch! New patch attached...
Thanks, Mark! ack.
afd7699..cdb83c4 master -> master commit cdb83c4 Author: Mark Reynolds mreynolds@redhat.com Date: Tue Jun 9 15:32:57 2015 -0400
Metadata Update from @mreynolds: - Issue assigned to mreynolds - Issue set to the milestone: 1.3.4.0
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/977
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Login to comment on this ticket.