Description of problem:
if we set nsslapd-plugin-binddn-tracking: on, it seems that no operation can be done in replication agreement. The error will be 53 unwilling to perform.
How reproducible: always
Steps to Reproduce: 1. nsslapd-plugin-binddn-tracking: on 2. modify a replication agreement like:
ldapmodify -p 1389 -h localhost -D "cn=directory manager" -W dn: cn=Toserver2,cn=replica,cn=o\3Dredhat,cn=mapping tree,cn=config changetype: modify replace: nsds5replicaenabled nsds5replicaenabled: off
modifying entry "cn=Toserver2,cn=replica,cn=o\3Dredhat,cn=mapping tree,cn=config" ldap_modify: Server is unwilling to perform (53)
Actual results: no possible to modify repl. agreement.
In error logs:
[13/Apr/2015:20:11:18 +0200] NSMMReplicationPlugin - agmtlist_modify_callback: modification of internalModifiersName attribute is not allowed
seems to be related to this bug:
Bug 1171356 - Bind DN tracking unable to write to internalModifiersName without special permissions
but in this case it's directory manager which is modifying the agreement (no aci is evaluated). Probably this MOD activates another MOD done by a plugin ?
This works for me on the latest version of 1.2.11 and master branch. Perhaps customer is on older version of 1.2.11 that does not have the fix from https://fedorahosted.org/389/ticket/47950
Metadata Update from @mreynolds: - Issue assigned to mreynolds - Issue set to the milestone: 1.2.11.33
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/1486
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Invalid)
Login to comment on this ticket.