#49523 memberof: schema violation error message is confusing as memberof will likely repair target entry
Closed: wontfix 4 years ago by mreynolds. Opened 6 years ago by tbordaz.

Issue Description

When memberof is enabled it adds 'memberof' attribute to members entries. If a member entry has not the appropriate objectclass to support 'memberof' attribute an ERR is logged.

[05/Jan/2018:12:46:22.803032331 +0100] - ERR - oc_check_allowed_sv - Entry "cn=user_1,ou=People,dc=example,dc=com" -- attribute "memberOf" not allowed

This is confusing because memberof will catch this violation and may try to repair it. So although this message is alarming, the target entry may finally have the 'memberof' attribute.

This is especially confusing since https://pagure.io/389-ds-base/issue/48985 where the repair operation is done by default (if schema is violated)

We can not (and should not) eliminate the schema violation message. But memberof should log a additional warning (beside the schema violation msg) stating it repaired the violation.

Package Version and Platform

Any version

Steps to reproduce

  1. Run the attached testcase

Actual results

[05/Jan/2018:12:46:22.803032331 +0100] - ERR - oc_check_allowed_sv - Entry "cn=user_1,ou=People,dc=example,dc=com" -- attribute "memberOf" not allowed

Expected results

[05/Jan/2018:12:46:22.803032331 +0100] - ERR - oc_check_allowed_sv - Entry "cn=user_1,ou=People,dc=example,dc=com" -- attribute "memberOf" not allowed
[05/Jan/2018:12:46:22.803032331 +0100] - WARN - memberof-plugin - Entry "cn=user_1,ou=People,dc=example,dc=com" schema violation caugth - repair operation succeeded

Metadata Update from @tbordaz:
- Custom field component adjusted to None
- Custom field origin adjusted to None
- Custom field reviewstatus adjusted to None
- Custom field type adjusted to None
- Custom field version adjusted to None

6 years ago

Metadata Update from @tbordaz:
- Issue set to the milestone: 1.3.7 backlog

6 years ago

Metadata Update from @tbordaz:
- Custom field reviewstatus adjusted to review (was: None)

6 years ago

Note this bug was discussed while testing 1192099 (but is not related to that bug)

Metadata Update from @mreynolds:
- Custom field reviewstatus adjusted to ack (was: review)

6 years ago

Thanks @tbordaz for opening the issue.

Sorry, I will unack it for the sake of the test case.

The main reason that we need it running on Python 3.
Also, other points from this comment are valid too:
https://pagure.io/389-ds-base/issue/49509#comment-486206

Also, you can use this doc pages for your test case (I see you need to create user, group and add members):
https://fedorapeople.org/~spichugi/html/group.html
https://fedorapeople.org/~spichugi/html/user.html

Also, you can find an example here:
https://pagure.io/389-ds-base/blob/master/f/dirsrvtests/tests/suites/memberof_plugin/regression_test.py

Metadata Update from @spichugi:
- Custom field reviewstatus adjusted to review (was: ack)

6 years ago

commit to master

To ssh://pagure.io/389-ds-base.git
6647fba..bf59861 master -> master

@spichugi , sorry I did not notice your update while pushing the patch.
The issue you raise are regarding the testcase. I will update it to follow your recommendations and push it again.

If it needs to be done before 7.5 release and you have other important tasks before that, it's not a problem for me and I'll be happy to help with Python 3 support implementation and other things in this ticket.
What do you think? Should I take it?

@spichugi I will likely not be able to work on it since end of next week.
Initially I tried UserAccounts but have not figured out how to retrieve there DN so I choose the old ways :(. I missed your documentation pointers.
If you have bandwidth to make the changes to the testcase, for sure it will greatly help me.

@spichugi I will likely not be able to work on it since end of next week.
Initially I tried UserAccounts but have not figured out how to retrieve there DN so I choose the old ways :(. I missed your documentation pointers.
If you have bandwidth to make the changes to the testcase, for sure it will greatly help me.

Sure, I'll help. :) And main part is already done by you (writing the test case). I'll work on it during Monday then.

Metadata Update from @mreynolds:
- Custom field reviewstatus adjusted to ack (was: review)

6 years ago

Ack from me for the C code. I don't like ternaries though ..... :(

commit f102eab
Author: Simon Pichugin spichugi@redhat.com
Date: Mon Jan 8 14:42:20 2018 +0100

Metadata Update from @mreynolds:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1533571

6 years ago

Is this ready to go into 1.3.7? (RHEL 7.5)

Yes I think it makes sense as it was raised during 7.5 QE (Bug 1192099)
To ssh://pagure.io/389-ds-base.git
45a64ae..05d5c52 389-ds-base-1.3.7 -> 389-ds-base-1.3.7

commit 003fa4d
Author: Amita Sharma amsharma@redhat.com
Date: Mon Jan 29 19:17:31 2018 +0530

Metadata Update from @mreynolds:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

4 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/2582

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: fixed)

3 years ago

Login to comment on this ticket.

Metadata