When memberof is enabled it adds 'memberof' attribute to members entries. If a member entry has not the appropriate objectclass to support 'memberof' attribute an ERR is logged.
[05/Jan/2018:12:46:22.803032331 +0100] - ERR - oc_check_allowed_sv - Entry "cn=user_1,ou=People,dc=example,dc=com" -- attribute "memberOf" not allowed
This is confusing because memberof will catch this violation and may try to repair it. So although this message is alarming, the target entry may finally have the 'memberof' attribute.
This is especially confusing since https://pagure.io/389-ds-base/issue/48985 where the repair operation is done by default (if schema is violated)
We can not (and should not) eliminate the schema violation message. But memberof should log a additional warning (beside the schema violation msg) stating it repaired the violation.
Any version
[05/Jan/2018:12:46:22.803032331 +0100] - ERR - oc_check_allowed_sv - Entry "cn=user_1,ou=People,dc=example,dc=com" -- attribute "memberOf" not allowed [05/Jan/2018:12:46:22.803032331 +0100] - WARN - memberof-plugin - Entry "cn=user_1,ou=People,dc=example,dc=com" schema violation caugth - repair operation succeeded
<img alt="ticket49523_test.py" src="/389-ds-base/issue/raw/files/1b199b57c0bbbe5194ae5a1c5ca8e9789f2df4b3059cb967d7549753d898bca3-ticket49523_test.py" />
Metadata Update from @tbordaz: - Custom field component adjusted to None - Custom field origin adjusted to None - Custom field reviewstatus adjusted to None - Custom field type adjusted to None - Custom field version adjusted to None
<img alt="0001-Ticket-49523-memberof-schema-violation-error-message.patch" src="/389-ds-base/issue/raw/files/0ea1c1869675169e52c97d12190e552d738f9b001199380a8ca36c66252b45e7-0001-Ticket-49523-memberof-schema-violation-error-message.patch" />
Metadata Update from @tbordaz: - Issue set to the milestone: 1.3.7 backlog
Metadata Update from @tbordaz: - Custom field reviewstatus adjusted to review (was: None)
Note this bug was discussed while testing 1192099 (but is not related to that bug)
Metadata Update from @mreynolds: - Custom field reviewstatus adjusted to ack (was: review)
Thanks @tbordaz for opening the issue.
Sorry, I will unack it for the sake of the test case.
The main reason that we need it running on Python 3. Also, other points from this comment are valid too: https://pagure.io/389-ds-base/issue/49509#comment-486206
Also, you can use this doc pages for your test case (I see you need to create user, group and add members): https://fedorapeople.org/~spichugi/html/group.html https://fedorapeople.org/~spichugi/html/user.html
Also, you can find an example here: https://pagure.io/389-ds-base/blob/master/f/dirsrvtests/tests/suites/memberof_plugin/regression_test.py
Metadata Update from @spichugi: - Custom field reviewstatus adjusted to review (was: ack)
commit to master
To ssh://pagure.io/389-ds-base.git 6647fba..bf59861 master -> master
@spichugi , sorry I did not notice your update while pushing the patch. The issue you raise are regarding the testcase. I will update it to follow your recommendations and push it again.
If it needs to be done before 7.5 release and you have other important tasks before that, it's not a problem for me and I'll be happy to help with Python 3 support implementation and other things in this ticket. What do you think? Should I take it?
@spichugi I will likely not be able to work on it since end of next week. Initially I tried UserAccounts but have not figured out how to retrieve there DN so I choose the old ways :(. I missed your documentation pointers. If you have bandwidth to make the changes to the testcase, for sure it will greatly help me.
Sure, I'll help. :) And main part is already done by you (writing the test case). I'll work on it during Monday then.
<img alt="0001-Ticket-49523-Refactor-CI-test.patch" src="/389-ds-base/issue/raw/files/da1e9819a28050aed3d00828a1b8212f19420411d6fd8e11aabe7a6776f851c3-0001-Ticket-49523-Refactor-CI-test.patch" />
Ack from me for the C code. I don't like ternaries though ..... :(
commit f102eab Author: Simon Pichugin spichugi@redhat.com Date: Mon Jan 8 14:42:20 2018 +0100
Metadata Update from @mreynolds: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1533571
Issue linked to Bugzilla: Bug 1533571
Is this ready to go into 1.3.7? (RHEL 7.5)
Yes I think it makes sense as it was raised during 7.5 QE (Bug 1192099) To ssh://pagure.io/389-ds-base.git 45a64ae..05d5c52 389-ds-base-1.3.7 -> 389-ds-base-1.3.7
<img alt="0001-Ticket-49523-Fixed-skipif-marker-topology-fixture-an.patch" src="/389-ds-base/issue/raw/files/db0c0497fc716e526442adf742cb8d9257f58169379634835f577b2a04429e37-0001-Ticket-49523-Fixed-skipif-marker-topology-fixture-an.patch" />
Thanks @spichugi for peer review, request you please recheck and merge the patch.
commit 003fa4d Author: Amita Sharma amsharma@redhat.com Date: Mon Jan 29 19:17:31 2018 +0530
Metadata Update from @mreynolds: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/2582
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: fixed)
Login to comment on this ticket.