rpms / 389-ds-base

Clone
Source Code
GIT

Files

  1.   e79480e958f0ac133a8a4f5ba4bd2c835bba4160
  2.   SOURCES
  3.   0008-Ticket-50282-OPERATIONS-ERROR-when-trying-to-delete-.patch
Blob Blame History Raw 
From 57f661a8acea18aa19985d0556a78d81a9361b89 Mon Sep 17 00:00:00 2001
From: Thierry Bordaz <tbordaz@redhat.com>
Date: Thu, 14 Mar 2019 17:33:35 +0100
Subject: [PATCH 1/4] Ticket 50282 - OPERATIONS ERROR when trying to delete a
 group with automember members

Bug Description:
	When automember and memberof are enabled, if a user is member of a group
	because of an automember rule. Then when the group is deleted,
	memberof updates the member (to update 'memberof' attribute) that
	trigger automember to reevaluate the automember rule and add the member
	to the group. But at this time the group is already deleted.
	Chaining back the failure up to the top level operation the deletion
	of the group fails

Fix Description:
	The fix consists to check that if a automember rule tries to add a user
	in a group, then to check that the group exists before updating it.

https://pagure.io/389-ds-base/issue/50282

Reviewed by: Mark Reynolds, William Brown

Platforms tested: F29

Flag Day: no

Doc impact: no
---
 ldap/servers/plugins/automember/automember.c | 23 ++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/ldap/servers/plugins/automember/automember.c b/ldap/servers/plugins/automember/automember.c
index bb6ff1f8e..fcf0cdb9a 100644
--- a/ldap/servers/plugins/automember/automember.c
+++ b/ldap/servers/plugins/automember/automember.c
@@ -1636,6 +1636,29 @@ automember_update_member_value(Slapi_Entry *member_e, const char *group_dn, char
     char *member_value = NULL;
     int freeit = 0;
     int rc = 0;
+    Slapi_DN *group_sdn;
+    Slapi_Entry *group_entry = NULL;
+
+    /* First thing check that the group still exists */
+    group_sdn = slapi_sdn_new_dn_byval(group_dn);
+    rc = slapi_search_internal_get_entry(group_sdn, NULL, &group_entry, automember_get_plugin_id());
+    slapi_sdn_free(&group_sdn);
+    if (rc != LDAP_SUCCESS || group_entry == NULL) {
+        if (rc == LDAP_NO_SUCH_OBJECT) {
+            /* the automember group (default or target) does not exist, just skip this definition */
+            slapi_log_err(SLAPI_LOG_PLUGIN, AUTOMEMBER_PLUGIN_SUBSYSTEM,
+                      "automember_update_member_value - group (default or target) does not exist (%s)\n",
+                      group_dn);
+            rc = 0;
+        } else {
+            slapi_log_err(SLAPI_LOG_ERR, AUTOMEMBER_PLUGIN_SUBSYSTEM,
+                      "automember_update_member_value - group (default or target) can not be retrieved (%s) err=%d\n",
+                      group_dn, rc);
+        }
+        slapi_entry_free(group_entry);
+        return rc;
+    }
+    slapi_entry_free(group_entry);
 
     /* If grouping_value is dn, we need to fetch the dn instead. */
     if (slapi_attr_type_cmp(grouping_value, "dn", SLAPI_TYPE_CMP_EXACT) == 0) {
-- 
2.17.2

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation