From 50d62b6d5ea69e5cad6359dbd1dccb09fcfa1a6b Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Tue, 3 Oct 2017 09:51:53 -0400
Subject: [PATCH] Ticket 49320 - Activating already active role returns error
 16

Bug Description:  ns-activate.pl returns error 16 when trying to activate an
                  already active role.

Fix Description:  Check for error 16 (no such attr), and return error 100.
                  Also added a "redirect"otion to the ldapmod function to
                  hide any errors printed to STDERR, so that the script can
                  display its own error message.

https://pagure.io/389-ds-base/issue/49320

Reviewed by: firstyear(Thanks!)

(cherry picked from commit 406084847f29aa44ffd81de746770aeff6b67c61)
---
 ldap/admin/src/scripts/DSUtil.pm.in      | 18 +++++++++++-------
 ldap/admin/src/scripts/ns-activate.pl.in |  9 ++++++++-
 2 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/ldap/admin/src/scripts/DSUtil.pm.in b/ldap/admin/src/scripts/DSUtil.pm.in
index 805a9b91d..791464d0a 100644
--- a/ldap/admin/src/scripts/DSUtil.pm.in
+++ b/ldap/admin/src/scripts/DSUtil.pm.in
@@ -1447,6 +1447,10 @@ sub ldapmod {
         close (FILE);
     }
 
+    if ($info{redirect} eq ""){
+        $info{redirect} = "> /dev/null";
+    }
+
     #
     # Check the protocol, and reset it if it's invalid
     #
@@ -1470,9 +1474,9 @@ sub ldapmod {
             print "STARTTLS)\n";
         }
         if($info{openldap} eq "yes"){
-            system "ldapmodify -x -ZZ -h $info{host} -p $info{port} -D \"$info{rootdn}\" -w $myrootdnpw $info{args} -f \"$file\" > /dev/null";
+            system "ldapmodify -x -ZZ -h $info{host} -p $info{port} -D \"$info{rootdn}\" -w $myrootdnpw $info{args} -f \"$file\" $info{redirect}";
         } else {
-            system "ldapmodify -ZZZ -P \"$info{certdir}\" -h $info{host} -p $info{port} -D \"$info{rootdn}\" -w $myrootdnpw $info{args} -f \"$file\" > /dev/null";
+            system "ldapmodify -ZZZ -P \"$info{certdir}\" -h $info{host} -p $info{port} -D \"$info{rootdn}\" -w $myrootdnpw $info{args} -f \"$file\" $info{redirect}";
         }
     } elsif (($info{security} eq "on" && $info{protocol} eq "") || ($info{security} eq "on" && $info{protocol} =~ m/LDAPS/i) ){ 
         # 
@@ -1482,9 +1486,9 @@ sub ldapmod {
             print "LDAPS)\n";
         }
         if($info{openldap} eq "yes"){
-            system "ldapmodify -x -H \"ldaps://$info{host}:$info{secure_port}\" -D \"$info{rootdn}\" -w $myrootdnpw $info{args} -f \"$file\" > /dev/null";
+            system "ldapmodify -x -H \"ldaps://$info{host}:$info{secure_port}\" -D \"$info{rootdn}\" -w $myrootdnpw $info{args} -f \"$file\" $info{redirect}";
         } else {
-            system "ldapmodify -Z -P \"$info{certdir}\" -p $info{secure_port} -D \"$info{rootdn}\" -w $myrootdnpw $info{args} -f \"$file\" > /dev/null";
+            system "ldapmodify -Z -P \"$info{certdir}\" -p $info{secure_port} -D \"$info{rootdn}\" -w $myrootdnpw $info{args} -f \"$file\" $info{redirect}";
         }
     } elsif (($info{openldap} eq "yes") && (($info{ldapi} eq "on" && $info{protocol} eq "") || ($info{ldapi} eq "on" && $info{protocol} =~ m/LDAPI/i)) ){  
         #
@@ -1499,7 +1503,7 @@ sub ldapmod {
             if($protocol_error eq "yes"){
                 print "LDAPI)\n";
             }
-            system "ldapmodify -x -H \"$info{ldapiURL}\" -D \"$info{rootdn}\" -w $myrootdnpw $info{args} -f \"$file\" > /dev/null";
+            system "ldapmodify -x -H \"$info{ldapiURL}\" -D \"$info{rootdn}\" -w $myrootdnpw $info{args} -f \"$file\" $info{redirect}";
         }
     } else {
         # 
@@ -1509,9 +1513,9 @@ sub ldapmod {
             print "LDAP)\n";
         }
         if($info{openldap} eq "yes"){
-            system "ldapmodify -x -h $info{host} -p $info{port} -D \"$info{rootdn}\" -w $myrootdnpw $info{args} -f \"$file\" > /dev/null";
+            system "ldapmodify -x -h $info{host} -p $info{port} -D \"$info{rootdn}\" -w $myrootdnpw $info{args} -f \"$file\" $info{redirect}";
         } else {
-            system "ldapmodify -h $info{host} -p $info{port} -D \"$info{rootdn}\" -w $myrootdnpw $info{args} -f \"$file\" > /dev/null";
+            system "ldapmodify -h $info{host} -p $info{port} -D \"$info{rootdn}\" -w $myrootdnpw $info{args} -f \"$file\" $info{redirect}";
         }
     }
     unlink ($file);
diff --git a/ldap/admin/src/scripts/ns-activate.pl.in b/ldap/admin/src/scripts/ns-activate.pl.in
index 5922c9aab..bec19c8e7 100644
--- a/ldap/admin/src/scripts/ns-activate.pl.in
+++ b/ldap/admin/src/scripts/ns-activate.pl.in
@@ -731,11 +731,18 @@ if ( $single == 1 ){
 }
 
 $info{args} = "-c";
+$info{redirect} = "> /dev/null 2>&1";
 DSUtil::ldapmod($record, %info);
 if( $? != 0 ){
     debug("delete, $entry\n");
     $retCode=$?>>8;
-    exit $retCode;
+    if ($retCode == "16") {  # Error 16 (no such attr) - already activated
+        out("$entry already $state.\n");
+        exit 100;
+    } else {
+        out("Failed to activate $entry, error $retCode\n");
+        exit $retCode;
+    }
 }
 
 out("$entry $state.\n");
-- 
2.13.6