|
|
6f51e1 |
From 834b5f7355d4233c4b9d6931ba6ec8482413bca8 Mon Sep 17 00:00:00 2001
|
|
|
6f51e1 |
From: Thierry Bordaz <tbordaz@redhat.com>
|
|
|
6f51e1 |
Date: Thu, 11 May 2017 09:21:38 +0200
|
|
|
6f51e1 |
Subject: [PATCH] Ticket 49249 - cos_cache is erroneously logging schema
|
|
|
6f51e1 |
checking failure
|
|
|
6f51e1 |
|
|
|
6f51e1 |
Bug Description:
|
|
|
6f51e1 |
cos is generating virtual attributes in several steps.
|
|
|
6f51e1 |
One of the first step is to check that the generated attribute will
|
|
|
6f51e1 |
conform the schema.
|
|
|
6f51e1 |
Then additional checks (override/merge and cos scope) are performed.
|
|
|
6f51e1 |
If the entry does not conform the schema, it skips the additional checks.
|
|
|
6f51e1 |
In such case it logs a message stating that the virtual attribute does not
|
|
|
6f51e1 |
apply.
|
|
|
6f51e1 |
During slapi-log-err refactoring (https://pagure.io/389-ds-base/issue/48978)
|
|
|
6f51e1 |
the logging level, in case of schema violation, was move from SLAPI_LOG_PLUGIN
|
|
|
6f51e1 |
to SLAPI_LOG_ERR.
|
|
|
6f51e1 |
|
|
|
6f51e1 |
This change is incorrect because the potential failure to schema check is
|
|
|
6f51e1 |
normal and does not imply the cos would apply to the entry (for example if
|
|
|
6f51e1 |
the entry was not in the scope, the cos would also be skipped).
|
|
|
6f51e1 |
|
|
|
6f51e1 |
Fix Description:
|
|
|
6f51e1 |
Move back the logging level from SLAPI_LOG_ERR to SLAPI_LOG_PLUGIN
|
|
|
6f51e1 |
|
|
|
6f51e1 |
https://pagure.io/389-ds-base/issue/49249
|
|
|
6f51e1 |
|
|
|
6f51e1 |
Reviewed by: Mark Reynolds
|
|
|
6f51e1 |
|
|
|
6f51e1 |
Platforms tested: F23
|
|
|
6f51e1 |
|
|
|
6f51e1 |
Flag Day: no
|
|
|
6f51e1 |
|
|
|
6f51e1 |
Doc impact: no
|
|
|
6f51e1 |
---
|
|
|
6f51e1 |
dirsrvtests/tests/tickets/ticket49249_test.py | 140 ++++++++++++++++++++++++++
|
|
|
6f51e1 |
ldap/servers/plugins/cos/cos_cache.c | 2 +-
|
|
|
6f51e1 |
2 files changed, 141 insertions(+), 1 deletion(-)
|
|
|
6f51e1 |
create mode 100644 dirsrvtests/tests/tickets/ticket49249_test.py
|
|
|
6f51e1 |
|
|
|
6f51e1 |
diff --git a/dirsrvtests/tests/tickets/ticket49249_test.py b/dirsrvtests/tests/tickets/ticket49249_test.py
|
|
|
6f51e1 |
new file mode 100644
|
|
|
6f51e1 |
index 0000000..1dfd07e
|
|
|
6f51e1 |
--- /dev/null
|
|
|
6f51e1 |
+++ b/dirsrvtests/tests/tickets/ticket49249_test.py
|
|
|
6f51e1 |
@@ -0,0 +1,140 @@
|
|
|
6f51e1 |
+import time
|
|
|
6f51e1 |
+import ldap
|
|
|
6f51e1 |
+import logging
|
|
|
6f51e1 |
+import pytest
|
|
|
6f51e1 |
+from lib389 import DirSrv, Entry, tools, tasks
|
|
|
6f51e1 |
+from lib389.tools import DirSrvTools
|
|
|
6f51e1 |
+from lib389._constants import *
|
|
|
6f51e1 |
+from lib389.properties import *
|
|
|
6f51e1 |
+from lib389.tasks import *
|
|
|
6f51e1 |
+from lib389.utils import *
|
|
|
6f51e1 |
+from lib389.topologies import topology_st as topo
|
|
|
6f51e1 |
+
|
|
|
6f51e1 |
+DEBUGGING = os.getenv("DEBUGGING", default=False)
|
|
|
6f51e1 |
+if DEBUGGING:
|
|
|
6f51e1 |
+ logging.getLogger(__name__).setLevel(logging.DEBUG)
|
|
|
6f51e1 |
+else:
|
|
|
6f51e1 |
+ logging.getLogger(__name__).setLevel(logging.INFO)
|
|
|
6f51e1 |
+log = logging.getLogger(__name__)
|
|
|
6f51e1 |
+
|
|
|
6f51e1 |
+COS_BRANCH = 'ou=cos_scope,' + DEFAULT_SUFFIX
|
|
|
6f51e1 |
+COS_DEF = 'cn=cos_definition,' + COS_BRANCH
|
|
|
6f51e1 |
+COS_TEMPLATE = 'cn=cos_template,' + COS_BRANCH
|
|
|
6f51e1 |
+INVALID_USER_WITH_COS = 'cn=cos_user_no_mail,' + COS_BRANCH
|
|
|
6f51e1 |
+VALID_USER_WITH_COS = 'cn=cos_user_with_mail,' + COS_BRANCH
|
|
|
6f51e1 |
+
|
|
|
6f51e1 |
+NO_COS_BRANCH = 'ou=no_cos_scope,' + DEFAULT_SUFFIX
|
|
|
6f51e1 |
+INVALID_USER_WITHOUT_COS = 'cn=no_cos_user_no_mail,' + NO_COS_BRANCH
|
|
|
6f51e1 |
+VALID_USER_WITHOUT_COS = 'cn=no_cos_user_with_mail,' + NO_COS_BRANCH
|
|
|
6f51e1 |
+
|
|
|
6f51e1 |
+def test_ticket49249(topo):
|
|
|
6f51e1 |
+ """Write your testcase here...
|
|
|
6f51e1 |
+
|
|
|
6f51e1 |
+ Also, if you need any testcase initialization,
|
|
|
6f51e1 |
+ please, write additional fixture for that(include finalizer).
|
|
|
6f51e1 |
+ """
|
|
|
6f51e1 |
+ # Add the branches
|
|
|
6f51e1 |
+ try:
|
|
|
6f51e1 |
+ topo.standalone.add_s(Entry((COS_BRANCH, {
|
|
|
6f51e1 |
+ 'objectclass': 'top extensibleObject'.split(),
|
|
|
6f51e1 |
+ 'ou': 'cos_scope'
|
|
|
6f51e1 |
+ })))
|
|
|
6f51e1 |
+ except ldap.LDAPError as e:
|
|
|
6f51e1 |
+ log.error('Failed to add cos_scope: error ' + e.message['desc'])
|
|
|
6f51e1 |
+ assert False
|
|
|
6f51e1 |
+
|
|
|
6f51e1 |
+ try:
|
|
|
6f51e1 |
+ topo.standalone.add_s(Entry((NO_COS_BRANCH, {
|
|
|
6f51e1 |
+ 'objectclass': 'top extensibleObject'.split(),
|
|
|
6f51e1 |
+ 'ou': 'no_cos_scope'
|
|
|
6f51e1 |
+ })))
|
|
|
6f51e1 |
+ except ldap.LDAPError as e:
|
|
|
6f51e1 |
+ log.error('Failed to add no_cos_scope: error ' + e.message['desc'])
|
|
|
6f51e1 |
+ assert False
|
|
|
6f51e1 |
+
|
|
|
6f51e1 |
+ try:
|
|
|
6f51e1 |
+ topo.standalone.add_s(Entry((COS_TEMPLATE, {
|
|
|
6f51e1 |
+ 'objectclass': 'top ldapsubentry costemplate extensibleObject'.split(),
|
|
|
6f51e1 |
+ 'cn': 'cos_template',
|
|
|
6f51e1 |
+ 'cosPriority': '1',
|
|
|
6f51e1 |
+ 'cn': 'cn=nsPwTemplateEntry,ou=level1,dc=example,dc=com',
|
|
|
6f51e1 |
+ 'mailAlternateAddress': 'hello@world'
|
|
|
6f51e1 |
+ })))
|
|
|
6f51e1 |
+ except ldap.LDAPError as e:
|
|
|
6f51e1 |
+ log.error('Failed to add cos_template: error ' + e.message['desc'])
|
|
|
6f51e1 |
+ assert False
|
|
|
6f51e1 |
+
|
|
|
6f51e1 |
+ try:
|
|
|
6f51e1 |
+ topo.standalone.add_s(Entry((COS_DEF, {
|
|
|
6f51e1 |
+ 'objectclass': 'top ldapsubentry cosSuperDefinition cosPointerDefinition'.split(),
|
|
|
6f51e1 |
+ 'cn': 'cos_definition',
|
|
|
6f51e1 |
+ 'costemplatedn': COS_TEMPLATE,
|
|
|
6f51e1 |
+ 'cosAttribute': 'mailAlternateAddress default'
|
|
|
6f51e1 |
+ })))
|
|
|
6f51e1 |
+ except ldap.LDAPError as e:
|
|
|
6f51e1 |
+ log.error('Failed to add cos_definition: error ' + e.message['desc'])
|
|
|
6f51e1 |
+ assert False
|
|
|
6f51e1 |
+
|
|
|
6f51e1 |
+ try:
|
|
|
6f51e1 |
+ # This entry is not allowed to have mailAlternateAddress
|
|
|
6f51e1 |
+ topo.standalone.add_s(Entry((INVALID_USER_WITH_COS, {
|
|
|
6f51e1 |
+ 'objectclass': 'top person'.split(),
|
|
|
6f51e1 |
+ 'cn': 'cos_user_no_mail',
|
|
|
6f51e1 |
+ 'sn': 'cos_user_no_mail'
|
|
|
6f51e1 |
+ })))
|
|
|
6f51e1 |
+ except ldap.LDAPError as e:
|
|
|
6f51e1 |
+ log.error('Failed to add cos_user_no_mail: error ' + e.message['desc'])
|
|
|
6f51e1 |
+ assert False
|
|
|
6f51e1 |
+
|
|
|
6f51e1 |
+ try:
|
|
|
6f51e1 |
+ # This entry is allowed to have mailAlternateAddress
|
|
|
6f51e1 |
+ topo.standalone.add_s(Entry((VALID_USER_WITH_COS, {
|
|
|
6f51e1 |
+ 'objectclass': 'top mailGroup'.split(),
|
|
|
6f51e1 |
+ 'cn': 'cos_user_with_mail'
|
|
|
6f51e1 |
+ })))
|
|
|
6f51e1 |
+ except ldap.LDAPError as e:
|
|
|
6f51e1 |
+ log.error('Failed to add cos_user_no_mail: error ' + e.message['desc'])
|
|
|
6f51e1 |
+ assert False
|
|
|
6f51e1 |
+
|
|
|
6f51e1 |
+ try:
|
|
|
6f51e1 |
+ # This entry is not allowed to have mailAlternateAddress
|
|
|
6f51e1 |
+ topo.standalone.add_s(Entry((INVALID_USER_WITHOUT_COS, {
|
|
|
6f51e1 |
+ 'objectclass': 'top person'.split(),
|
|
|
6f51e1 |
+ 'cn': 'no_cos_user_no_mail',
|
|
|
6f51e1 |
+ 'sn': 'no_cos_user_no_mail'
|
|
|
6f51e1 |
+ })))
|
|
|
6f51e1 |
+ except ldap.LDAPError as e:
|
|
|
6f51e1 |
+ log.error('Failed to add no_cos_user_no_mail: error ' + e.message['desc'])
|
|
|
6f51e1 |
+ assert False
|
|
|
6f51e1 |
+
|
|
|
6f51e1 |
+ try:
|
|
|
6f51e1 |
+ # This entry is allowed to have mailAlternateAddress
|
|
|
6f51e1 |
+ topo.standalone.add_s(Entry((VALID_USER_WITHOUT_COS, {
|
|
|
6f51e1 |
+ 'objectclass': 'top mailGroup'.split(),
|
|
|
6f51e1 |
+ 'cn': 'no_cos_user_with_mail'
|
|
|
6f51e1 |
+ })))
|
|
|
6f51e1 |
+ except ldap.LDAPError as e:
|
|
|
6f51e1 |
+ log.error('Failed to add no_cos_user_with_mail: error ' + e.message['desc'])
|
|
|
6f51e1 |
+ assert False
|
|
|
6f51e1 |
+
|
|
|
6f51e1 |
+ try:
|
|
|
6f51e1 |
+ entries = topo.standalone.search_s(SUFFIX, ldap.SCOPE_SUBTREE, '(mailAlternateAddress=*)')
|
|
|
6f51e1 |
+ assert len(entries) == 1
|
|
|
6f51e1 |
+ assert entries[0].hasValue('mailAlternateAddress', 'hello@world')
|
|
|
6f51e1 |
+ except ldap.LDAPError as e:
|
|
|
6f51e1 |
+ log.fatal('Unable to retrieve cos_user_with_mail (only entry with mailAlternateAddress) : error %s' % (USER1_DN, e.message['desc']))
|
|
|
6f51e1 |
+ assert False
|
|
|
6f51e1 |
+
|
|
|
6f51e1 |
+ assert not topo.standalone.ds_error_log.match(".*cos attribute mailAlternateAddress failed schema.*")
|
|
|
6f51e1 |
+
|
|
|
6f51e1 |
+ if DEBUGGING:
|
|
|
6f51e1 |
+ # Add debugging steps(if any)...
|
|
|
6f51e1 |
+ pass
|
|
|
6f51e1 |
+
|
|
|
6f51e1 |
+
|
|
|
6f51e1 |
+if __name__ == '__main__':
|
|
|
6f51e1 |
+ # Run isolated
|
|
|
6f51e1 |
+ # -s for DEBUG mode
|
|
|
6f51e1 |
+ CURRENT_FILE = os.path.realpath(__file__)
|
|
|
6f51e1 |
+ pytest.main("-s %s" % CURRENT_FILE)
|
|
|
6f51e1 |
+
|
|
|
6f51e1 |
diff --git a/ldap/servers/plugins/cos/cos_cache.c b/ldap/servers/plugins/cos/cos_cache.c
|
|
|
6f51e1 |
index 8942254..66c6c7f 100644
|
|
|
6f51e1 |
--- a/ldap/servers/plugins/cos/cos_cache.c
|
|
|
6f51e1 |
+++ b/ldap/servers/plugins/cos/cos_cache.c
|
|
|
6f51e1 |
@@ -2362,7 +2362,7 @@ static int cos_cache_query_attr(cos_cache *ptheCache, vattr_context *context,
|
|
|
6f51e1 |
|
|
|
6f51e1 |
if(!cos_cache_schema_check(pCache, attr_index, pObjclasses))
|
|
|
6f51e1 |
{
|
|
|
6f51e1 |
- slapi_log_err(SLAPI_LOG_ERR, COS_PLUGIN_SUBSYSTEM, "cos_cache_query_attr - cos attribute %s failed schema check on dn: %s\n",type,pDn);
|
|
|
6f51e1 |
+ slapi_log_err(SLAPI_LOG_PLUGIN, COS_PLUGIN_SUBSYSTEM, "cos_cache_query_attr - cos attribute %s failed schema check on dn: %s\n",type,pDn);
|
|
|
6f51e1 |
goto bail;
|
|
|
6f51e1 |
}
|
|
|
6f51e1 |
}
|
|
|
6f51e1 |
--
|
|
|
6f51e1 |
2.9.4
|
|
|
6f51e1 |
|