Full_Name: Ivan Nejgebauer Version: 2.4.41 Engineering OS: Linux URL: ftp://ftp.openldap.org/incoming/ivannejgebauer-150128.tgz Submission from: (NULL) (2001:4170:2000:2:11e5:197a:fff8:8042) If an ldapmodify which changes an entry's structural object class using the Relax Rules control is successfully performed on the provider in a provider/consumer pair running delta-syncrepl, the modification will fail on the consumer because relax is not in effect when the consumer attempts to modify its copy of the entry. The attached archive, which should be extracted in the root of the OpenLDAP source tree, contains scripts and data to replicate the issue. Steps to reproduce: $ sh relax-syncrel-test/conf-ldap-mdb && make depend && make $ cd relax-syncrepl-test $ make clean-all master replica $ ./start-master.sh $ ./mod-l-master.sh here # modifies an entry to prime accesslog $ ./start-replica.sh # writes SYNC debugging to replica.log $ ./mod-relax-master.sh # ldapmodify w/relax $ tail replica.log # "entry failed schema check: ..." $ ./stop-replica.sh $ ./stop-master.sh A trivial but indiscriminate fix is to activate Relax Rules for every modify op on the consumer: --- servers/slapd/syncrepl.c.orig 2015-01-22 03:02:09.000000000 +0100 +++ servers/slapd/syncrepl.c 2015-01-28 10:31:22.225060880 +0100 @@ -2349,6 +2349,7 @@ oes.oe_si = si; LDAP_SLIST_INSERT_HEAD( &op->o_extra, &oes.oe, oe_next ); } + op->o_relax = SLAP_CONTROL_CRITICAL; rc = op->o_bd->be_modify( op, &rs ); if ( SLAP_MULTIMASTER( op->o_bd )) { LDAP_SLIST_REMOVE( &op->o_extra, &oes.oe, OpExtra, oe_next ); A real fix would involve modifying the persistent search to include reqControls in its attribute list and activating Relax Rules on the consumer only if it had been active on the provider when the modification occurred.
ian@uns.ac.rs wrote: > Full_Name: Ivan Nejgebauer > Version: 2.4.41 Engineering > OS: Linux > URL: ftp://ftp.openldap.org/incoming/ivannejgebauer-150128.tgz > Submission from: (NULL) (2001:4170:2000:2:11e5:197a:fff8:8042) > > > If an ldapmodify which changes an entry's structural object class using the > Relax Rules control is successfully performed on the provider in a > provider/consumer pair running delta-syncrepl, the modification will fail on the > consumer because relax is not in effect when the consumer attempts to modify its > copy of the entry. Yes... > A real fix would involve modifying the persistent search to include reqControls > in its attribute list and activating Relax Rules on the consumer only if it had > been active on the provider when the modification occurred. Right. This is also important for a few other controls. E.g. LDAP Transactions. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
On 31.01.2015. 14:09, hyc@symas.com wrote: >> A real fix would involve modifying the persistent search to include reqControls >> in its attribute list and activating Relax Rules on the consumer only if it had >> been active on the provider when the modification occurred. > > Right. This is also important for a few other controls. E.g. LDAP > Transactions. Attached is a patch implementing the outlined approach. Notes: - I've invented the attribute name for the CHANGELOG format, for symmetry. - I've structured the check so it shouldn't be difficult to handle other controls. Other approaches are certainly possible. - The patch has been generated against OPENLDAP_REL_ENG_2_4, not HEAD. If an IPR statement is needed, I'm including it here. The attached patch file is derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the following patch were developed by Ivan Nejgebauer <ian@uns.ac.rs>. I have not assigned rights and/or interest in this work to any party. I, Ivan Nejgebauer, hereby place the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice. -- Ivan Nejgebauer +381 21 485 2025 Glavni sistem inženjer ian@uns.ac.rs CIT-UNS/ARMUNS http://www.uns.ac.rs Univerzitet u Novom Sadu $ Dr Zorana Đinđića 1 $ 21000 Novi Sad $ Srbija
On 31.01.2015. 14:09, hyc@symas.com wrote: > [...] Here's an updated patch for relax handling. The original code would fail to match a control with a value -- not a problem for the intended use case, but a bug nevertheless. -- Ivan Nejgebauer +381 21 485 2025 Glavni sistem inženjer ian@uns.ac.rs CIT-UNS/ARMUNS http://www.uns.ac.rs Univerzitet u Novom Sadu $ Dr Zorana Đinđića 1 $ 21000 Novi Sad $ Srbija
changed notes moved from Incoming to Software Bugs
changed notes
changed notes changed state Open to Test
changed notes changed state Test to Release
fixed in master fixed in RE24 (2.4.48)
changed notes changed state Release to Closed