[389-commits] ldap/servers
Richard Allen Megginson
rmeggins at fedoraproject.org
Mon May 2 15:44:20 UTC 2011
ldap/servers/slapd/modify.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
New commits:
commit 74e81521ccc3913e8672cdd5713f832a2c6a09c3
Author: Rich Megginson <rmeggins at redhat.com>
Date: Fri Apr 29 15:44:04 2011 -0600
Bug 700145 - userpasswd not replicating
https://bugzilla.redhat.com/show_bug.cgi?id=700145
Resolves: bug 700145
Bug Description: userpasswd not replicating
Reviewed by: nkinder, nhosoi (Thanks!)
Branch: master
Fix Description: The problem is happening because we are replicating
the unhashed#user#password attribute. The consumer gets this sequence:
delete: unhashed#user#password
-
add: unhashed#user#password
unhashed#user#password: value
The code in entry_wsi_apply_mod attempts to apply the delete, but since the
attribute does not exist, it returns LDAP_NO_SUCH_ATTRIBUTE and the entire
modify operation is rejected. The server removes unhashed#user#password before
doing database operations in the non-replicated case, but in the replicated
case it is assumed we can just apply the operations as they are given by the
supplier. pw_change is never set in the replicated case, so the consumer
never removes unhashed#user#password. The solution is to just remove
unhashed#user#password even if pw_change is not set. If the attribute is
not in the mods list, remove_mod is a no-op.
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: no
diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c
index 2eafcf6..219ac72 100644
--- a/ldap/servers/slapd/modify.c
+++ b/ldap/servers/slapd/modify.c
@@ -873,9 +873,11 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
/* Remove the unhashed password pseudo-attribute prior */
/* to db access */
- if (pw_change)
- {
- slapi_mods_init_passin (&smods, mods);
+ slapi_mods_init_passin (&smods, mods);
+ if (!unhashed_pw_attr) {
+ unhashed_pw_attr = slapi_attr_syntax_normalize(PSEUDO_ATTR_UNHASHEDUSERPASSWORD);
+ }
+ if (slapi_mods_get_num_mods(&smods)) {
remove_mod (&smods, unhashed_pw_attr, &unhashed_pw_smod);
slapi_pblock_set (pb, SLAPI_MODIFY_MODS,
(void*)slapi_mods_get_ldapmods_passout (&smods));
@@ -936,8 +938,9 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
}
slapi_pblock_set (pb, SLAPI_MODIFY_MODS,
(void*)slapi_mods_get_ldapmods_passout (&smods));
- slapi_mods_done(&unhashed_pw_smod); /* can finalize now */
}
+ slapi_mods_done(&unhashed_pw_smod); /* can finalize now */
+
slapi_pblock_set(pb, SLAPI_PLUGIN_OPRETURN, &rc);
plugin_call_plugins(pb, internal_op ? SLAPI_PLUGIN_INTERNAL_POST_MODIFY_FN :
More information about the 389-commits
mailing list