[389-commits] ldap/servers

[Richard Allen Megginson]

 ldap/servers/slapd/modify.c |   11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

New commits:
commit 74e81521ccc3913e8672cdd5713f832a2c6a09c3
Author: Rich Megginson <rmeggins at redhat.com>
Date:   Fri Apr 29 15:44:04 2011 -0600

    Bug 700145 - userpasswd not replicating
    
    https://bugzilla.redhat.com/show_bug.cgi?id=700145
    Resolves: bug 700145
    Bug Description: userpasswd not replicating
    Reviewed by: nkinder, nhosoi (Thanks!)
    Branch: master
    Fix Description: The problem is happening because we are replicating
    the unhashed#user#password attribute.  The consumer gets this sequence:
    
    delete: unhashed#user#password
    -
    add: unhashed#user#password
    unhashed#user#password: value
    
    The code in entry_wsi_apply_mod attempts to apply the delete, but since the
    attribute does not exist, it returns LDAP_NO_SUCH_ATTRIBUTE and the entire
    modify operation is rejected.  The server removes unhashed#user#password before
    doing database operations in the non-replicated case, but in the replicated
    case it is assumed we can just apply the operations as they are given by the
    supplier.  pw_change is never set in the replicated case, so the consumer
    never removes unhashed#user#password.  The solution is to just remove
    unhashed#user#password even if pw_change is not set.  If the attribute is
    not in the mods list, remove_mod is a no-op.
    Platforms tested: RHEL6 x86_64
    Flag Day: no
    Doc impact: no

diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c
index 2eafcf6..219ac72 100644
--- a/ldap/servers/slapd/modify.c
+++ b/ldap/servers/slapd/modify.c
@@ -873,9 +873,11 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
 
 		/* Remove the unhashed password pseudo-attribute prior */
 		/* to db access */
-		if (pw_change)
-		{
-			slapi_mods_init_passin (&smods, mods);
+		slapi_mods_init_passin (&smods, mods);
+		if (!unhashed_pw_attr) {
+			unhashed_pw_attr = slapi_attr_syntax_normalize(PSEUDO_ATTR_UNHASHEDUSERPASSWORD);
+		}
+		if (slapi_mods_get_num_mods(&smods)) {
 			remove_mod (&smods, unhashed_pw_attr, &unhashed_pw_smod);
 			slapi_pblock_set (pb, SLAPI_MODIFY_MODS, 
 							  (void*)slapi_mods_get_ldapmods_passout (&smods));	
@@ -936,8 +938,9 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
 			}
 			slapi_pblock_set (pb, SLAPI_MODIFY_MODS, 
 							  (void*)slapi_mods_get_ldapmods_passout (&smods));
-			slapi_mods_done(&unhashed_pw_smod); /* can finalize now */
 		}
+		slapi_mods_done(&unhashed_pw_smod); /* can finalize now */
+
 
 		slapi_pblock_set(pb, SLAPI_PLUGIN_OPRETURN, &rc);
 		plugin_call_plugins(pb, internal_op ? SLAPI_PLUGIN_INTERNAL_POST_MODIFY_FN :