2.4.18 refint getting "no such attribute" in bdb_modify_internal with removal; works with rename
Hi,
I'm using the refint overlay with a few attributes, but I can't get it to work with krbPwdPolicyReference from MIT kerberos 1.7. I get the error from the subject when deleting the entry this attribute references.
If, however, I *rename* the entry, the krbPwdPolicyReference attribute gets updated correctly. It seems to fail only when I remove the entry.
This is the config: dn: olcOverlay={1}refint,olcDatabase={1}hdb,cn=config objectClass: olcRefintConfig objectClass: olcOverlayConfig objectClass: olcConfig objectClass: top olcOverlay: {1}refint olcRefintAttribute: krbObjectReferences olcRefintAttribute: member olcRefintAttribute: krbPwdPolicyReference olcRefintNothing: cn=localroot,cn=config
This is the entry which has the attribute pointing to the entry I will remove (some attributes omitted for brevity): dn: krbPrincipalName=andreas@EXAMPLE.COM,cn=EXAMPLE.COM,ou=Kerberos Realms,dc= example,dc=com krbPrincipalName: andreas@EXAMPLE.COM objectClass: krbPrincipal objectClass: krbPrincipalAux objectClass: krbTicketPolicyAux krbObjectReferences: uid=andreas,ou=people,dc=example,dc=com krbPwdPolicyReference: cn=default,cn=EXAMPLE.COM,ou=Kerberos Realms,dc=example ,dc=com
This is the entry I'm deleting. I would expect the krbPwdPolicyReference attribute from my entry above to be deleted. If I rename this cn=default, then krbPwdPolicyReference gets updated correctly. dn: cn=default,cn=EXAMPLE.COM,ou=Kerberos Realms,dc=example,dc=com cn: default objectClass: krbPwdPolicy krbMaxPwdLife: 36000 krbMinPwdLife: 0 krbPwdMinDiffChars: 1 krbPwdMinLength: 1 krbPwdHistoryLength: 1
These are the relevant logs (level 16383): Oct 7 16:55:33 maestro slapd[6381]: refint_search_cb <NOTHING> Oct 7 16:55:33 maestro slapd[6381]: ==> unique_modify <krbPrincipalName=andreas@EXAMPLE.COM,cn=EXAMPLE.COM,ou=Kerberos Realms,dc=example,dc=com> Oct 7 16:55:33 maestro slapd[6381]: => bdb_entry_get: ndn: "krbPrincipalName=andreas@EXAMPLE.COM,cn=example.com,ou=kerberos realms,dc=example,dc=com" Oct 7 16:55:33 maestro slapd[6381]: => bdb_entry_get: oc: "(null)", at: "(null)" Oct 7 16:55:33 maestro slapd[6381]: bdb_dn2entry("krbPrincipalName=andreas@EXAMPLE.COM,cn=example.com,ou=kerberos realms,dc=example,dc=com") Oct 7 16:55:33 maestro slapd[6381]: => bdb_entry_get: found entry: "krbPrincipalName=andreas@EXAMPLE.COM,cn=example.com,ou=kerberos realms,dc=example,dc=com" Oct 7 16:55:33 maestro slapd[6381]: bdb_entry_get: rc=0 Oct 7 16:55:33 maestro slapd[6381]: => bdb_entry_get: ndn: "krbPrincipalName=andreas@EXAMPLE.COM,cn=example.com,ou=kerberos realms,dc=example,dc=com" Oct 7 16:55:33 maestro slapd[6381]: => bdb_entry_get: oc: "(null)", at: "(null)" Oct 7 16:55:33 maestro slapd[6381]: bdb_dn2entry("krbPrincipalName=andreas@EXAMPLE.COM,cn=example.com,ou=kerberos realms,dc=example,dc=com") Oct 7 16:55:33 maestro slapd[6381]: => bdb_entry_get: found entry: "krbPrincipalName=andreas@EXAMPLE.COM,cn=example.com,ou=kerberos realms,dc=example,dc=com" Oct 7 16:55:33 maestro slapd[6381]: bdb_entry_get: rc=0 Oct 7 16:55:33 maestro slapd[6381]: => bdb_entry_get: ndn: "cn=default,ou=password policies,dc=example,dc=com" Oct 7 16:55:33 maestro slapd[6381]: => bdb_entry_get: oc: "(null)", at: "(null)" Oct 7 16:55:33 maestro slapd[6381]: bdb_dn2entry("cn=default,ou=password policies,dc=example,dc=com") Oct 7 16:55:33 maestro slapd[6381]: => bdb_entry_get: found entry: "cn=default,ou=password policies,dc=example,dc=com" Oct 7 16:55:33 maestro slapd[6381]: bdb_entry_get: rc=0 Oct 7 16:55:33 maestro slapd[6381]: hdb_modify: krbPrincipalName=andreas@EXAMPLE.COM,cn=EXAMPLE.COM,ou=Kerberos Realms,dc=example,dc=com Oct 7 16:55:33 maestro slapd[6381]: bdb_dn2entry("krbPrincipalName=andreas@EXAMPLE.COM,cn=example.com,ou=kerberos realms,dc=example,dc=com") Oct 7 16:55:33 maestro slapd[6381]: bdb_modify_internal: 0x00000042: krbPrincipalName=andreas@EXAMPLE.COM,cn=EXAMPLE.COM,ou=Kerberos Realms,dc=example,dc=com Oct 7 16:55:33 maestro slapd[6381]: <= acl_access_allowed: granted to database root Oct 7 16:55:33 maestro slapd[6381]: bdb_modify_internal: delete krbPwdPolicyReference Oct 7 16:55:33 maestro slapd[6381]: dnMatch 0#012#011"cn=default,cn=example.com,ou=kerberos realms,dc=example,dc=com"#012#011"cn=default,cn=example.com,ou=kerberos realms,dc=example,dc=com" Oct 7 16:55:33 maestro slapd[6381]: bdb_modify_internal: replace modifiersName Oct 7 16:55:33 maestro slapd[6381]: bdb_modify_internal: delete krbPwdPolicyReference Oct 7 16:55:33 maestro slapd[6381]: bdb_modify_internal: 16 modify/delete: krbPwdPolicyReference: no such attribute Oct 7 16:55:33 maestro slapd[6381]: hdb_modify: modify failed (16) Oct 7 16:55:33 maestro slapd[6381]: send_ldap_result: conn=-1 op=0 p=0 Oct 7 16:55:33 maestro slapd[6381]: send_ldap_result: err=16 matched="" text="modify/delete: krbPwdPolicyReference: no such attribute" Oct 7 16:55:33 maestro slapd[6381]: refint_repair: dependent modify failed: 16
Any hints?
Andreas Hasenack wrote:
Hi,
I'm using the refint overlay with a few attributes, but I can't get it to work with krbPwdPolicyReference from MIT kerberos 1.7. I get the error from the subject when deleting the entry this attribute references.
If, however, I *rename* the entry, the krbPwdPolicyReference attribute gets updated correctly. It seems to fail only when I remove the entry.
This is the config: dn: olcOverlay={1}refint,olcDatabase={1}hdb,cn=config objectClass: olcRefintConfig objectClass: olcOverlayConfig objectClass: olcConfig objectClass: top olcOverlay: {1}refint olcRefintAttribute: krbObjectReferences olcRefintAttribute: member olcRefintAttribute: krbPwdPolicyReference olcRefintNothing: cn=localroot,cn=config
This is the entry which has the attribute pointing to the entry I will remove (some attributes omitted for brevity): dn: krbPrincipalName=andreas@EXAMPLE.COM,cn=EXAMPLE.COM,ou=Kerberos Realms,dc= example,dc=com krbPrincipalName: andreas@EXAMPLE.COM objectClass: krbPrincipal objectClass: krbPrincipalAux objectClass: krbTicketPolicyAux krbObjectReferences: uid=andreas,ou=people,dc=example,dc=com krbPwdPolicyReference: cn=default,cn=EXAMPLE.COM,ou=Kerberos Realms,dc=example ,dc=com
This is the entry I'm deleting. I would expect the krbPwdPolicyReference attribute from my entry above to be deleted. If I rename this cn=default, then krbPwdPolicyReference gets updated correctly. dn: cn=default,cn=EXAMPLE.COM,ou=Kerberos Realms,dc=example,dc=com cn: default objectClass: krbPwdPolicy krbMaxPwdLife: 36000 krbMinPwdLife: 0 krbPwdMinDiffChars: 1 krbPwdMinLength: 1 krbPwdHistoryLength: 1
These are the relevant logs (level 16383): Oct 7 16:55:33 maestro slapd[6381]: refint_search_cb<NOTHING> Oct 7 16:55:33 maestro slapd[6381]: ==> unique_modify <krbPrincipalName=andreas@EXAMPLE.COM,cn=EXAMPLE.COM,ou=Kerberos Realms,dc=example,dc=com>
Any hints?
Nothing obvious comes to mind. Your log snippet indicates you're also using the unique overlay; it would probably help to show the entire config for the database and all overlays. Also your log snippet doesn't actually show the beginning of the Delete operation, so you haven't shown all of the relevant info there either.
openldap-technical@openldap.org
-
Andreas Hasenack -
Howard Chu