Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 229824 - aci with bogus uid= dn created by ds_newinst
Summary: aci with bogus uid= dn created by ds_newinst
Alias: None
Product: 389
Classification: Retired
Component: Directory Server
Version: 1.0.4
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Rich Megginson
QA Contact: Viktor Ashirov
Depends On:
Blocks: FDS1.1.0
TreeView+ depends on / blocked
Reported: 2007-02-23 17:43 UTC by Rich Megginson
Modified: 2015-12-07 16:40 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2015-12-07 16:40:31 UTC

Attachments (Terms of Use)
diffs (deleted)
2007-02-23 17:43 UTC, Rich Megginson
no flags Details
minimum setup inf file (deleted)
2007-11-30 00:27 UTC, Yi Zhang
no flags Details

Description Rich Megginson 2007-02-23 17:43:55 UTC
If you run with a bare minimum .inf file, you will see the
following aci created in cn=config:
aci: (targetattr="*")(version 3.0; acl "Configuration Administrator"; allow (a
 ll) userdn="ldap:///uid=,ou=Administrators, ou=TopologyManagement, o=Netscap
We should not create this aci, as we do not have a configuration DS if we are
creating a minimal fedora-ds-base.

Comment 1 Rich Megginson 2007-02-23 17:43:56 UTC
Created attachment 148686 [details]

Comment 2 Rich Megginson 2007-03-16 02:46:08 UTC
Reviewed by: nhosoi (Thanks!)
Fix Description: Unknown to me until just now, PL_strdup(NULL) will return "" -
the empty string.  The code in config_suitespot() expects that empty or unused
fields are NULL.  The solution is to create a create_instance_strdup() wrapper
around PL_strdup() and use that in cases where the argument may be NULL.  I
checked create_instance.c.  Every other place where PL_strdup is used, the
argument is checked for NULL first.  So these are the only places affected. 
Instance creation works fine after this change and does not create the offending
Platforms tested: RHEL4
Flag Day: no
Doc impact: no

ldapserver/ldap/admin/src/create_instance.c Revision 1.47

Comment 3 Yi Zhang 2007-11-30 00:27:29 UTC
Created attachment 273451 [details]
minimum setup inf file

this is setup inf file used to customize the installation of DS

Comment 4 Yi Zhang 2007-11-30 00:28:20 UTC
verified. PASS
Test machine: (RHEL5 32bit)

Test steps:
1. remove all previously installed DS instance
2. do yum install a fresh copy of DS
3. use setup.ini file (see attachment) to customizer the installation
4. do db2ldap to dump all records under userRoot
5. verify there is no "ldap:///uid=," records anymore

Actual test output:
[root@neo dirsrv]# /usr/sbin/ -s -f ./setup.ini 
Creating directory server . . .
Your new DS instance '' was successfully created.
Creating the configuration directory server . . .
The server 'ldap://' is not
reachable.  Error: unknown error

Could not register the directory server with the configuration directory server.
Exiting . . .
Log file is '/tmp/setupX7XjoF.log'

[root@neo dirsrv]# ps -elf | grep slapd
1 S nobody    5305     1  1  75   0 - 110793 stext 16:15 ?        00:00:00
./ns-slapd -D /tmp/ds80/server/slapd-neo -i
/tmp/ds80/server/slapd-neo/logs/ -w

[root@neo slapd-neo]# ./db2ldif -n UserRoot
Exported ldif file:
[29/Nov/2007:16:16:03 -0800] - export userRoot: Processed 9 entries (100%).
[29/Nov/2007:16:16:03 -0800] - All database threads now stopped
[root@neo slapd-neo]# vi
[root@neo slapd-neo]# grep "uid="
[root@neo slapd-neo]# grep "ldap:///"
 allow (read, search, compare) userdn="ldap:///anyone";)
  common attributes"; allow (write) userdn="ldap:///self";)
 (all) (groupdn = "ldap:///cn=Directory Administrators,");)
 rsion 3.0;acl "HR Group Permissions";allow (write)(groupdn = "ldap:///cn=HR 
 sion 3.0;acl "QA Group Permissions";allow (write)(groupdn = "ldap:///cn=QA M

Note You need to log in before you can comment on or make changes to this bug.