dsconf should prevent setting the replicaID for hub and consumer roles #5848
Labels
needs triage
The issue will be triaged during scrum
Comments
kimettog
added a commit
to kimettog/389-ds-base
that referenced
this issue
Jul 21, 2023
…consumer roles Bug Description: dsconf accepts the "replica-id" option when setting a hub or a consumer. The replica configuration entry is correctly created ( replicaID is set to 65535 ). we should prevent users setting the replicaID for hub and consumer roles because the value is set automatically anyway. Fix Description: Check if role is "consumer" or "hub" and if so deny option to set the ReplicaID relates: 389ds#5848 Author: Gilbert Kimetto Reviewed by: Simon Pichugi
kimettog
added a commit
to kimettog/389-ds-base
that referenced
this issue
Aug 3, 2023
…consumer roles Bug Description: dsconf accepts the "replica-id" option when setting a hub or a consumer. The replica configuration entry is correctly created ( replicaID is set to 65535 ). we should prevent users setting the replicaID for hub and consumer roles because the value is set automatically anyway. Fix Description: Check if role is "consumer" or "hub" and if so deny option to set the ReplicaID relates: 389ds#5848 Author: Gilbert Kimetto Reviewed by: Simon Pichugi
droideck
pushed a commit
that referenced
this issue
Aug 7, 2023
…consumer roles (#5849) Bug Description: dsconf accepts the "replica-id" option when setting a hub or a consumer. The replica configuration entry is correctly created ( replicaID is set to 65535 ). we should prevent users setting the replicaID for hub and consumer roles because the value is set automatically anyway. Fix Description: Check if role is "consumer" or "hub" and if so deny option to set the ReplicaID. Add tests. Fixes: #5848 Author: Gilbert Kimetto Reviewed by: Simon Pichugin
droideck
pushed a commit
that referenced
this issue
Aug 7, 2023
…consumer roles (#5849) Bug Description: dsconf accepts the "replica-id" option when setting a hub or a consumer. The replica configuration entry is correctly created ( replicaID is set to 65535 ). we should prevent users setting the replicaID for hub and consumer roles because the value is set automatically anyway. Fix Description: Check if role is "consumer" or "hub" and if so deny option to set the ReplicaID. Add tests. Fixes: #5848 Author: Gilbert Kimetto Reviewed by: Simon Pichugin
droideck
pushed a commit
that referenced
this issue
Aug 7, 2023
…consumer roles (#5849) Bug Description: dsconf accepts the "replica-id" option when setting a hub or a consumer. The replica configuration entry is correctly created ( replicaID is set to 65535 ). we should prevent users setting the replicaID for hub and consumer roles because the value is set automatically anyway. Fix Description: Check if role is "consumer" or "hub" and if so deny option to set the ReplicaID. Add tests. Fixes: #5848 Author: Gilbert Kimetto Reviewed by: Simon Pichugin
droideck
pushed a commit
that referenced
this issue
Aug 7, 2023
…consumer roles (#5849) Bug Description: dsconf accepts the "replica-id" option when setting a hub or a consumer. The replica configuration entry is correctly created ( replicaID is set to 65535 ). we should prevent users setting the replicaID for hub and consumer roles because the value is set automatically anyway. Fix Description: Check if role is "consumer" or "hub" and if so deny option to set the ReplicaID. Add tests. Fixes: #5848 Author: Gilbert Kimetto Reviewed by: Simon Pichugin
droideck
pushed a commit
that referenced
this issue
Aug 7, 2023
…consumer roles (#5849) Bug Description: dsconf accepts the "replica-id" option when setting a hub or a consumer. The replica configuration entry is correctly created ( replicaID is set to 65535 ). we should prevent users setting the replicaID for hub and consumer roles because the value is set automatically anyway. Fix Description: Check if role is "consumer" or "hub" and if so deny option to set the ReplicaID. Add tests. Fixes: #5848 Author: Gilbert Kimetto Reviewed by: Simon Pichugin
droideck
added a commit
to droideck/389-ds-base
that referenced
this issue
Aug 30, 2023
Description: Add a "positive" test for the issue and fix condition to make sure that 65535 and no --replica-id are correctly accepted. Related: 389ds#5848 Reviewed by: ?
droideck
added a commit
to droideck/389-ds-base
that referenced
this issue
Aug 30, 2023
Description: Add a "positive" test for the issue and fix condition to make sure that 65535 and no --replica-id are correctly accepted. Related: 389ds#5848 Reviewed by: ?
droideck
added a commit
that referenced
this issue
Aug 31, 2023
Description: Add a "positive" test for the issue and fix the condition to make sure that 65535 and no --replica-id are correctly accepted. Related: #5848 Reviewed by: @mreynolds389 @tbordaz (Thanks!)
droideck
added a commit
that referenced
this issue
Aug 31, 2023
Description: Add a "positive" test for the issue and fix the condition to make sure that 65535 and no --replica-id are correctly accepted. Related: #5848 Reviewed by: @mreynolds389 @tbordaz (Thanks!)
droideck
added a commit
that referenced
this issue
Aug 31, 2023
Description: Add a "positive" test for the issue and fix the condition to make sure that 65535 and no --replica-id are correctly accepted. Related: #5848 Reviewed by: @mreynolds389 @tbordaz (Thanks!)
droideck
added a commit
that referenced
this issue
Aug 31, 2023
Description: Add a "positive" test for the issue and fix the condition to make sure that 65535 and no --replica-id are correctly accepted. Related: #5848 Reviewed by: @mreynolds389 @tbordaz (Thanks!)
droideck
added a commit
that referenced
this issue
Aug 31, 2023
Description: Add a "positive" test for the issue and fix the condition to make sure that 65535 and no --replica-id are correctly accepted. Related: #5848 Reviewed by: @mreynolds389 @tbordaz (Thanks!)
droideck
added a commit
that referenced
this issue
Aug 31, 2023
Description: Add a "positive" test for the issue and fix the condition to make sure that 65535 and no --replica-id are correctly accepted. Related: #5848 Reviewed by: @mreynolds389 @tbordaz (Thanks!)
droideck
added a commit
to droideck/389-ds-base
that referenced
this issue
Aug 31, 2023
Description: Add a "positive" test for the issue and fix the condition to make sure that 65535 and no --replica-id are correctly accepted. Related: 389ds#5848 Reviewed by: @mreynolds389 @tbordaz (Thanks!)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Issue Description
dsconf accepts the "replica-id" option when setting a hub or a consumer.
The replica configuration entry is correctly created ( replicaID is set to 65535 ).
It would nice to prevent users setting the replicaID for hub and consumer roles because the value is set automatically anyway.
Customers could try creating hubs and consumers using a replicaID different of 65535.
Package Version and Platform:
Steps to Reproduce
Steps to reproduce the behavior:
Try to create a consumer using a replicaID different of 65535:
$ dsconf -v -D "cn=Directory Manager" ldap://localhost:1389 replication enable --suffix="dc=test,dc=com" --role="consumer" --replica-id=1
Check the actual configured value:
$ dsconf -D "cn=Directory Manager" ldap://localhost:1389 replication get --suffix="dc=test,dc=com" | grep -i replicaIDEnter password for cn=Directory Manager on ldap://localhost:1389:
nsDS5ReplicaId: 65535
Actual results:
One can pass the parameter "replica-id" to dsconf when creating hubs or consumers.
Expected results
Don't allow to set the "replica-id" manually for hubs and consumers.
Additional context
$ dsconf -v -D "cn=Directory Manager" ldap://localhost:1389 replication enable --suffix="dc=test,dc=com" --role="consumer" --replica-id=1
DEBUG: The 389 Directory Server Configuration Tool
...
DEBUG: Checking "None" under None : {'cn': 'changelog5', 'nsslapd-changelogdir': '/var/lib/dirsrv/slapd-alps9/changelogdb'}
DEBUG: Validated dn cn=changelog5,cn=config
DEBUG: Creating cn=changelog5,cn=config
DEBUG: updating dn: cn=changelog5,cn=config
DEBUG: updated dn: cn=changelog5,cn=config with {'objectclass': [b'top', b'nsChangelogConfig']}
DEBUG: updating dn: cn=changelog5,cn=config
DEBUG: updated dn: cn=changelog5,cn=config with {'cn': [b'changelog5'], 'nsslapd-changelogdir': [b'/var/lib/dirsrv/slapd-alps9/changelogdb']}
DEBUG: Checking "None" under cn=mapping tree,cn=config : {'cn': 'replica', 'nsDS5ReplicaRoot': 'dc=test,dc=com', 'nsDS5Flags': '0', 'nsDS5ReplicaType': '2', 'nsDS5ReplicaId': '65535'}
DEBUG: Using first property cn: replica as rdn
DEBUG: _gen_selector filter = (&(&(objectclass=nsMappingTree))(|(cn=dc=test,dc=com)(nsslapd-backend=dc=test,dc=com)))
DEBUG: Validated dn cn=replica,cn=dc\3Dtest\2Cdc\3Dcom,cn=mapping tree,cn=config
DEBUG: Creating cn=replica,cn=dc\3Dtest\2Cdc\3Dcom,cn=mapping tree,cn=config
DEBUG: updating dn: cn=replica,cn=dc\3Dtest\2Cdc\3Dcom,cn=mapping tree,cn=config
DEBUG: updated dn: cn=replica,cn=dc\3Dtest\2Cdc\3Dcom,cn=mapping tree,cn=config with {'objectclass': [b'top', b'nsds5Replica']}
DEBUG: updating dn: cn=replica,cn=dc\3Dtest\2Cdc\3Dcom,cn=mapping tree,cn=config
DEBUG: updated dn: cn=replica,cn=dc\3Dtest\2Cdc\3Dcom,cn=mapping tree,cn=config with {'cn': [b'replica'], 'nsDS5ReplicaRoot': [b'dc=test,dc=com'], 'nsDS5Flags': [b'0'], 'nsDS5ReplicaType': [b'2'], 'nsDS5ReplicaId': [b'65535']}
DEBUG: Created entry cn=replica,cn=dc\3Dtest\2Cdc\3Dcom,cn=mapping tree,cn=config : {'objectclass': [b'top', b'nsds5Replica'], 'cn': [b'replica'], 'nsDS5ReplicaRoot': [b'dc=test,dc=com'], 'nsDS5Flags': [b'0'], 'nsDS5ReplicaType': [b'2'], 'nsDS5ReplicaId': [b'65535']}
INFO: Replication successfully enabled for "dc=test,dc=com"
INFO: Command successful.
The text was updated successfully, but these errors were encountered: