If an entry RDN is identical to the suffix, then Entryrdn gets broken during a reindex #6417

tbordaz · 2024-11-22T09:14:23Z

Issue Description
At the end of a reindex, entryrdn is rebuilt taking into account each entry under the suffix. The suffix is the first entry to be added. If a later entry has the same rdn than the suffix then entryrdn gets broken.

The bug impacts bdb as well as mdb. It does not impact import but only indexing.

Under mdb entryrdn gets broken silently, but contains invalid data
Under bdb entryrdn gets broken with message like
entryrdn_insert_key - Same DN (dn: <ENTRY_DN>) is already in the entryrdn file with different ID

Package Version and Platform:

all versions (IIUC)

Steps to Reproduce
will provide a CI testcase

Expected results
after a reindex entryrdn should not be corrupted

The text was updated successfully, but these errors were encountered:

…n gets broken during a reindex Bug description: During a reindex, the entryrdn index is built at the end from each entry in the suffix. If one entry has a RDN that is identical to the suffix DN, then entryrdn_lookup_dn may erroneously return the suffix DN as the DN of the entry. Fix description: When the lookup entry has no parent (because index is under work) the loop lookup the entry using the RDN. If this RDN matches the suffix DN, then it exits from the loop with the suffix DN. Before exiting it checks that the original lookup entryID is equal to suffix entryID. If it does not match the function fails and then the DN from the entry will be built from id2enty fixes: 389ds#6417 Reviewed by:

…n gets broken during a reindex Bug description: During a reindex, the entryrdn index is built at the end from each entry in the suffix. If one entry has a RDN that is identical to the suffix DN, then entryrdn_lookup_dn may erroneously return the suffix DN as the DN of the entry. Fix description: When the lookup entry has no parent (because index is under work) the loop lookup the entry using the RDN. If this RDN matches the suffix DN, then it exits from the loop with the suffix DN. Before exiting it checks that the original lookup entryID is equal to suffix entryID. If it does not match the function fails and then the DN from the entry will be built from id2enty fixes: 389ds#6417 Reviewed by: Pierre Rogier, Simon Pichugin (Thanks !!!)

…n gets broken during a reindex (#6418) Bug description: During a reindex, the entryrdn index is built at the end from each entry in the suffix. If one entry has a RDN that is identical to the suffix DN, then entryrdn_lookup_dn may erroneously return the suffix DN as the DN of the entry. Fix description: When the lookup entry has no parent (because index is under work) the loop lookup the entry using the RDN. If this RDN matches the suffix DN, then it exits from the loop with the suffix DN. Before exiting it checks that the original lookup entryID is equal to suffix entryID. If it does not match the function fails and then the DN from the entry will be built from id2enty fixes: #6417 Reviewed by: Pierre Rogier, Simon Pichugin (Thanks !!!)

tbordaz · 2024-12-02T16:45:05Z

fd62700..99e6707 main
e56ce11..63000bf 389-ds-base-3.0
ff9b909..7acdd65 389-ds-base-2.5
2b040a9..bf8a8f3 389-ds-base-2.4
0fe972f..f42fdc1 389-ds-base-2.3
9b5efd9..ccbb8ba 389-ds-base-2.2
b03d88e..37b4598 389-ds-base-2.1
a3a7387..cd07157 389-ds-base-2.0
6e376d0..64bd885 389-ds-base-1.4.4
24cc58f..4465cf4 389-ds-base-1.4.3

…ntryrdn gets broken during a reindex Bug description: The primary fix has a flaw as it assumes that the suffix ID is '1'. If the RUV entry is the first entry of the database the server loops indefinitely Fix description: Read the suffix ID from the entryrdn index fixes: 389ds#6417 Reviewed by: Pierre Rogier (reviewed the first fix)

tbordaz · 2024-12-20T15:58:43Z

A regression was found with the original fix. The regression is detected in 1.4.3 but hidden since 2.3.
This is fixed by the 2nd PR under review

…ntryrdn gets broken during a reindex Bug description: The primary fix has a flaw as it assumes that the suffix ID is '1'. If the RUV entry is the first entry of the database the server loops indefinitely Fix description: Read the suffix ID from the entryrdn index fixes: 389ds#6417 Reviewed by: Pierre Rogier (also reviewed the first fix)

…ntryrdn gets broken during a reindex (#6460) Bug description: The primary fix has a flaw as it assumes that the suffix ID is '1'. If the RUV entry is the first entry of the database the server loops indefinitely Fix description: Read the suffix ID from the entryrdn index fixes: #6417 Reviewed by: Pierre Rogier (also reviewed the first fix)

tbordaz · 2025-01-06T13:43:26Z

f4553b8..a79887e main
3edcb75..396e259 389-ds-base-3.0
b5a8c5a..19cd1d2 389-ds-base-2.5
e301efb..6468c94 389-ds-base-2.4
9c40f3d..df83285 389-ds-base-2.3
c475c8c..0fa34c1 389-ds-base-2.2
51b11a7..3a0fa37 389-ds-base-2.1
784b6e3..09ef190 389-ds-base-2.0
6cc6112..f9a5402 389-ds-base-1.4.4
b3a8146..9b14e7d 389-ds-base-1.4.3

tbordaz · 2025-01-06T17:22:09Z

The backport in branch 1.4.3 up to 2.4 was invalid. I fixed it 2.0 to 2.4
6468c94..ecfca3c 389-ds-base-2.4
df83285..db97133 389-ds-base-2.3
0fa34c1..dc7e8c8 389-ds-base-2.2
3a0fa37..843ef41 389-ds-base-2.1
09ef190..52ebef2 389-ds-base-2.0

I still have to fix it for 1.4.3 and 1.4.4

mreynolds389 · 2025-01-06T18:27:36Z

@tbordaz - you missed 2.6 branch :-)

tbordaz · 2025-01-07T12:00:57Z

The backport in branch 1.4.3 up to 2.4 was invalid. Fixe 1.4.3 and 1.4.4
f9a5402..d0b1841 389-ds-base-1.4.4
9b14e7d..a61d02e 389-ds-base-1.4.3

…ntryrdn gets broken during a reindex (#6460) Bug description: The primary fix has a flaw as it assumes that the suffix ID is '1'. If the RUV entry is the first entry of the database the server loops indefinitely Fix description: Read the suffix ID from the entryrdn index fixes: #6417 Reviewed by: Pierre Rogier (also reviewed the first fix)

tbordaz · 2025-01-07T12:05:33Z

Missed 2.6 branch (thanks @mreynolds389 for the heads up)
444354b..26210d1 389-ds-base-2.6

…ntryrdn gets broken during a reindex Bug description: The previous fix had a flaw. In case entryrdn_lookup_dn is called with an undefined suffix the lookup of the suffix trigger a crash. For example it can occur during internal search of an unexisting map (view plugin). The issue exists in all releases but is hidden since 2.3. Fix description: testing the suffix is defined fixes: 389ds#6417 Reviewed by:

tbordaz added the needs triage The issue will be triaged during scrum label Nov 22, 2024

tbordaz mentioned this issue Nov 22, 2024

Issue 6417 - If an entry RDN is identical to the suffix, then Entryrd… #6418

Merged

tbordaz self-assigned this Nov 22, 2024

tbordaz added this to the 1.4.3 milestone Nov 22, 2024

tbordaz added priority_high need urgent fix / highly valuable / easy to fix and removed needs triage The issue will be triaged during scrum labels Nov 22, 2024

tbordaz closed this as completed in #6418 Dec 2, 2024

tbordaz mentioned this issue Dec 20, 2024

Issue 6417 - (2nd) If an entry RDN is identical to the suffix, then E… #6460

Merged

tbordaz reopened this Dec 20, 2024

tbordaz closed this as completed in #6460 Jan 6, 2025

tbordaz closed this as completed in a79887e Jan 6, 2025

tbordaz reopened this Jan 6, 2025

tbordaz linked a pull request Jan 8, 2025 that will close this issue

Issue 6417 - (3rd) If an entry RDN is identical to the suffix, then E… #6480

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

If an entry RDN is identical to the suffix, then Entryrdn gets broken during a reindex #6417

If an entry RDN is identical to the suffix, then Entryrdn gets broken during a reindex #6417

tbordaz commented Nov 22, 2024

tbordaz commented Dec 2, 2024

tbordaz commented Dec 20, 2024

tbordaz commented Jan 6, 2025

tbordaz commented Jan 6, 2025

mreynolds389 commented Jan 6, 2025

tbordaz commented Jan 7, 2025

tbordaz commented Jan 7, 2025

If an entry RDN is identical to the suffix, then Entryrdn gets broken during a reindex #6417

If an entry RDN is identical to the suffix, then Entryrdn gets broken during a reindex #6417

Comments

tbordaz commented Nov 22, 2024

tbordaz commented Dec 2, 2024

tbordaz commented Dec 20, 2024

tbordaz commented Jan 6, 2025

tbordaz commented Jan 6, 2025

mreynolds389 commented Jan 6, 2025

tbordaz commented Jan 7, 2025

tbordaz commented Jan 7, 2025