[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-directory-commits
Subject: [389-commits] ldap/servers
From: Mark Reynolds <mreynolds () fedoraproject ! org>
Date: 2013-03-27 21:26:07
Message-ID: 20130327212608.040C922AE () fedorahosted ! org
[Download RAW message or body]
ldap/servers/slapd/modify.c | 46 ++++++++++++++++++++++++++------------------
1 file changed, 28 insertions(+), 18 deletions(-)
New commits:
commit a4c4daaa54d1ba94e342fcbf9af13a547886f0e3
Author: Mark Reynolds <mreynolds@redhat.com>
Date: Wed Mar 27 17:23:10 2013 -0400
Ticket 620 - Better logging of error messages for 389-ds-base
Bug Description: In a replication environment, if you have one master set with
passwordIsGlobalpolicy to on, and another master does not, then
the password policy updates are rejected. However, there is no
clear logging to tell you why the operatoin was rejected.
Fix Description: Write a clear message in the error log stating what was the cause
of the failure.
https://fedorahosted.org/389/ticket/620
Reviewed by: nhosoi & nkinder (Thanks!!)
diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c
index d42ef2c..cc1621b 100644
--- a/ldap/servers/slapd/modify.c
+++ b/ldap/servers/slapd/modify.c
@@ -128,22 +128,22 @@ static struct attr_value_check {
void
do_modify( Slapi_PBlock *pb )
{
- Slapi_Operation *operation;
- BerElement *ber;
- char *last, *type = NULL;
- ber_tag_t tag;
- ber_len_t len;
- LDAPMod *mod;
- LDAPMod **mods;
- Slapi_Mods smods;
- int err;
- int pw_change = 0; /* 0= no password change */
- int ignored_some_mods = 0;
- int has_password_mod = 0; /* number of password mods */
- char *old_pw = NULL; /* remember the old password */
- char *rawdn = NULL;
- int minssf_exclude_rootdse = 0;
- LDAPMod **normalized_mods = NULL;
+ Slapi_Operation *operation;
+ Slapi_Mods smods;
+ BerElement *ber;
+ ber_tag_t tag;
+ ber_len_t len;
+ LDAPMod **normalized_mods = NULL;
+ LDAPMod *mod;
+ LDAPMod **mods;
+ char *last, *type = NULL;
+ char *old_pw = NULL; /* remember the old password */
+ char *rawdn = NULL;
+ int minssf_exclude_rootdse = 0;
+ int ignored_some_mods = 0;
+ int has_password_mod = 0; /* number of password mods */
+ int pw_change = 0; /* 0 = no password change */
+ int err;
LDAPDebug( LDAP_DEBUG_TRACE, "do_modify\n", 0, 0, 0 );
@@ -291,8 +291,10 @@ do_modify( Slapi_PBlock *pb )
/* check if user is allowed to modify the specified attribute */
if (!op_shared_is_allowed_attr (mod->mod_type, pb->pb_conn->c_isreplication_session))
{
- /* for now we just ignore attributes that client is not allowed
- to modify so not to break existing clients */
+ /*
+ * For now we just ignore attributes that client is not allowed
+ * to modify so not to break existing clients
+ */
++ignored_some_mods;
ber_bvecfree(mod->mod_bvalues);
slapi_ch_free((void **)&(mod->mod_type));
@@ -310,6 +312,14 @@ do_modify( Slapi_PBlock *pb )
}
if (ignored_some_mods && (0 == smods.num_elements)) {
+ if(pb->pb_conn->c_isreplication_session){
+ int connid, opid;
+ slapi_pblock_get(pb, SLAPI_CONN_ID, &connid);
+ slapi_pblock_get(pb, SLAPI_OPERATION_ID, &opid);
+ LDAPDebug( LDAP_DEBUG_ANY,"Rejecting replicated password policy operation(conn=%d op=%d) for "
+ "entry %s. To allow these changes to be accepted, set passwordIsGlobalPolicy to 'on' in "
+ "cn=config.\n", connid, opid, rawdn);
+ }
send_ldap_result( pb, LDAP_UNWILLING_TO_PERFORM, NULL, NULL, 0, NULL );
goto free_and_return;
}
--
389 commits mailing list
389-commits@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-commits
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic