Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-25071

Some attributes can't be deleted, require a server restart

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • rhel-10.1
    • rhel-9.4
    • 389-ds-base
    • None
    • None
    • sst_idm_ds
    • ssg_idm
    • 0
    • Dev ack
    • False
    • Hide

      None

      Show
      None
    • Yes
    • None
    • None
    • None
    • Known Issue
    • Hide
      Cause: Deleting a single specific value from any attribute in cn=config using an LDAP modify operation does not work as expected.

      Consequence: The specific value remains in the attribute, and the server may require a restart to fully remove it.

      Workaround: Remove the entire attribute (including all its values) by performing a modify operation without specifying any values, and then re-add the values you need. Alternatively, the easiest workaround is to use the `dsconf` command, which automates these steps. For example:
      # dsconf -D "cn=Directory Manager" ldap://server.example.com config delete [attribute-name]=[undesired-value1]

      Result: The attribute in cn=config is updated to include only the desired values. This method allows you to effectively remove specific values without requiring a server restart.
      Show
      Cause: Deleting a single specific value from any attribute in cn=config using an LDAP modify operation does not work as expected. Consequence: The specific value remains in the attribute, and the server may require a restart to fully remove it. Workaround: Remove the entire attribute (including all its values) by performing a modify operation without specifying any values, and then re-add the values you need. Alternatively, the easiest workaround is to use the `dsconf` command, which automates these steps. For example: # dsconf -D "cn=Directory Manager" ldap://server.example.com config delete [attribute-name]=[undesired-value1] Result: The attribute in cn=config is updated to include only the desired values. This method allows you to effectively remove specific values without requiring a server restart.
    • Proposed
    • None

      What were you trying to do that didn't work?

      Deleting some attribute (like nsslapd-haproxy-trusted-ip) doesn't work, requires server restart to get rid of the attribute.

      Please provide the package NVR for which bug is seen:

      389-ds-base-2.4.5-3.el9.x86_64

      How reproducible:

      always

      Steps to reproduce

      1.  Check if the attribute is present
      2.  Delete the attribute
      3.  Check if the attribute is still present
      4. Try to delete it again

      Expected results

      Attribute should be deleted

      Actual results

      Check if the attribute is present:

      # ldapsearch -xLLL -D cn=Directory\ Manager -w password -H ldap://localhost:389 -b cn=config nsslapd-haproxy-trusted-ip | grep haproxy
nsslapd-haproxy-trusted-ip: 127.0.0.1

      Try to delete it:

      # ldapmodify -D cn=Directory\ Manager -w password -H ldap://localhost:389 << EOF
dn: cn=config
changetype: modify
delete: nsslapd-haproxy-trusted-ip
nsslapd-haproxy-trusted-ip: 127.0.0.1
EOF
modifying entry "cn=config"

      Check if it was deleted:

      # ldapsearch -xLLL -D cn=Directory\ Manager -w password -H ldap://localhost:389 -b cn=config nsslapd-haproxy-trusted-ip | grep haproxy
nsslapd-haproxy-trusted-ip: 127.0.0.1

      Try to delete it again:

      # ldapmodify -D cn=Directory\ Manager -w password -H ldap://localhost:389 << EOF
dn: cn=config
changetype: modify
delete: nsslapd-haproxy-trusted-ip
nsslapd-haproxy-trusted-ip: 127.0.0.1
EOF
modifying entry "cn=config"
ldap_modify: No such attribute (16)

              spichugi@redhat.com Simon Pichugin
              vashirov@redhat.com Viktor Ashirov
              Simon Pichugin Simon Pichugin
              IdM DS QE IdM DS QE
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: