Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-25071

Some attributes can't be deleted, require a server restart

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • None
    • None
    • rhel-idm-ds
    • ssg_idm
    • 0
    • Dev ack
    • False
    • False
    • Hide

      None

      Show
      None
    • Yes
    • None
    • None
    • None
    • Known Issue
    • Hide
      .`ldapmodify` does not delete a single specific value from any attribute in `cn=config`

      Currently, when you try to delete a value from any attribute in `cn=config`, the value remains in the attribute and the server might require a restart to fully remove it.

      Workaround: Remove the entire attribute, including all its values, by performing a modify operation without specifying any values. Then re-add the values you need. Alternatively, use the following `dsconf` command to remove a specific value without a server restart:

      [subs="+quotes"]
      ----
      # *dsconf _<instance_name>_ config delete _<attribute_name>_=_<undesired_value>_*
      ----
      Show
      .`ldapmodify` does not delete a single specific value from any attribute in `cn=config` Currently, when you try to delete a value from any attribute in `cn=config`, the value remains in the attribute and the server might require a restart to fully remove it. Workaround: Remove the entire attribute, including all its values, by performing a modify operation without specifying any values. Then re-add the values you need. Alternatively, use the following `dsconf` command to remove a specific value without a server restart: [subs="+quotes"] ---- # *dsconf _<instance_name>_ config delete _<attribute_name>_=_<undesired_value>_* ----
    • Done
    • None

      What were you trying to do that didn't work?

      Deleting some attribute (like nsslapd-haproxy-trusted-ip) doesn't work, requires server restart to get rid of the attribute.

      Please provide the package NVR for which bug is seen:

      389-ds-base-2.4.5-3.el9.x86_64

      How reproducible:

      always

      Steps to reproduce

      1.  Check if the attribute is present
      2.  Delete the attribute
      3.  Check if the attribute is still present
      4. Try to delete it again

      Expected results

      Attribute should be deleted

      Actual results

      Check if the attribute is present:

      # ldapsearch -xLLL -D cn=Directory\ Manager -w password -H ldap://localhost:389 -b cn=config nsslapd-haproxy-trusted-ip | grep haproxy
nsslapd-haproxy-trusted-ip: 127.0.0.1

      Try to delete it:

      # ldapmodify -D cn=Directory\ Manager -w password -H ldap://localhost:389 << EOF
dn: cn=config
changetype: modify
delete: nsslapd-haproxy-trusted-ip
nsslapd-haproxy-trusted-ip: 127.0.0.1
EOF
modifying entry "cn=config"

      Check if it was deleted:

      # ldapsearch -xLLL -D cn=Directory\ Manager -w password -H ldap://localhost:389 -b cn=config nsslapd-haproxy-trusted-ip | grep haproxy
nsslapd-haproxy-trusted-ip: 127.0.0.1

      Try to delete it again:

      # ldapmodify -D cn=Directory\ Manager -w password -H ldap://localhost:389 << EOF
dn: cn=config
changetype: modify
delete: nsslapd-haproxy-trusted-ip
nsslapd-haproxy-trusted-ip: 127.0.0.1
EOF
modifying entry "cn=config"
ldap_modify: No such attribute (16)

              spichugi@redhat.com Simon Pichugin
              vashirov@redhat.com Viktor Ashirov
              Simon Pichugin Simon Pichugin
              IdM DS QE IdM DS QE
              Evgenia Martyniuk Evgenia Martyniuk
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: