Page MenuHomekolab.org

Editing a domain in hosted mode throws error 500
Open, Needs TriagePublic

Description

When editing a domain in hosted mode the webadmin sends an invalid set of attributes to the ldap servers and therefore denys changes to a given domain object. The hidden attribute domainrelatedobject_onlygets forwarded to the ldap server:

/var/log/kolab-webadmin/console

[08-Nov-2019 19:38:01 +0100](865jrltn0cks8mpqki6m75a6od): [DEBUG] (api) Net_LDAP3::modify_entry() using rdn attribute: associateddomain
[08-Nov-2019 19:38:01 +0100](865jrltn0cks8mpqki6m75a6od): [DEBUG] (api) Attribute associateddomain unchanged
[08-Nov-2019 19:38:01 +0100](865jrltn0cks8mpqki6m75a6od): [DEBUG] (api) Attribute inetdomainstatus changed from 'active' to 'suspended'
[08-Nov-2019 19:38:01 +0100](865jrltn0cks8mpqki6m75a6od): [DEBUG] (api) Adding to replace: inetdomainstatus
[08-Nov-2019 19:38:01 +0100](865jrltn0cks8mpqki6m75a6od): [DEBUG] (api) Attribute aci unchanged
[08-Nov-2019 19:38:01 +0100](865jrltn0cks8mpqki6m75a6od): [DEBUG] (api) Attribute objectclass unchanged
[08-Nov-2019 19:38:01 +0100](865jrltn0cks8mpqki6m75a6od): [DEBUG] (api) Attribute inetdomainbasedn unchanged
[08-Nov-2019 19:38:01 +0100](865jrltn0cks8mpqki6m75a6od): [DEBUG] (api) array (
  'add' => 
  array (
    'domainrelatedobject_only' => 1,
  ),
  'del' => 
  array (
  ),
  'replace' => 
  array (
    'inetdomainstatus' => 
    array (
      0 => 'suspended',
    ),
  ),
  'rename' => 
  array (
  ),
)
[08-Nov-2019 19:38:01 +0100](865jrltn0cks8mpqki6m75a6od): [DEBUG] (api) C: Mod-Replace associateddomain=example.org,ou=Domains,dc=dotlan,dc=info: {"inetdomainstatus":["suspended"]}
[08-Nov-2019 19:38:01 +0100](865jrltn0cks8mpqki6m75a6od): [DEBUG] (api) S: OK
[08-Nov-2019 19:38:01 +0100](865jrltn0cks8mpqki6m75a6od): [DEBUG] (api) C: Mod-Add associateddomain=example.org,ou=Domains,dc=dotlan,dc=info: {"domainrelatedobject_only":1}
[08-Nov-2019 19:38:01 +0100](865jrltn0cks8mpqki6m75a6od): [DEBUG] (api) S: Object class violation

/var/log/dirsrv/slapd-kolab/errors

[08/Nov/2019:13:19:20.459275724 +0100] - ERR - oc_check_allowed_sv - Entry "associateddomain=example.org,ou=Domains,dc=dotlan,dc=info" -- attribute "domainrelatedobject_only" not allowed

The solution is to fix LDAP::domain_edit and strip the attribute from the attributes list (similar to domain_add method)

Details

Ticket Type
Task