{"update": {"autokarma": true, "autotime": true, "stable_karma": 1, "stable_days": 7, "unstable_karma": -1, "require_bugs": true, "require_testcases": true, "display_name": "", "notes": "Bump version to 2.1.2", "type": "bugfix", "status": "obsolete", "request": null, "severity": "unspecified", "suggest": "unspecified", "locked": false, "pushed": false, "critpath": false, "critpath_groups": null, "close_bugs": true, "date_submitted": "2022-06-03 21:29:10", "date_modified": null, "date_approved": null, "date_testing": null, "date_stable": null, "alias": "FEDORA-2022-e9c10b569e", "test_gating_status": "ignored", "from_tag": null, "date_pushed": null, "meets_testing_requirements": false, "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2022-e9c10b569e", "title": "389-ds-base-2.1.2-1.fc36", "version_hash": "a963fd1d812192999ead14c94306f80b2a82a6cf", "release": {"name": "F36", "long_name": "Fedora 36", "version": "36", "id_prefix": "FEDORA", "branch": "f36", "dist_tag": "f36", "stable_tag": "f36-updates", "testing_tag": "f36-updates-testing", "candidate_tag": "f36-updates-candidate", "pending_signing_tag": "f36-signing-pending", "pending_testing_tag": "f36-updates-testing-pending", "pending_stable_tag": "f36-updates-pending", "override_tag": "f36-override", "mail_template": "fedora_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": false, "package_manager": "dnf", "testing_repository": "updates-testing", "released_on": null, "eol": "2023-05-16", "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "mreynolds", "email": "mreynolds@redhat.com", "id": 1553, "avatar": "https://seccdn.libravatar.org/avatar/c9d8b945aebf33f6f600a4860cda68778f787b7e769ec8f8b7cb81adc0ef7a94?s=24&d=retro", "openid": "mreynolds.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "git389"}, {"name": "git389test"}, {"name": "gitrest389"}, {"name": "pagure_contributor"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by mreynolds. ", "timestamp": "2022-06-03 21:29:11", "update_id": 413295, "user_id": 91, "id": 2555178, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'ignored'.", "timestamp": "2022-06-03 21:29:12", "update_id": 413295, "user_id": 91, "id": 2555179, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": -1, "karma_critpath": 0, "text": "This seems to break openQA server deployment. After the server part proper is complete, when the server gets deployed as a client of itself, it seems to not believe the system is an IPA server:\n\nhttps://openqa.fedoraproject.org/tests/1288772#step/role_deploy_domain_controller/31\n\nLogs are [here](https://openqa.fedoraproject.org/tests/1288772/file/role_deploy_domain_controller-var_log.tar.gz).", "timestamp": "2022-06-03 22:41:36", "update_id": 413295, "user_id": 302, "id": 2555208, "bug_feedback": [], "testcase_feedback": [{"karma": 0, "comment_id": 2555208, "testcase_id": 142, "testcase": {"name": "QA:Testcase 389 ds base setup testcase", "id": 142}}, {"karma": 0, "comment_id": 2555208, "testcase_id": 143, "testcase": {"name": "QA:Testcase Create normalized dn cache testcase", "id": 143}}, {"karma": 0, "comment_id": 2555208, "testcase_id": 144, "testcase": {"name": "QA:Testcase Create normalized dn cache testcase2", "id": 144}}], "user": {"name": "adamwill", "email": "awilliam@redhat.com", "id": 302, "avatar": "https://seccdn.libravatar.org/avatar/51720fbb2ec5dfd2bc005ac374a3bfd3190cb8f45f3bb8d6bdf35fb6a051d03b?s=24&d=retro", "openid": "adamwill.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "qa-tools-sig"}, {"name": "fedora-contributor"}, {"name": "news"}, {"name": "gittriage"}, {"name": "sysadmin"}, {"name": "gitspin-kickstarts"}, {"name": "signed_fpca"}, {"name": "gitgeneric-release"}, {"name": "yak_farmers"}, {"name": "triagers"}, {"name": "qa"}, {"name": "sysadmin-qa"}, {"name": "fedorabugs"}, {"name": "ipausers"}, {"name": "gitmkinitrd"}, {"name": "qa-admin"}, {"name": "aws-qa"}, {"name": "change-wranglers"}, {"name": "fedora-ci-admins"}, {"name": "common-issues-triage"}, {"name": "sysadmin-main"}, {"name": "program-management"}, {"name": "gitfedora-project-schedule"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been obsoleted.", "timestamp": "2022-06-03 22:41:38", "update_id": 413295, "user_id": 91, "id": 2555209, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "Nothing obviously wrong in DS logs, but I suspect maybe its related to search filter changes.  I do see this in the last search in the DS access log (which returns nothing, but I don;t know if it should):\n\n```\n[03/Jun/2022:18:03:11.934907329 -0400] conn=14 op=3 SRCH base=\"cn=dns,dc=test,dc=openqa,dc=fedoraproject,dc=org\" scope=2 filter=\"(|(objectClass=idnsZone)(objectClass=idnsSecKey)(objectClass=ipk11PublicKey))\" attrs=ALL\n[03/Jun/2022:18:03:11.952468921 -0400] conn=14 op=3 RESULT err=0 tag=121 nentries=0 wtime=0.000511034 optime=0.017565393 etime=0.018072245\n```", "timestamp": "2022-06-03 23:14:15", "update_id": 413295, "user_id": 1553, "id": 2555212, "bug_feedback": [], "testcase_feedback": [{"karma": 0, "comment_id": 2555212, "testcase_id": 142, "testcase": {"name": "QA:Testcase 389 ds base setup testcase", "id": 142}}, {"karma": 0, "comment_id": 2555212, "testcase_id": 143, "testcase": {"name": "QA:Testcase Create normalized dn cache testcase", "id": 143}}, {"karma": 0, "comment_id": 2555212, "testcase_id": 144, "testcase": {"name": "QA:Testcase Create normalized dn cache testcase2", "id": 144}}], "user": {"name": "mreynolds", "email": "mreynolds@redhat.com", "id": 1553, "avatar": "https://seccdn.libravatar.org/avatar/c9d8b945aebf33f6f600a4860cda68778f787b7e769ec8f8b7cb81adc0ef7a94?s=24&d=retro", "openid": "mreynolds.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "git389"}, {"name": "git389test"}, {"name": "gitrest389"}, {"name": "pagure_contributor"}]}}, {"karma": 0, "karma_critpath": 0, "text": "It fails the ACL check for `info=IPA*` -- we probably need to add one more ACL here. Last time filter optimisations were added to 389-ds, we had to allow anonymous access to `parentId` attribute. This one works, so we actually get to analyze the entry and `info` attribute but the substring filter check fails:\n```\n[04/Jun/2022:04:30:15.252281782 +0000] - DEBUG - slapi_vattr_filter_test_ext_internal - acl result for dc=ipa,dc=test info = 0\n[04/Jun/2022:04:30:15.257616092 +0000] - DEBUG - test_substring_filter - <=\n[04/Jun/2022:04:30:15.263112679 +0000] - DEBUG - plugin_call_syntax_filter_sub_sv - =>\n[04/Jun/2022:04:30:15.268765357 +0000] - DEBUG - plugin_call_syntax_filter_sub_sv - <= -1\n[04/Jun/2022:04:30:15.274472700 +0000] - DEBUG - test_substring_filter - <= -1\n[04/Jun/2022:04:30:15.280911287 +0000] - DEBUG - ldbm_back_next_search_entry - Applying filter test intermediate value -1 \n[04/Jun/2022:04:30:15.286395220 +0000] - DEBUG - ldbm_back_next_search_entry - filter test value -1 dc=ipa,dc=test \n```\n\n`info` attribute is using caseIgnoreSubstringMatch:\n```\nattributeTypes: ( 0.9.2342.19200300.100.1.4 NAME 'info'\n  EQUALITY caseIgnoreMatch\n  SUBSTR caseIgnoreSubstringsMatch\n  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048}\n  X-ORIGIN 'RFC 4524' )\n```\n\nNot sure why it fails to match \"IPA*\" to \"IPA V2.0\"...", "timestamp": "2022-06-04 04:50:39", "update_id": 413295, "user_id": 1242, "id": 2555410, "bug_feedback": [], "testcase_feedback": [{"karma": 0, "comment_id": 2555410, "testcase_id": 142, "testcase": {"name": "QA:Testcase 389 ds base setup testcase", "id": 142}}, {"karma": 0, "comment_id": 2555410, "testcase_id": 143, "testcase": {"name": "QA:Testcase Create normalized dn cache testcase", "id": 143}}, {"karma": 0, "comment_id": 2555410, "testcase_id": 144, "testcase": {"name": "QA:Testcase Create normalized dn cache testcase2", "id": 144}}], "user": {"name": "abbra", "email": "abokovoy@redhat.com", "id": 1242, "avatar": "https://seccdn.libravatar.org/avatar/3f3c51cb81fb43e685e65ff696d895ac268ff71949128c02b81dec65a4405a0a?s=24&d=retro", "openid": "abbra.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "bind-dyndb-ldap"}, {"name": "gitfreeipa"}, {"name": "gitslapi-nis"}, {"name": "gitfreeipa-docs"}]}}, {"karma": 0, "karma_critpath": 0, "text": "Note that this happens with base search as opposed to subtree search. subtree search succeeds, base search fails. Easily reproducible.", "timestamp": "2022-06-04 04:51:47", "update_id": 413295, "user_id": 1242, "id": 2555411, "bug_feedback": [], "testcase_feedback": [{"karma": 0, "comment_id": 2555411, "testcase_id": 142, "testcase": {"name": "QA:Testcase 389 ds base setup testcase", "id": 142}}, {"karma": 0, "comment_id": 2555411, "testcase_id": 143, "testcase": {"name": "QA:Testcase Create normalized dn cache testcase", "id": 143}}, {"karma": 0, "comment_id": 2555411, "testcase_id": 144, "testcase": {"name": "QA:Testcase Create normalized dn cache testcase2", "id": 144}}], "user": {"name": "abbra", "email": "abokovoy@redhat.com", "id": 1242, "avatar": "https://seccdn.libravatar.org/avatar/3f3c51cb81fb43e685e65ff696d895ac268ff71949128c02b81dec65a4405a0a?s=24&d=retro", "openid": "abbra.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "bind-dyndb-ldap"}, {"name": "gitfreeipa"}, {"name": "gitslapi-nis"}, {"name": "gitfreeipa-docs"}]}}, {"karma": 0, "karma_critpath": 0, "text": "@abbra is there an aci that allows \"search\" access to the attribute \"info\"?", "timestamp": "2022-06-04 16:35:44", "update_id": 413295, "user_id": 1553, "id": 2555594, "bug_feedback": [], "testcase_feedback": [{"karma": 0, "comment_id": 2555594, "testcase_id": 142, "testcase": {"name": "QA:Testcase 389 ds base setup testcase", "id": 142}}, {"karma": 0, "comment_id": 2555594, "testcase_id": 143, "testcase": {"name": "QA:Testcase Create normalized dn cache testcase", "id": 143}}, {"karma": 0, "comment_id": 2555594, "testcase_id": 144, "testcase": {"name": "QA:Testcase Create normalized dn cache testcase2", "id": 144}}], "user": {"name": "mreynolds", "email": "mreynolds@redhat.com", "id": 1553, "avatar": "https://seccdn.libravatar.org/avatar/c9d8b945aebf33f6f600a4860cda68778f787b7e769ec8f8b7cb81adc0ef7a94?s=24&d=retro", "openid": "mreynolds.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "git389"}, {"name": "git389test"}, {"name": "gitrest389"}, {"name": "pagure_contributor"}]}}, {"karma": 0, "karma_critpath": 0, "text": "There is no such ACI. I tried to add one and it did not help at all for the base-level search:\n```\naci: (targetattr =\"info\")(version 3.0; acl \"Allow read info attributre\"; allow (read, search, compare) userdn = \"ldap:///anyone\"; )\n\n# ldapsearch -x -s base 'info=IPA*' \n# extended LDIF\n#\n# LDAPv3\n# base <dc=ipa,dc=test> (default) with scope baseObject\n# filter: info=IPA*\n# requesting: ALL\n#\n\n# search result\nsearch: 2\nresult: 0 Success\n\n# numResponses: 1\n```\n\nLogs show the same problem:\n```\n[05/Jun/2022:08:51:16.198153909 +0000] - DEBUG - ldbm_back_search - Applying Filter Test\n[05/Jun/2022:08:51:16.202704568 +0000] - DEBUG - slapi_filter_dup - type 0xA4\n[05/Jun/2022:08:51:16.207312682 +0000] - DEBUG - ldbm_back_next_search_entry - Applying filter test to dc=ipa,dc=test\n[05/Jun/2022:08:51:16.211947650 +0000] - DEBUG - slapi_vattr_filter_test_ext_internal - acl result for dc=ipa,dc=test info = 0\n[05/Jun/2022:08:51:16.217236035 +0000] - DEBUG - test_substring_filter - <=\n[05/Jun/2022:08:51:16.222032534 +0000] - DEBUG - plugin_call_syntax_filter_sub_sv - =>\n[05/Jun/2022:08:51:16.226706701 +0000] - DEBUG - plugin_call_syntax_filter_sub_sv - <= -1\n[05/Jun/2022:08:51:16.230683830 +0000] - DEBUG - test_substring_filter - <= -1\n[05/Jun/2022:08:51:16.234285453 +0000] - DEBUG - ldbm_back_next_search_entry - Applying filter test intermediate value -1 \n[05/Jun/2022:08:51:16.237644016 +0000] - DEBUG - ldbm_back_next_search_entry - filter test value -1 dc=ipa,dc=test \n\n```\n", "timestamp": "2022-06-05 08:53:24", "update_id": 413295, "user_id": 1242, "id": 2555848, "bug_feedback": [], "testcase_feedback": [{"karma": 0, "comment_id": 2555848, "testcase_id": 142, "testcase": {"name": "QA:Testcase 389 ds base setup testcase", "id": 142}}, {"karma": 0, "comment_id": 2555848, "testcase_id": 143, "testcase": {"name": "QA:Testcase Create normalized dn cache testcase", "id": 143}}, {"karma": 0, "comment_id": 2555848, "testcase_id": 144, "testcase": {"name": "QA:Testcase Create normalized dn cache testcase2", "id": 144}}], "user": {"name": "abbra", "email": "abokovoy@redhat.com", "id": 1242, "avatar": "https://seccdn.libravatar.org/avatar/3f3c51cb81fb43e685e65ff696d895ac268ff71949128c02b81dec65a4405a0a?s=24&d=retro", "openid": "abbra.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "bind-dyndb-ldap"}, {"name": "gitfreeipa"}, {"name": "gitslapi-nis"}, {"name": "gitfreeipa-docs"}]}}, {"karma": 0, "karma_critpath": 0, "text": "Need aci logging enabled for more info.  I'm trying to get a beaker box (which keeps aborting errr) so I can reproduce it with IPA, as I can not reproduce this outside of IPA.", "timestamp": "2022-06-06 13:02:33", "update_id": 413295, "user_id": 1553, "id": 2556345, "bug_feedback": [], "testcase_feedback": [{"karma": 0, "comment_id": 2556345, "testcase_id": 142, "testcase": {"name": "QA:Testcase 389 ds base setup testcase", "id": 142}}, {"karma": 0, "comment_id": 2556345, "testcase_id": 143, "testcase": {"name": "QA:Testcase Create normalized dn cache testcase", "id": 143}}, {"karma": 0, "comment_id": 2556345, "testcase_id": 144, "testcase": {"name": "QA:Testcase Create normalized dn cache testcase2", "id": 144}}], "user": {"name": "mreynolds", "email": "mreynolds@redhat.com", "id": 1553, "avatar": "https://seccdn.libravatar.org/avatar/c9d8b945aebf33f6f600a4860cda68778f787b7e769ec8f8b7cb81adc0ef7a94?s=24&d=retro", "openid": "mreynolds.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "git389"}, {"name": "git389test"}, {"name": "gitrest389"}, {"name": "pagure_contributor"}]}}, {"karma": 0, "karma_critpath": 0, "text": "Here is what happens with base search of `info=IPA*`:\n```\n+[06/Jun/2022:13:08:12.343840438 +0000] - DEBUG - NSACLPlugin - acllist_init_scan - Failed to find root for base: ou=sessions,ou=Security Domain,o=ipaca \n+[06/Jun/2022:13:08:12.356507249 +0000] - DEBUG - NSACLPlugin - acllist_init_scan - Failed to find root for base: ou=Security Domain,o=ipaca \n+[06/Jun/2022:13:08:12.361391107 +0000] - DEBUG - NSACLPlugin - acl_access_allowed - #### conn=19 op=680 binddn=\"uid=pkidbuser,ou=people,o=ipaca\"\n+[06/Jun/2022:13:08:12.365824440 +0000] - DEBUG - NSACLPlugin - acllist_aciscan_update_scan - Searching AVL tree for update:ou=security domain,o=ipaca: container:-1\n+[06/Jun/2022:13:08:12.370909035 +0000] - DEBUG - NSACLPlugin - acllist_aciscan_update_scan - Searching AVL tree for update:o=ipaca: container:56\n+[06/Jun/2022:13:08:12.375883972 +0000] - DEBUG - NSACLPlugin -     ************ RESOURCE INFO STARTS *********\n+[06/Jun/2022:13:08:12.380789585 +0000] - DEBUG - NSACLPlugin -     Client DN: uid=pkidbuser,ou=people,o=ipaca\n+[06/Jun/2022:13:08:12.385762561 +0000] - DEBUG - NSACLPlugin -     resource type:256(read target_DN )\n+[06/Jun/2022:13:08:12.390792507 +0000] - DEBUG - NSACLPlugin -     Slapi_Entry DN: ou=security domain,o=ipaca\n+[06/Jun/2022:13:08:12.395853820 +0000] - DEBUG - NSACLPlugin -     ATTR: 1.1\n+[06/Jun/2022:13:08:12.400879753 +0000] - DEBUG - NSACLPlugin -     rights:read\n+[06/Jun/2022:13:08:12.405875980 +0000] - DEBUG - NSACLPlugin -     ************ RESOURCE INFO ENDS   *********\n+[06/Jun/2022:13:08:12.411914914 +0000] - DEBUG - NSACLPlugin - acl__scan_for_acis - Using ACL Container:0 for evaluation\n+[06/Jun/2022:13:08:12.416800431 +0000] - DEBUG - NSACLPlugin - acl__scan_for_acis - Using ACL Container:1 for evaluation\n+[06/Jun/2022:13:08:12.421826331 +0000] - DEBUG - NSACLPlugin - ***BEGIN ACL INFO[ Name: \"cert manager access v2\"]***\n+[06/Jun/2022:13:08:12.426689787 +0000] - DEBUG - NSACLPlugin - ACL Index:264   ACL_ELEVEL:2\n+[06/Jun/2022:13:08:12.431688565 +0000] - DEBUG - NSACLPlugin - ACI type:(compare search read write delete add self target_attr acltxt allow_rule )\n+[06/Jun/2022:13:08:12.436924616 +0000] - DEBUG - NSACLPlugin - ACI RULE type:(userdn )\n+[06/Jun/2022:13:08:12.442151383 +0000] - DEBUG - NSACLPlugin - Slapi_Entry DN:o=ipaca\n+[06/Jun/2022:13:08:12.447058047 +0000] - DEBUG - NSACLPlugin - ***END ACL INFO*****************************\n+[06/Jun/2022:13:08:12.451955111 +0000] - DEBUG - NSACLPlugin - ***BEGIN ACL INFO[ Name: \"cert manager access v2\"]***\n+[06/Jun/2022:13:08:12.456967336 +0000] - DEBUG - NSACLPlugin - ACL Index:264   ACL_ELEVEL:2\n+[06/Jun/2022:13:08:12.461916485 +0000] - DEBUG - NSACLPlugin - ACI type:(compare search read write delete add self target_attr acltxt allow_rule )\n+[06/Jun/2022:13:08:12.466860359 +0000] - DEBUG - NSACLPlugin - ACI RULE type:(userdn )\n+[06/Jun/2022:13:08:12.471926679 +0000] - DEBUG - NSACLPlugin - Slapi_Entry DN:o=ipaca\n+[06/Jun/2022:13:08:12.477274282 +0000] - DEBUG - NSACLPlugin - ***END ACL INFO*****************************\n+[06/Jun/2022:13:08:12.482170744 +0000] - DEBUG - NSACLPlugin - acl__scan_for_acis - Num of ALLOW Handles:2, DENY handles:0\n+[06/Jun/2022:13:08:12.487130500 +0000] - DEBUG - NSACLPlugin - acl_access_allowed - Processed attr:1.1 for entry:ou=security domain,o=ipaca\n+[06/Jun/2022:13:08:12.491968332 +0000] - DEBUG - NSACLPlugin - acl__TestRights - 1. Evaluating ALLOW aci(264) \" \"cert manager access v2\"\"\n+[06/Jun/2022:13:08:12.497399012 +0000] - DEBUG - NSACLPlugin - print_access_control_summary - conn=19 op=680 (main): Allow read on entry(ou=security domain,o=ipaca).attr(1.1) to uid=pkidbuser,ou=people,o=ipaca: allowed by aci(264): aciname= \"cert manager access v2\", acidn=\"o=ipaca\"\n+[06/Jun/2022:13:08:13.844720217 +0000] - DEBUG - NSACLPlugin - aclanom_match_profile - conn=139 op=1: Allow access on entry(dc=ipa,dc=test).attr(info) to anonymous: acidn=\"dc=ipa,dc=test\"\n+[06/Jun/2022:13:08:13.855111476 +0000] - DEBUG - NSACLPlugin - print_access_control_summary - conn=139 op=1 (main): Allow search on entry(dc=ipa,dc=test).attr(info) to anonymous: allow anyone aci matched anon user\n\n```", "timestamp": "2022-06-06 13:09:23", "update_id": 413295, "user_id": 1242, "id": 2556366, "bug_feedback": [], "testcase_feedback": [{"karma": 0, "comment_id": 2556366, "testcase_id": 142, "testcase": {"name": "QA:Testcase 389 ds base setup testcase", "id": 142}}, {"karma": 0, "comment_id": 2556366, "testcase_id": 143, "testcase": {"name": "QA:Testcase Create normalized dn cache testcase", "id": 143}}, {"karma": 0, "comment_id": 2556366, "testcase_id": 144, "testcase": {"name": "QA:Testcase Create normalized dn cache testcase2", "id": 144}}], "user": {"name": "abbra", "email": "abokovoy@redhat.com", "id": 1242, "avatar": "https://seccdn.libravatar.org/avatar/3f3c51cb81fb43e685e65ff696d895ac268ff71949128c02b81dec65a4405a0a?s=24&d=retro", "openid": "abbra.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "bind-dyndb-ldap"}, {"name": "gitfreeipa"}, {"name": "gitslapi-nis"}, {"name": "gitfreeipa-docs"}]}}, {"karma": 0, "karma_critpath": 0, "text": "actually, only the last two lines:\n```\n+[06/Jun/2022:13:10:02.062099039 +0000] - DEBUG - NSACLPlugin - aclanom_match_profile - conn=140 op=1: Allow access on entry(dc=ipa,dc=test).attr(info) to anonymous: acidn=\"dc=ipa,dc=test\"\n+[06/Jun/2022:13:10:02.072689856 +0000] - DEBUG - NSACLPlugin - print_access_control_summary - conn=140 op=1 (main): Allow search on entry(dc=ipa,dc=test).attr(info) to anonymous: allow anyone aci matched anon user\n\n```", "timestamp": "2022-06-06 13:10:39", "update_id": 413295, "user_id": 1242, "id": 2556367, "bug_feedback": [], "testcase_feedback": [{"karma": 0, "comment_id": 2556367, "testcase_id": 142, "testcase": {"name": "QA:Testcase 389 ds base setup testcase", "id": 142}}, {"karma": 0, "comment_id": 2556367, "testcase_id": 143, "testcase": {"name": "QA:Testcase Create normalized dn cache testcase", "id": 143}}, {"karma": 0, "comment_id": 2556367, "testcase_id": 144, "testcase": {"name": "QA:Testcase Create normalized dn cache testcase2", "id": 144}}], "user": {"name": "abbra", "email": "abokovoy@redhat.com", "id": 1242, "avatar": "https://seccdn.libravatar.org/avatar/3f3c51cb81fb43e685e65ff696d895ac268ff71949128c02b81dec65a4405a0a?s=24&d=retro", "openid": "abbra.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "bind-dyndb-ldap"}, {"name": "gitfreeipa"}, {"name": "gitslapi-nis"}, {"name": "gitfreeipa-docs"}]}}, {"karma": 0, "karma_critpath": 0, "text": "Here is combined log for ACI and filter logging:\n```\n+[06/Jun/2022:13:13:28.953135887 +0000] - DEBUG - slapi_str2filter - \"(|(objectclass=*)(objectclass=ldapsubentry))\"\n+[06/Jun/2022:13:13:28.964415227 +0000] - DEBUG - slapi_str2filter - OR\n+[06/Jun/2022:13:13:28.967611694 +0000] - DEBUG - str2list - \"(objectclass=*)(objectclass=ldapsubentry)\"\n+[06/Jun/2022:13:13:28.971022125 +0000] - DEBUG - slapi_str2filter - \"(objectclass=*)\"\n+[06/Jun/2022:13:13:28.973902870 +0000] - DEBUG - slapi_str2filter - simple\n+[06/Jun/2022:13:13:28.976724299 +0000] - DEBUG - str2simple - \"objectclass=*\"\n+[06/Jun/2022:13:13:28.979573464 +0000] - DEBUG - slapi_str2filter - \"(objectclass=ldapsubentry)\"\n+[06/Jun/2022:13:13:28.984881770 +0000] - DEBUG - slapi_str2filter - simple\n+[06/Jun/2022:13:13:28.989922981 +0000] - DEBUG - str2simple - \"objectclass=ldapsubentry\"\n+[06/Jun/2022:13:13:28.995363961 +0000] - DEBUG - ldbm_back_search - Applying Filter Test\n+[06/Jun/2022:13:13:29.000039166 +0000] - DEBUG - slapi_filter_dup - type 0xA1\n+[06/Jun/2022:13:13:29.005329015 +0000] - DEBUG - slapi_filter_dup - type 0x87\n+[06/Jun/2022:13:13:29.009906800 +0000] - DEBUG - slapi_filter_dup - type 0xA3\n+[06/Jun/2022:13:13:29.014971165 +0000] - DEBUG - ldbm_back_next_search_entry - Applying filter test to cn=anonymous-limits,cn=etc,dc=ipa,dc=test\n+[06/Jun/2022:13:13:29.020002971 +0000] - DEBUG - vattr_test_filter_list_or - =>\n+[06/Jun/2022:13:13:29.025043116 +0000] - DEBUG - slapi_vattr_filter_test_ext_internal - acl result for cn=anonymous-limits,cn=etc,dc=ipa,dc=test objectClass = 0\n+[06/Jun/2022:13:13:29.030577011 +0000] - DEBUG - vattr_test_filter_list_or - <= 0\n+[06/Jun/2022:13:13:29.036205982 +0000] - DEBUG - ldbm_back_next_search_entry - Applying filter test intermediate value 0 \n+[06/Jun/2022:13:13:29.042930231 +0000] - DEBUG - vattr_test_filter_list_or - =>\n+[06/Jun/2022:13:13:29.048183383 +0000] - DEBUG - vattr_test_filter_list_or - <= 0\n+[06/Jun/2022:13:13:29.054006213 +0000] - DEBUG - ldbm_back_next_search_entry - filter test value 0 cn=anonymous-limits,cn=etc,dc=ipa,dc=test \n+[06/Jun/2022:13:13:29.059548027 +0000] - DEBUG - slapi_filter_free - type 0xA1\n+[06/Jun/2022:13:13:29.065136827 +0000] - DEBUG - slapi_filter_free - type 0x87\n+[06/Jun/2022:13:13:29.070585395 +0000] - DEBUG - slapi_filter_free - type 0xA3\n+[06/Jun/2022:13:13:29.076324701 +0000] - DEBUG - slapi_filter_free - type 0xA1\n+[06/Jun/2022:13:13:29.082238416 +0000] - DEBUG - slapi_filter_free - type 0x87\n+[06/Jun/2022:13:13:29.088119587 +0000] - DEBUG - slapi_filter_free - type 0xA3\n+[06/Jun/2022:13:13:29.113485741 +0000] - DEBUG - slapi_str2filter - \"(|(objectclass=*)(objectclass=ldapsubentry))\"\n+[06/Jun/2022:13:13:29.117694813 +0000] - DEBUG - slapi_str2filter - OR\n+[06/Jun/2022:13:13:29.121729501 +0000] - DEBUG - str2list - \"(objectclass=*)(objectclass=ldapsubentry)\"\n+[06/Jun/2022:13:13:29.125811545 +0000] - DEBUG - slapi_str2filter - \"(objectclass=*)\"\n+[06/Jun/2022:13:13:29.133204706 +0000] - DEBUG - slapi_str2filter - simple\n+[06/Jun/2022:13:13:29.137123220 +0000] - DEBUG - str2simple - \"objectclass=*\"\n+[06/Jun/2022:13:13:29.140973176 +0000] - DEBUG - slapi_str2filter - \"(objectclass=ldapsubentry)\"\n+[06/Jun/2022:13:13:29.144958312 +0000] - DEBUG - slapi_str2filter - simple\n+[06/Jun/2022:13:13:29.148766260 +0000] - DEBUG - str2simple - \"objectclass=ldapsubentry\"\n+[06/Jun/2022:13:13:29.152530122 +0000] - DEBUG - ldbm_back_search - Applying Filter Test\n+[06/Jun/2022:13:13:29.156508675 +0000] - DEBUG - slapi_filter_dup - type 0xA1\n+[06/Jun/2022:13:13:29.160444626 +0000] - DEBUG - slapi_filter_dup - type 0x87\n+[06/Jun/2022:13:13:29.164325629 +0000] - DEBUG - slapi_filter_dup - type 0xA3\n+[06/Jun/2022:13:13:29.167929892 +0000] - DEBUG - ldbm_back_next_search_entry - Applying filter test to cn=anonymous-limits,cn=etc,dc=ipa,dc=test\n+[06/Jun/2022:13:13:29.171834573 +0000] - DEBUG - vattr_test_filter_list_or - =>\n+[06/Jun/2022:13:13:29.175602057 +0000] - DEBUG - slapi_vattr_filter_test_ext_internal - acl result for cn=anonymous-limits,cn=etc,dc=ipa,dc=test objectClass = 0\n+[06/Jun/2022:13:13:29.179339397 +0000] - DEBUG - vattr_test_filter_list_or - <= 0\n+[06/Jun/2022:13:13:29.183060721 +0000] - DEBUG - ldbm_back_next_search_entry - Applying filter test intermediate value 0 \n+[06/Jun/2022:13:13:29.187074021 +0000] - DEBUG - vattr_test_filter_list_or - =>\n+[06/Jun/2022:13:13:29.192102791 +0000] - DEBUG - vattr_test_filter_list_or - <= 0\n+[06/Jun/2022:13:13:29.197102760 +0000] - DEBUG - ldbm_back_next_search_entry - filter test value 0 cn=anonymous-limits,cn=etc,dc=ipa,dc=test \n+[06/Jun/2022:13:13:29.202198549 +0000] - DEBUG - slapi_filter_free - type 0xA1\n+[06/Jun/2022:13:13:29.210677830 +0000] - DEBUG - slapi_filter_free - type 0x87\n+[06/Jun/2022:13:13:29.216120160 +0000] - DEBUG - slapi_filter_free - type 0xA3\n+[06/Jun/2022:13:13:29.221971155 +0000] - DEBUG - slapi_filter_free - type 0xA1\n+[06/Jun/2022:13:13:29.227671591 +0000] - DEBUG - slapi_filter_free - type 0x87\n+[06/Jun/2022:13:13:29.232923786 +0000] - DEBUG - slapi_filter_free - type 0xA3\n+[06/Jun/2022:13:13:29.238736531 +0000] - DEBUG - slapi_str2filter - \"(|(objectclass=*)(objectclass=ldapsubentry))\"\n+[06/Jun/2022:13:13:29.243687920 +0000] - DEBUG - slapi_str2filter - OR\n+[06/Jun/2022:13:13:29.248916909 +0000] - DEBUG - str2list - \"(objectclass=*)(objectclass=ldapsubentry)\"\n+[06/Jun/2022:13:13:29.255138851 +0000] - DEBUG - slapi_str2filter - \"(objectclass=*)\"\n+[06/Jun/2022:13:13:29.259687640 +0000] - DEBUG - slapi_str2filter - simple\n+[06/Jun/2022:13:13:29.265004598 +0000] - DEBUG - str2simple - \"objectclass=*\"\n+[06/Jun/2022:13:13:29.269901968 +0000] - DEBUG - slapi_str2filter - \"(objectclass=ldapsubentry)\"\n+[06/Jun/2022:13:13:29.275169955 +0000] - DEBUG - slapi_str2filter - simple\n+[06/Jun/2022:13:13:29.280567125 +0000] - DEBUG - str2simple - \"objectclass=ldapsubentry\"\n+[06/Jun/2022:13:13:29.286331111 +0000] - DEBUG - ldbm_back_search - Applying Filter Test\n+[06/Jun/2022:13:13:29.292582662 +0000] - DEBUG - slapi_filter_dup - type 0xA1\n+[06/Jun/2022:13:13:29.298275139 +0000] - DEBUG - slapi_filter_dup - type 0x87\n+[06/Jun/2022:13:13:29.303842130 +0000] - DEBUG - slapi_filter_dup - type 0xA3\n+[06/Jun/2022:13:13:29.309479481 +0000] - DEBUG - ldbm_back_next_search_entry - Applying filter test to cn=anonymous-limits,cn=etc,dc=ipa,dc=test\n+[06/Jun/2022:13:13:29.315283617 +0000] - DEBUG - vattr_test_filter_list_or - =>\n+[06/Jun/2022:13:13:29.320560479 +0000] - DEBUG - slapi_vattr_filter_test_ext_internal - acl result for cn=anonymous-limits,cn=etc,dc=ipa,dc=test objectClass = 0\n+[06/Jun/2022:13:13:29.326328688 +0000] - DEBUG - vattr_test_filter_list_or - <= 0\n+[06/Jun/2022:13:13:29.331496077 +0000] - DEBUG - ldbm_back_next_search_entry - Applying filter test intermediate value 0 \n+[06/Jun/2022:13:13:29.337173488 +0000] - DEBUG - vattr_test_filter_list_or - =>\n+[06/Jun/2022:13:13:29.342547912 +0000] - DEBUG - vattr_test_filter_list_or - <= 0\n+[06/Jun/2022:13:13:29.348223515 +0000] - DEBUG - ldbm_back_next_search_entry - filter test value 0 cn=anonymous-limits,cn=etc,dc=ipa,dc=test \n+[06/Jun/2022:13:13:29.353798381 +0000] - DEBUG - slapi_filter_free - type 0xA1\n+[06/Jun/2022:13:13:29.358852392 +0000] - DEBUG - slapi_filter_free - type 0x87\n+[06/Jun/2022:13:13:29.364218475 +0000] - DEBUG - slapi_filter_free - type 0xA3\n+[06/Jun/2022:13:13:29.369373813 +0000] - DEBUG - slapi_filter_free - type 0xA1\n+[06/Jun/2022:13:13:29.375166907 +0000] - DEBUG - slapi_filter_free - type 0x87\n+[06/Jun/2022:13:13:29.380687065 +0000] - DEBUG - slapi_filter_free - type 0xA3\n+[06/Jun/2022:13:13:29.387214128 +0000] - DEBUG - get_filter_internal - ==>\n+[06/Jun/2022:13:13:29.392728770 +0000] - DEBUG - get_filter_internal - SUBSTRINGS\n+[06/Jun/2022:13:13:29.397932414 +0000] - DEBUG - get_substring_filter - =>\n+[06/Jun/2022:13:13:29.403027948 +0000] - DEBUG - get_substring_filter - INITIAL\n+[06/Jun/2022:13:13:29.408368569 +0000] - DEBUG - get_substring_filter - <=\n+[06/Jun/2022:13:13:29.412867418 +0000] - DEBUG - get_filter_internal - <= 0\n+[06/Jun/2022:13:13:29.417219999 +0000] - DEBUG - ldbm_back_search - Applying Filter Test\n+[06/Jun/2022:13:13:29.421480244 +0000] - DEBUG - slapi_filter_dup - type 0xA4\n+[06/Jun/2022:13:13:29.426477394 +0000] - DEBUG - ldbm_back_next_search_entry - Applying filter test to dc=ipa,dc=test\n+[06/Jun/2022:13:13:29.429986353 +0000] - DEBUG - NSACLPlugin - aclanom_match_profile - conn=146 op=1: Allow access on entry(dc=ipa,dc=test).attr(info) to anonymous: acidn=\"dc=ipa,dc=test\"\n+[06/Jun/2022:13:13:29.433268093 +0000] - DEBUG - NSACLPlugin - print_access_control_summary - conn=146 op=1 (main): Allow search on entry(dc=ipa,dc=test).attr(info) to anonymous: allow anyone aci matched anon user\n+[06/Jun/2022:13:13:29.436613977 +0000] - DEBUG - slapi_vattr_filter_test_ext_internal - acl result for dc=ipa,dc=test info = 0\n+[06/Jun/2022:13:13:29.440458560 +0000] - DEBUG - test_substring_filter - <=\n+[06/Jun/2022:13:13:29.442779432 +0000] - DEBUG - plugin_call_syntax_filter_sub_sv - =>\n+[06/Jun/2022:13:13:29.445428010 +0000] - DEBUG - plugin_call_syntax_filter_sub_sv - <= -1\n+[06/Jun/2022:13:13:29.449678520 +0000] - DEBUG - test_substring_filter - <= -1\n+[06/Jun/2022:13:13:29.452055005 +0000] - DEBUG - ldbm_back_next_search_entry - Applying filter test intermediate value -1 \n+[06/Jun/2022:13:13:29.454218717 +0000] - DEBUG - ldbm_back_next_search_entry - filter test value -1 dc=ipa,dc=test \n+[06/Jun/2022:13:13:29.456773877 +0000] - DEBUG - slapi_filter_free - type 0xA4\n+[06/Jun/2022:13:13:29.460149843 +0000] - DEBUG - slapi_filter_free - type 0xA4\n\n```", "timestamp": "2022-06-06 13:14:37", "update_id": 413295, "user_id": 1242, "id": 2556380, "bug_feedback": [], "testcase_feedback": [{"karma": 0, "comment_id": 2556380, "testcase_id": 142, "testcase": {"name": "QA:Testcase 389 ds base setup testcase", "id": 142}}, {"karma": 0, "comment_id": 2556380, "testcase_id": 143, "testcase": {"name": "QA:Testcase Create normalized dn cache testcase", "id": 143}}, {"karma": 0, "comment_id": 2556380, "testcase_id": 144, "testcase": {"name": "QA:Testcase Create normalized dn cache testcase2", "id": 144}}], "user": {"name": "abbra", "email": "abokovoy@redhat.com", "id": 1242, "avatar": "https://seccdn.libravatar.org/avatar/3f3c51cb81fb43e685e65ff696d895ac268ff71949128c02b81dec65a4405a0a?s=24&d=retro", "openid": "abbra.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "bind-dyndb-ldap"}, {"name": "gitfreeipa"}, {"name": "gitslapi-nis"}, {"name": "gitfreeipa-docs"}]}}], "builds": [{"nvr": "389-ds-base-2.1.2-1.fc36", "signed": true, "release_id": 56, "type": "rpm", "epoch": 0}], "bugs": [], "updateid": "FEDORA-2022-e9c10b569e", "karma": -1, "content_type": "rpm", "test_cases": [{"name": "QA:Testcase 389 ds base setup testcase", "id": 142}, {"name": "QA:Testcase Create normalized dn cache testcase", "id": 143}, {"name": "QA:Testcase Create normalized dn cache testcase2", "id": 144}]}, "can_edit": false, "ci_allowed": false}