Bug(s) fixed: 170350

Bug Description: RHDS to AD: entries with constraint violations not sync'ed
Reviewed by: Nathan and Noriko (Thanks!)
Branch: Directory71RtmBranch and HEAD
Fix Description: The DS correctly rejects the change and continues when
it gets a constraint violation from Windows AD in response to an
update.  However, there is no way for the admin to know that this
occurred, and no easy way to find out what the problem is or how to fix
it.  This fix just logs the error message from Windows at the default
log level, so an admin can know which entry and attribute had a
problem.  Other log messages are logged at the repl log level, as
before.  The other part of this is to remove the extraneous new line
chars from the Windows error message.
Platforms tested: RHEL4
Flag Day: no
Doc impact: Yes.  We need to document a way for the user to fix the
problem and then re-sync the entry over to Windows.  We also need a link
to detailed information about AD error messages.
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none

1 files changed, 29 insertions, 7 deletions

diff --git a/ldap/servers/plugins/replication/windows_connection.c b/ldap/servers/plugins/replication/windows_connection.c
index 106972df..efed4263 100644
--- a/ldap/servers/plugins/replication/windows_connection.c
+++ b/ldap/servers/plugins/replication/windows_connection.c
@@ -385,6 +385,7 @@ windows_perform_operation(Repl_Connection *conn, int optype, const char *dn,
 				char *errmsg = NULL;
 				char **referrals = NULL;
 				char *matched = NULL;
+                char *ptr;
 
 				rc = ldap_parse_result(conn->ld, res, &err, &matched,
 									   &errmsg, &referrals, &loc_returned_controls,
@@ -433,13 +434,34 @@ windows_perform_operation(Repl_Connection *conn, int optype, const char *dn,
 					}
 					return_value = LDAP_SUCCESS == conn->last_ldap_error ? CONN_OPERATION_SUCCESS : CONN_OPERATION_FAILED;
 				}
-				slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
-					"%s: Received result code %d for %s operation %s%s\n",
-					agmt_get_long_name(conn->agmt),
-					conn->last_ldap_error,
-					op_string == NULL ? "" : op_string,
-					extra_op_string == NULL ? "" : extra_op_string,
-					extra_op_string ==  NULL ? "" : " ");
+                /* remove extra newlines from AD error message */
+                for (ptr = errmsg; ptr && *ptr; ++ptr) {
+                    if ((*ptr == '\n') || (*ptr == '\r')) {
+                        *ptr = ' ';
+                    }
+                }
+                /* handle special case of constraint violation - give admin
+                   enough information to allow them to fix the problem
+                   and retry - bug 170350 */
+                if (conn->last_ldap_error == LDAP_CONSTRAINT_VIOLATION) {
+                    char ebuf[BUFSIZ];
+                    slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+						"%s: Received error [%s] when attempting to %s"
+                        " entry [%s]: Please correct the attribute specified "
+                        "in the error message.  Refer to the Windows Active "
+                        "Directory docs for more information.\n",
+						agmt_get_long_name(conn->agmt),
+						errmsg, op_string == NULL ? "" : op_string,
+						escape_string(dn, ebuf));
+                } else {
+                    slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
+						"%s: Received result code %d (%s) for %s operation %s%s\n",
+						agmt_get_long_name(conn->agmt),
+						conn->last_ldap_error, errmsg,
+						op_string == NULL ? "" : op_string,
+						extra_op_string == NULL ? "" : extra_op_string,
+						extra_op_string ==  NULL ? "" : " ");
+                }
 				/*
 				 * XXXggood do I need to free matched, referrals,
 				 * anything else? Or can I pass NULL for the args