Bug 1614501

Summary: Disable nunc-stans by default
Product: Red Hat Enterprise Linux 7 Reporter: mreynolds
Component: 389-ds-baseAssignee: mreynolds
Status: CLOSED ERRATA QA Contact: RHDS QE <ds-qe-bugs>
Severity: high Docs Contact: Marc Muehlfeld <mmuehlfe>
Priority: high    
Version: 7.4CC: gparente, mhonek, msauton, nkinder, rmeggins, spichugi, tbordaz, vashirov
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 389-ds-base-1.3.8.4-10.el7 Doc Type: Bug Fix
Doc Text:
The default of the "nsslapd-enable-nunc-stans" parameter has been changed to "off" Previously, the nucn-stans framework was enabled by default in Directory Server, but the framework is not stable. As a consequence, deadlocks and file descriptor leaks could occur. This update changes the default value of the "nsslapd-enable-nunc-stans" parameter to "off". As a result, Directory Server is now stable.
Story Points: ---
Clone Of:
: 1614836 (view as bug list) Environment:
Last Closed: 2018-10-30 10:15:00 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On:    
Bug Blocks: 1614836    

Description mreynolds 2018-08-09 18:28:54 UTC
This bug is created as a clone of upstream ticket:
https://pagure.io/389-ds-base/issue/49893

#### Issue Description

Currently nunc-stans is not stable, and we need to turn if off by default until the FD leak and deadlock is resolved.

Comment 4 Viktor Ashirov 2018-08-12 18:12:46 UTC
Build tested: 389-ds-base-1.3.8.4-10.el7.x86_64

On a fresh instance:
[root@server ds]# ldapsearch -xLLL -D cn=Directory\ Manager -w password -b cn=config -s base nsslapd-enable-nunc-stans
dn: cn=config
nsslapd-enable-nunc-stans: off

[root@server ds]# pstack $(pidof ns-slapd) | grep nunc-stans -c
0

Nunc-stans is disabled by default, marking as VERIFIED.

Comment 7 errata-xmlrpc 2018-10-30 10:15:00 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:3127