Bug 1013736
Summary: | Enabling/Disabling DNA plug-in throws "ldap_modify: Server Unwilling to Perform (53)" error | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Sankar Ramalingam <sramling> |
Component: | 389-ds-base | Assignee: | Rich Megginson <rmeggins> |
Status: | CLOSED ERRATA | QA Contact: | Viktor Ashirov <vashirov> |
Severity: | high | Docs Contact: | |
Priority: | medium | ||
Version: | 7.0 | CC: | nhosoi, nkinder |
Target Milestone: | rc | ||
Target Release: | 7.1 | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | 389-ds-base-1.3.3.1-1.el7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-03-05 09:31:06 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Sankar Ramalingam
2013-09-30 16:47:10 UTC
So is the problem that you receive an err=53 when you attempt to enable DNA and it is already enabled? (In reply to Nathan Kinder from comment #2) > So is the problem that you receive an err=53 when you attempt to enable DNA > and it is already enabled? Yes, but it requires a server restart. The exact steps to reproduce... 1). Enable DNA plugin. ldapmodify -x -p $PORTS -h localhost -D "cn=Directory Manager" -w Secret123 -f modify.ldif 2). Restart directory server instance. 3). Enable plugin with the same ldapmodify command. The same problem occurs with 1.3.1.x packages too on RHEL7. It looks like any change to the main DNA config entry when DNA is enabled is rejected at the pre-op stage in dna_parse_config_entry(): -------------------------------------------------------------------- /* If this is the main DNA plug-in * config entry, just bail. */ if (strcasecmp(getPluginDN(), slapi_entry_get_ndn(e)) == 0) { ret = DNA_FAILURE; goto bail; } -------------------------------------------------------------------- Returning DNA_FAILURE will cause LDAP_UNWILLING_TO_PERFORM to be returned to the client. The purpose of dna_parse_config_entry() is to validate range config entries, which are children of the main DNA config entry. We want to skip validation of the main DNA config entry, but we shouldn't be rejecting the operation. I believe that the above code snippet should just return DNA_SUCCESS to allow validation to be skipped for the main DNA config entry. Upstream ticket: https://fedorahosted.org/389/ticket/47539 Running ldapmodify to enable memberOf and DNA plugin works fine. Hence, marking the bug as Verified.
[root@vm-idm-035 slapd-test3]# /usr/bin/ldapmodify -x -h localhost -p 1189 -D "cn=Directory Manager" -w Secret123 << EOF
dn: cn=memberOf Plugin,cn=plugins,cn=config
changetype: modify
replace: nsslapd-pluginEnabled
nsslapd-pluginEnabled: On
EOF
modifying entry "cn=memberOf Plugin,cn=plugins,cn=config"
[root@vm-idm-035 slapd-test3]# /usr/bin/ldapmodify -x -h localhost -p 1189 -D "cn=Directory Manager" -w Secret123 << EOF
dn: cn=memberOf Plugin,cn=plugins,cn=config
changetype: modify
replace: nsslapd-pluginEnabled
nsslapd-pluginEnabled: On
EOF
modifying entry "cn=memberOf Plugin,cn=plugins,cn=config"
[root@vm-idm-035 slapd-test3]# /usr/bin/ldapmodify -x -h localhost -p 1189 -D "cn=Directory Manager" -w Secret123 << EOF
dn: cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
> changetype: modify
> replace: nsslapd-pluginEnabled
> nsslapd-pluginEnabled: On
>
> EOF
modifying entry "cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config"
[root@vm-idm-035 slapd-test3]# /usr/bin/ldapmodify -x -h localhost -p 1189 -D "cn=Directory Manager" -w Secret123 << EOF
dn: cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
changetype: modify
replace: nsslapd-pluginEnabled
nsslapd-pluginEnabled: On
EOF
modifying entry "cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config"
Build tested: [root@vm-idm-035 slapd-test3]# rpm -qa |egrep '389-ds-base' 389-ds-base-libs-1.3.3.1-9.el7.x86_64 389-ds-base-1.3.3.1-9.el7.x86_64 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-0416.html |