Bug 1074447
| Summary: | Part of DNA shared configuration is deleted after server restart | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Milan Kubík <mkubik> |
| Component: | 389-ds-base | Assignee: | mreynolds |
| Status: | CLOSED ERRATA | QA Contact: | Viktor Ashirov <vashirov> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | medium | ||
| Version: | 7.0 | CC: | nhosoi, nkinder, vashirov |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | 389-ds-base-1.3.3.1-1.el7 | Doc Type: | Bug Fix |
| Doc Text: |
Cause: Performing an update that triggers the plugin to assign a new value to an entry
Consequence: If using remote shared server settings, they get removed after DNA assigns a value. This means the settings lost, and DNA will not be able to retrieve a new range of numbers from that remote server.
Fix: Restore the remote shared server configuration when the plugin assigns a new value to a entry.
Result: The plugin continues to work as expected and contact remote shared servers when its range of numbers is exhausted.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-03-05 09:34:00 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Milan Kubík
2014-03-10 09:32:52 UTC
Upstream ticket: https://fedorahosted.org/389/ticket/47779 Fixed upstream. Verification steps [1] Setup a single instance using "dc=example,dc=com" [2] Create "ou=ranges,dc=example,dc=com" [3] Add this entry(or something similar) dn: dnaHostname=localhost.localdomain+dnaPortNum=389,ou=ranges,dc=example,dc=com objectClass: extensibleObject objectClass: top dnaHostname: localhost.localdomain dnaPortNum: 389 dnaSecurePortNum: 636 dnaRemainingValues: 500 dnaRemoteBindMethod: SIMPLE dnaRemoteConnProtocol: LDAP [4] Add this entry to cn=config dn: cn=DNA Config Entry,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn =config objectClass: top objectClass: extensibleObject cn: DNA Config Entry dnaType: description dnaInterval: 1 dnaMaxValue: 5000 dnaMagicRegen: 0 dnaThreshold: 100 dnaFilter: (objectclass=groupofuniquenames) dnaScope: dc=example,dc=com dnaSharedCfgDN: ou=ranges,dc=example,dc=com dnaNextValue: 500 dnaRemoteBindDN: uid=replica,cn=config dnaRemoteBindCred: password [5] Enable the DNA plugin [6] Add a group with a "description" attribute set to 0: dn: cn=group,dc=example,dc=com objectclass: top objectclass: groupofuniquenames cn: group description: 0 [7] Wait 30 seconds, and check to see if the shared config entry (dnaHostname=localhost.localdomain+dnaPortNum=389,ou=ranges,dc=example,dc=com) still has the these two attributes: dnaRemoteBindMethod dnaRemoteConnProtocol [8] Restart the server [9] Modify the group we just created, and reset the description attribute to 0: dn: cn=group,dc=example,dc=com changetype: modify replace: description description: 0 [10] Wait 30 seconds [11] Check the shared config entry again, and make sure it still has those two dna remote server settings(like from step 7). Bug is verified if configuration is still present in the entry. *** Bug 1074444 has been marked as a duplicate of this bug. *** $ rpm -qa | grep 389 389-ds-base-libs-1.3.3.1-12.el7.x86_64 389-ds-base-debuginfo-1.3.3.1-12.el7.x86_64 389-ds-base-1.3.3.1-12.el7.x86_64 [1] Setup a single instance using "dc=example,dc=com" [2] Create "ou=ranges,dc=example,dc=com" $ ldapmodify -D "cn=Directory Manager" -w Secret123 << EOF dn: ou=ranges,dc=example,dc=com changetype: add ou: ranges objectClass: top objectClass: organizationalunit EOF adding new entry "ou=ranges,dc=example,dc=com" [3] Add this entry(or something similar) $ ldapmodify -D "cn=Directory Manager" -w Secret123 << EOF dn: dnaHostname=rhel7.brq.redhat.com+dnaPortNum=389,ou=ranges,dc=example,dc=com changetype: add objectClass: dnaSharedConfig objectClass: top dnaHostname: rhel7.brq.redhat.com dnaPortNum: 389 dnaSecurePortNum: 636 dnaRemainingValues: 500 dnaRemoteBindMethod: SIMPLE dnaRemoteConnProtocol: LDAP EOF adding new entry "dnaHostname=rhel7.brq.redhat.com+dnaPortNum=389,ou=ranges,dc=example,dc=com" [4] Add this entry to cn=config $ ldapmodify -D "cn=Directory Manager" -w Secret123 << EOF dn: cn=DNA Config Entry,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config changetype: add objectClass: top objectClass: extensibleObject cn: DNA Config Entry dnaType: description dnaInterval: 1 dnaMaxValue: 5000 dnaMagicRegen: 0 dnaThreshold: 100 dnaFilter: (objectclass=groupofuniquenames) dnaScope: dc=example,dc=com dnaSharedCfgDN: ou=ranges,dc=example,dc=com dnaNextValue: 500 dnaRemoteBindDN: cn=Directory Manager dnaRemoteBindCred: Secret123 EOF adding new entry "cn=DNA Config Entry,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" [5] Enable the DNA plugin $ ldapmodify -D "cn=Directory Manager" -w Secret123 << EOF dn: cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config changetype: modify replace: nsslapd-pluginEnabled nsslapd-pluginEnabled: on EOF modifying entry "cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" [6] Add a group with a "description" attribute set to 0: ldapmodify -D "cn=Directory Manager" -w Secret123 << EOF dn: cn=group,dc=example,dc=com changetype: add objectclass: top objectclass: groupofuniquenames cn: group description: 0 EOF adding new entry "cn=group,dc=example,dc=com" [7] Wait 30 seconds, and check to see if the shared config entry (dnaHostname=localhost.localdomain+dnaPortNum=389,ou=ranges,dc=example,dc=com) still has the these two attributes: dnaRemoteBindMethod dnaRemoteConnProtocol $ ldapsearch -LLL -o ldif-wrap=no -D "cn=Directory Manager" -w Secret123 -b "dnaHostname=rhel7.brq.redhat.com+dnaPortNum=389,ou=ranges,dc=example,dc=com" dnaRemoteBindMethod dnaRemoteConnProtocol dn: dnaHostname=rhel7.brq.redhat.com+dnaPortNum=389,ou=ranges,dc=example,dc=com dnaRemoteBindMethod: SIMPLE dnaRemoteConnProtocol: LDAP [8] Restart the server $ sudo systemctl restart dirsrv.target [9] Modify the group we just created, and reset the description attribute to 0: $ ldapmodify -D "cn=Directory Manager" -w Secret123 << EOF dn: cn=group,dc=example,dc=com changetype: modify replace: description description: 0 EOF modifying entry "cn=group,dc=example,dc=com" [10] Wait 30 seconds [11] Check the shared config entry again, and make sure it still has those two dna remote server settings(like from step 7). $ ldapsearch -LLL -o ldif-wrap=no -D "cn=Directory Manager" -w Secret123 -b "dnaHostname=rhel7.brq.redhat.com+dnaPortNum=389,ou=ranges,dc=example,dc=com" dnaRemoteBindMethod dnaRemoteConnProtocol dn: dnaHostname=rhel7.brq.redhat.com+dnaPortNum=389,ou=ranges,dc=example,dc=com dnaRemoteBindMethod: SIMPLE dnaRemoteConnProtocol: LDAP Configuration is still present in the entry. Marking as VERIFIED. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-0416.html |