Bug 1109443

Summary: Server hangs in cos_cache when adding a user entry
Product: Red Hat Enterprise Linux 6 Reporter: Noriko Hosoi <nhosoi>
Component: 389-ds-baseAssignee: Noriko Hosoi <nhosoi>
Status: CLOSED ERRATA QA Contact: Sankar Ramalingam <sramling>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 6.6CC: jgalipea, mkosek, nhosoi, nkinder, nsoman, rmeggins, spoore
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 389-ds-base-1.2.11.15-34.el6 Doc Type: Bug Fix
Doc Text:
Cause: In processing CoS definition entry, if cosTemplateDn is not yet given, when cosAttribute is processed, the entry's parent entry DN is set to cosTemplateDn automatically. Consequence: The parent entry could be an ancestor entry of an entry to be updated. If the entry is a target of betxn type of plug-ins, it causes a deadlock. Fix: The parent entry DN is now added only when codTemplateDn is not provided. Result: Even if cosAttribute and cosTemplateDn are listed in the order in the CoS definition entry and betxn type plug-ins are enabled, updating an entry does not cause a deadlock.
 Story Points: ---
Clone Of: 1049525 Environment:
Last Closed: 2014-10-14 07:55:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1049525    
Bug Blocks:    

Comment 2 Scott Poore 2014-08-15 17:19:42 UTC 
Verified.

Version ::

389-ds-base-1.2.11.15-39.el6.x86_64

Results ::

* Search for original entry:

[root@rhel6-1 ~]# ldapsearch -xLLL -D "cn=Directory Manager" -w Secret123 -b "cn=Password Policy,cn=accounts,dc=example,dc=com" "objectclass=ldapsubentry"
dn: cn=Password Policy,cn=accounts,dc=example,dc=com
description: Password Policy based on group membership
objectClass: top
objectClass: ldapsubentry
objectClass: cosSuperDefinition
objectClass: cosClassicDefinition
costemplatedn: cn=cosTemplates,cn=accounts,dc=example,dc=com
cosAttribute: krbPwdPolicyReference override
cosspecifier: memberOf
cn: Password Policy

* Delete costemplatedn from entry:

[root@rhel6-1 ~]# ldapmodify -D "cn=Directory Manager" -w Secret123 <<EOF
> dn: cn=Password Policy,cn=accounts,dc=example,dc=com
> changetype: modify
> delete: costemplatedn
> EOF
modifying entry "cn=Password Policy,cn=accounts,dc=example,dc=com"

* Search for entry and make sure costemplatedn is gone:

[root@rhel6-1 ~]# ldapsearch -xLLL -D "cn=Directory Manager" -w Secret123 -b "cn=Password Policy,cn=accounts,dc=example,dc=com" "objectclass=ldapsubentry"
dn: cn=Password Policy,cn=accounts,dc=example,dc=com
description: Password Policy based on group membership
objectClass: top
objectClass: ldapsubentry
objectClass: cosSuperDefinition
objectClass: cosClassicDefinition
cosAttribute: krbPwdPolicyReference override
cosspecifier: memberOf
cn: Password Policy

* Add costemplatedn to end:

[root@rhel6-1 ~]# ldapmodify -D 'cn=Directory Manager' -w Secret123 <<EOF
> dn: cn=Password Policy,cn=accounts,dc=example,dc=com
> changetype: modify
> add: costemplatedn
> costemplatedn: cn=cosTemplates,cn=accounts,dc=example,dc=com
> EOF
modifying entry "cn=Password Policy,cn=accounts,dc=example,dc=com"

* Search for entry:

[root@rhel6-1 ~]# ldapsearch -xLLL -D "cn=Directory Manager" -w Secret123 -b "cn=Password Policy,cn=accounts,dc=example,dc=com" "objectclass=ldapsubentry"
dn: cn=Password Policy,cn=accounts,dc=example,dc=com
description: Password Policy based on group membership
objectClass: top
objectClass: ldapsubentry
objectClass: cosSuperDefinition
objectClass: cosClassicDefinition
cosAttribute: krbPwdPolicyReference override
cosspecifier: memberOf
cn: Password Policy
costemplatedn: cn=cosTemplates,cn=accounts,dc=example,dc=com

* restart dirsrv and check for hang:

[root@rhel6-1 ~]# service dirsrv restart
Shutting down dirsrv: 
    EXAMPLE-COM...                                         [  OK  ]
    PKI-IPA...                                             [  OK  ]
Starting dirsrv: 
    EXAMPLE-COM...                                         [  OK  ]
    PKI-IPA...                                             [  OK  ]

* Check for slapd processes:

[root@rhel6-1 ~]# ps -ef|grep slapd
dirsrv   16468     1  2 12:09 ?        00:00:00 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-EXAMPLE-COM -i /var/run/dirsrv/slapd-EXAMPLE-COM.pid -w /var/run/dirsrv/slapd-EXAMPLE-COM.startpid
pkisrv   16536     1  1 12:09 ?        00:00:00 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-PKI-IPA -i /var/run/dirsrv/slapd-PKI-IPA.pid -w /var/run/dirsrv/slapd-PKI-IPA.startpid
root     16604  1276  0 12:09 pts/0    00:00:00 grep slapd

* restart IPA:

[root@rhel6-1 ~]# ipactl status
Directory Service: RUNNING
KDC Service: RUNNING
KPASSWD Service: RUNNING
DNS Service: RUNNING
MEMCACHE Service: RUNNING
HTTP Service: RUNNING
CA Service: RUNNING

* Delete costemplatedn from entry:

[root@rhel6-1 ~]# ldapmodify -D 'cn=Directory Manager' -w Secret123 <<EOF
> dn: cn=Password Policy,cn=accounts,dc=example,dc=com
> changetype: modify
> delete: costemplatedn
> EOF
modifying entry "cn=Password Policy,cn=accounts,dc=example,dc=com"

* Make sure costemplatedn is gone:

[root@rhel6-1 ~]# ldapsearch -xLLL -D "cn=Directory Manager" -w Secret123 -b "cn=Password Policy,cn=accounts,dc=example,dc=com" "objectclass=ldapsubentry"
dn: cn=Password Policy,cn=accounts,dc=example,dc=com
description: Password Policy based on group membership
objectClass: top
objectClass: ldapsubentry
objectClass: cosSuperDefinition
objectClass: cosClassicDefinition
cosAttribute: krbPwdPolicyReference override
cosspecifier: memberOf
cn: Password Policy

* Add costemplatedn to end of entry:

[root@rhel6-1 ~]# ldapmodify -D 'cn=Directory Manager' -w Secret123 <<EOF
> dn: cn=Password Policy,cn=accounts,dc=example,dc=com
> changetype: modify
> add: costemplatedn
> costemplatedn: cn=cosTemplates,cn=accounts,dc=example,dc=com
> EOF
modifying entry "cn=Password Policy,cn=accounts,dc=example,dc=com"

* Search for entry:

[root@rhel6-1 ~]# ldapsearch -xLLL -D "cn=Directory Manager" -w Secret123 -b "cn=Password Policy,cn=accounts,dc=example,dc=com" "objectclass=ldapsubentry"
dn: cn=Password Policy,cn=accounts,dc=example,dc=com
description: Password Policy based on group membership
objectClass: top
objectClass: ldapsubentry
objectClass: cosSuperDefinition
objectClass: cosClassicDefinition
cosAttribute: krbPwdPolicyReference override
cosspecifier: memberOf
cn: Password Policy
costemplatedn: cn=cosTemplates,cn=accounts,dc=example,dc=com

* Restart dirsrv and check for hang:

[root@rhel6-1 ~]# service dirsrv restart
Shutting down dirsrv: 
    EXAMPLE-COM...                                         [  OK  ]
    PKI-IPA...                                             [  OK  ]
Starting dirsrv: 
    EXAMPLE-COM...                                         [  OK  ]
    PKI-IPA...                                             [  OK  ]

* Delete entire entry:

[root@rhel6-1 ~]# ldapdelete -D 'cn=Directory Manager' -w Secret123 "cn=Password Policy,cn=accounts,dc=example,dc=com"

* Search for Entry and make sure it's gone:

[root@rhel6-1 ~]# ldapsearch -xLLL -D "cn=Directory Manager" -w Secret123 -b "cn=Password Policy,cn=accounts,dc=example,dc=com" "objectclass=ldapsubentry"
No such object (32)
Matched DN: cn=accounts,dc=example,dc=com

* Re-add Entry:

[root@rhel6-1 ~]# ldapadd -D 'cn=Directory Manager' -w Secret123 <<EOF
> dn: cn=Password Policy,cn=accounts,dc=example,dc=com
> description: Password Policy based on group membership
> objectClass: top
> objectClass: ldapsubentry
> objectClass: cosSuperDefinition
> objectClass: cosClassicDefinition
> cosAttribute: krbPwdPolicyReference override
> cosspecifier: memberOf
> cn: Password Policy
> costemplatedn: cn=cosTemplates,cn=accounts,dc=example,dc=com
> EOF
adding new entry "cn=Password Policy,cn=accounts,dc=example,dc=com"

* Search for CN:

[root@rhel6-1 ~]# ldapsearch -xLLL -D "cn=Directory Manager" -w Secret123 -b "cn=Password Policy,cn=accounts,dc=example,dc=com" "objectclass=ldapsubentry"
dn: cn=Password Policy,cn=accounts,dc=example,dc=com
description: Password Policy based on group membership
objectClass: top
objectClass: ldapsubentry
objectClass: cosSuperDefinition
objectClass: cosClassicDefinition
cosAttribute: krbPwdPolicyReference override
cosspecifier: memberOf
cn: Password Policy
costemplatedn: cn=cosTemplates,cn=accounts,dc=example,dc=com

* Restart dirsrv to check for hang:

[root@rhel6-1 ~]# service dirsrv restart
Shutting down dirsrv: 
    EXAMPLE-COM...                                         [  OK  ]
    PKI-IPA...                                             [  OK  ]
Starting dirsrv: 
    EXAMPLE-COM...                                         [  OK  ]
    PKI-IPA...                                             [  OK  ]
[root@rhel6-1 ~]#
Comment 3 errata-xmlrpc 2014-10-14 07:55:51 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1385.html