Bug 1172597

Summary: Server crashes when memberOf plugin is partially configured
Product: Red Hat Enterprise Linux 7 Reporter: Sankar Ramalingam <sramling>
Component: 389-ds-baseAssignee: mreynolds
Status: CLOSED ERRATA QA Contact: Viktor Ashirov <vashirov>
Severity: high Docs Contact:
Priority: high    
Version: 7.1CC: amsharma, mreynolds, nhosoi, nkinder, rmeggins
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: 389-ds-base-1.3.3.1-10.el7 Doc Type: Known Issue
Doc Text:
Cause: Directory server crashes when member of plugin is incorrectly configured with nsslapd-pluginConfigArea. Consequence: Manually edit dse.ldif file to remove the plugin configuration for nsslapd-pluginConfigArea and star the server. Workaround (if any): Configure plugin with required attributes and create necessary supported entries before hand. Result:
 Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-05 09:40:04 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1044205, 1168850    

Description Sankar Ramalingam 2014-12-10 12:54:06 UTC 
Description of problem: When trying to configure member of plugin for alternate config area, the server crashed. 


Version-Release number of selected component (if applicable): 389-ds-base-1.3.3.1-9


How reproducible: Consistently.


Steps to Reproduce:
1. Install 389-ds-base-1.3.3.x on RHEL7.1
2. Enable member of plugin
[root@mgmt9 MMR_WINSYNC]# ldapmodify -x -p 20018 -h localhost -D "Cn=Directory manager" -w Secret123 << EOF
dn: cn=MemberOf Plugin,cn=plugins,cn=config
changetype: modify
replace: nsslapd-pluginEnabled
nsslapd-pluginEnabled: on
> EOF
modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config"

3. Add nsslapd-pluginconfigArea to memberof plugin 
[root@mgmt9 MMR_WINSYNC]# ldapmodify -x -p 20018 -h localhost -D "Cn=Directory manager" -w Secret123 << EOF
dn: cn=MemberOf Plugin,cn=plugins,cn=config
changetype: modify
add: nsslapd-pluginConfigArea
> nsslapd-pluginConfigArea: ou=groups,dc=newmemof,dc=com
> EOF
modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config"
ldap_modify: Server is unwilling to perform (53)

4. error messages observed as 

[10/Dec/2014:07:36:46 -0500] memberof-plugin - Error 53: The memberOfGroupAttr and memberOfAttr configuration attributes must be provided
[10/Dec/2014:07:36:46 -0500] memberof-plugin - configuration failed (Server is unwilling to perform)
[10/Dec/2014:07:36:46 -0500] - Failed to start betxnpostoperation plugin MemberOf Plugin
[10/Dec/2014:07:47:35 -0500] memberof-plugin - The memberOfGroupAttr and memberOfAttr configuration attributes must be provided[10/Dec/2014:07:47:35 -0500] memberof-plugin - The memberOfGroupAttr and memberOfAttr configuration attributes must be provided[10/Dec/2014:07:47:35 -0500] memberof-plugin - ����[10/Dec/2014:07:47:35 -0500] - cos_cache_change_notify:  failed to get objectclass from 


5. Run ldapsearch to server
ldapsearch -x -p 20018 -h localhost -D "Cn=Directory manager" -w Secret123 -b "" -s base
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)


Actual results: Server crashes for partial configuration.


Expected results: Server should throw error messages in the logs and it should not crash. 


Additional info:
https://bugzilla.redhat.com/show_bug.cgi?id=1044205#c9
https://bugzilla.redhat.com/show_bug.cgi?id=1044205#c11
Comment 1 Sankar Ramalingam 2014-12-10 12:55:41 UTC 
Associated upstream ticket - https://fedorahosted.org/389/ticket/47525
Comment 3 Sankar Ramalingam 2014-12-10 13:06:09 UTC 
As per https://bugzilla.redhat.com/show_bug.cgi?id=1044205#c12, requesting Mark to move this bug to POST.
Comment 4 mreynolds 2014-12-10 15:01:41 UTC 
Fixed upstream
Comment 6 Amita Sharma 2014-12-26 13:14:43 UTC 
Your new DS instance 'dhcp201-126' was successfully created.
Exiting . . .
Log file is '/tmp/setupGQHAqJ.log'

[root@dhcp201-126 /]# ldapmodify -D "cn=directory manager" -w Secret123 -p 389 -h localhost << EOF
> dn: cn=MemberOf Plugin,cn=plugins,cn=config
> changetype: modify
> replace: nsslapd-pluginEnabled
> nsslapd-pluginEnabled: on
> EOF
modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config"

[root@dhcp201-126 /]# ldapmodify -D "cn=directory manager" -w Secret123 -p 389 -h localhost << EOF
> dn: cn=MemberOf Plugin,cn=plugins,cn=config
> changetype: modify
> add: nsslapd-pluginConfigArea
> nsslapd-pluginConfigArea: ou=groups,dc=newmemof,dc=com
> EOF
modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config"

[root@dhcp201-126 /]# tail -f /var/log/dirsrv/slapd-dhcp201-126/errors
[26/Dec/2014:18:44:14 +051800] - import userRoot: Creating ancestorid index (new idl)...
[26/Dec/2014:18:44:14 +051800] - import userRoot: Created ancestorid index (new idl).
[26/Dec/2014:18:44:15 +051800] - import userRoot: Flushing caches...
[26/Dec/2014:18:44:15 +051800] - import userRoot: Closing files...
[26/Dec/2014:18:44:15 +051800] - All database threads now stopped
[26/Dec/2014:18:44:15 +051800] - import userRoot: Import complete.  Processed 9 entries in 2 seconds. (4.50 entries/sec)
[26/Dec/2014:18:44:15 +051800] - 389-Directory/1.3.3.1 B2014.351.2355 starting up
[26/Dec/2014:18:44:15 +051800] - Db home directory is not set. Possibly nsslapd-directory (optionally nsslapd-db-home-directory) is missing in the config file.
[26/Dec/2014:18:44:15 +051800] - I'm resizing my cache now...cache was 1560379392 and is now 6400000
[26/Dec/2014:18:44:16 +051800] - slapd started.  Listening on All Interfaces port 389 for LDAP requests


^R
^C
[root@dhcp201-126 /]# ldapsearch -b "" -s base -xLLL passwordRetryCount=* passwordRetryCount
[root@dhcp201-126 /]# ldapsearch -LLL -D "cn=directory manager" -w Secret123 -p 389 -h localhost -b  "cn=config"
dn: cn=config
cn: config
objectClass: top
objectClass: extensibleObject
objectClass: nsslapdConfig
nsslapd-backendconfig: cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=co
 nfig

Hence VERIFIED.
Comment 8 errata-xmlrpc 2015-03-05 09:40:04 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0416.html