Bug 1379578

Summary: changing non-ssl communication port not allow to login the the admin console
Product: Red Hat Directory Server Reporter: Kamlesh <kchaudha>
Component: Directory ConsoleAssignee: Noriko Hosoi <nhosoi>
Status: CLOSED NOTABUG QA Contact: Viktor Ashirov <vashirov>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 10.0CC: kbanerje, kchaudha, nhosoi
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-09-30 11:41:08 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
Screen-shot
none
error log none

Description Kamlesh 2016-09-27 07:37:16 UTC 
Description of problem:
After change the non-ssl communication port on the other port is not allowed to log in to console.

Version-Release number of selected component (if applicable):
389-ds-console-1.2.13-1.el7dsrv.noarch
redhat-idm-console-10.1.0-1.el7dsrv.x86_64
389-admin-console-1.1.12-1.el7dsrv.noarch
389-ds-base-1.3.5.10-11.el7.x86_64

How reproducible:


Steps to Reproduce:
1. Change the non-ssl communication default port (389) to 2200 
2. Change the LDAP port in admin server configuration DS to 2200 
3. # semanage port -a -t ldap_port_t -p tcp 2200
4. restart the admin server 
5. restart the Directory Server 

error log update 
<snip>
[27/Sep/2016:12:33:52.610130248 +051800] The change of nsslapd-port will not take effect until the server is restarted
[27/Sep/2016:12:36:48.012558531 +051800] slapd shutting down - signaling operation threads - op stack size 3 max work q size 2 max work q stack size 2
[27/Sep/2016:12:36:48.050393323 +051800] slapd shutting down - closing down internal subsystems and plugins
[27/Sep/2016:12:36:48.134764330 +051800] Waiting for 4 database threads to stop
[27/Sep/2016:12:36:48.983980928 +051800] All database threads now stopped
[27/Sep/2016:12:36:49.028817015 +051800] slapd shutting down - freed 2 work q stack objects - freed 3 op stack objects
[27/Sep/2016:12:36:49.056164450 +051800] slapd stopped.
[27/Sep/2016:12:36:49.710354680 +051800] 389-Directory/1.3.5.10 B2016.257.1817 starting up
[27/Sep/2016:12:36:49.947030726 +051800] slapd started.  Listening on All Interfaces port 2200 for LDAP requests



6. restart the console it give an error "Initialization Failure"

7. [root@test ~]# ldapsearch -D "cn=Directory Manager" -h test.example.com -p 2200 -w test1234 -s base -b "cn=config" nsslapd-port -LLL
dn: cn=config
nsslapd-port: 2200



Expected results:
Able to login.

Additional info:
Comment 1 Kamlesh 2016-09-27 14:17:38 UTC 
Created attachment 1205224 [details]
Screen-shot
Comment 2 Kamlesh 2016-09-27 14:19:00 UTC 
Created attachment 1205225 [details]
error log
Comment 3 Kamlesh 2016-09-27 14:20:18 UTC 
while reproducing this bug got some new finding.

I am able able to login to the to the Console. But not able to log in the Directory Server. In Console status of Directory Server shows "stop" but  #status-dirsrv show the server is running. 

[root@test ~]# ldapsearch -D "cn=Directory Manager" -h test.example.com  -w test1234 -s base -b "cn=config" nsslapd-port -LLL
dn: cn=config
nsslapd-port: 5500

[root@test ~]# status-dirsrv 
● dirsrv.target - 389 Directory Server
   Loaded: loaded (/usr/lib/systemd/system/dirsrv.target; enabled; vendor preset: disabled)
   Active: active since Tue 2016-09-27 10:10:16 IST; 9h ago

Sep 27 10:10:16 test systemd[1]: Reached target 389 Directory Server.
Sep 27 10:10:16 test systemd[1]: Starting 389 Directory Server.
Status of instance "test"
● dirsrv - 389 Directory Server test.
   Loaded: loaded (/usr/lib/systemd/system/dirsrv@.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2016-09-27 19:18:42 IST; 6min ago
  Process: 26882 ExecStartPre=/usr/sbin/ds_systemd_ask_password_acl /etc/dirsrv/slapd-%i/dse.ldif (code=exited, status=0/SUCCESS)
 Main PID: 26888 (ns-slapd)
   Status: "slapd started: Ready to process requests"
   CGroup: /system.slice/system-dirsrv.slice/dirsrv
           └─26888 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-test -i /var/run/dirsrv/slapd-test.pid

<snip>

In error log nothing is update related with this issue 
please find error log and screenshot in attachment in comment 1 and comment 2
Comment 4 Noriko Hosoi 2016-09-27 18:42:43 UTC 
(In reply to Kamlesh from comment #3)
> while reproducing this bug got some new finding.
> 
> I am able able to login to the to the Console. 

What does this mean?  Your original bug report in #c0 is no longer valid?

Could you provide the following results?

# ldapsearch -LLLx -h localhost -p 2200 (or 5500?) -D 'cn=directory manager' -w Secret123 -b "o=netscaperoot" | egrep "389|2200|5500"

# egrep "389|2200|5500" /etc/dirsrv/admin-serv/* | egrep -v "Administration|-admin"

I think this is not a regression in RHDS10.1.
Comment 5 Kamlesh 2016-09-29 10:28:45 UTC 
(In reply to Noriko Hosoi from comment #4)
> (In reply to Kamlesh from comment #3)

> What does this mean?  Your original bug report in #c0 is no longer valid?
> > I ran this setup on clean environment. This time it gave same error as in comment 0 i.e. "initialization failure " so this issue is still valid.

Before changing the port 
[root@vm-idm-015 ~]# netstat -ntlp | grep ns-slapd
tcp6   0    0 :::389    :::*           LISTEN      3577/ns-slapd       

change the port from the console as mention in  https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Configuring_LDAP_Parameters-Changing_DS_Port_Numbers.html 

[root@vm-idm-015 ~]# semanage port -a -t ldap_port_t -p tcp 5500

[root@vm-idm-015 ~]# restart-dirsrv 
Restarting instance "test"

[root@vm-idm-015 ~]# restart-ds-admin 

[root@vm-idm-015 ~]# ldapsearch -LLLx -h localhost -p 5500 -D 'cn=directory manager' -w test1234 -b "o=netscaperoot" | egrep "389|5500"
nsDirectoryURL: ldap://vm-idm-015.lab.eng.pnq.redhat.com:389/dc=lab,dc=eng,dc=
nsServerPort: 5500

[root@vm-idm-015 ~]# egrep "389|5500" /etc/dirsrv/admin-serv/* | egrep -v "Administration|-admin"
grep: /etc/dirsrv/admin-serv/bakup: Is a directory
/etc/dirsrv/admin-serv/adm.conf:ldapurl: ldap://vm-idm-015.lab.eng.pnq.redhat.com:389/o=NetscapeRoot
/etc/dirsrv/admin-serv/admserv.conf:ADMServerVersionString "389-Administrator/1.1.44"

[root@vm-idm-015 ~]# netstat -ntlp | grep ns-slapd
tcp6       0      0 :::5500                 :::*                    LISTEN      4198/ns-slapd       
[root@vm-idm-015 ~]# 

# /usr/bin/redhat-idm-console  -D 9
<snip>
http://vm-idm-015.lab.eng.pnq.redhat.com:9830/[1:0] recv> 327 bytes read
Console.replyHandler: adminVersion = 1.1.44
Console:authenticate_user():Cannot connect to the Directory Server "ldap://vm-idm-015.lab.eng.pnq.redhat.com:389",
LDAP error: failed to connect to server ldap://vm-idm-015.lab.eng.pnq.redhat.com:389.
http://vm-idm-015.lab.eng.pnq.redhat.com:9830/[1:0] close> Closed
Comment 6 Kamlesh 2016-09-30 11:41:08 UTC 
Try on new Machine  
Work Properly