Bug 1441790

Summary: ldapserch for nsslapd-errorlog-level returns incorrect values
Product: Red Hat Enterprise Linux 7 Reporter: Viktor Ashirov <vashirov>
Component: 389-ds-baseAssignee: mreynolds
Status: CLOSED ERRATA QA Contact: Viktor Ashirov <vashirov>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 7.4CC: nkinder, rmeggins
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 389-ds-base-1.3.6.1-10.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-01 21:16:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Viktor Ashirov 2017-04-12 17:58:26 UTC
Description of problem:
nsslapd-errorlog-level shows weird numbers that doesn't look like error log levels that can be found in documentation.

Version-Release number of selected component (if applicable):
389-ds-base-1.3.6.1-6.el7.x86_64

How reproducible:
always

Steps to Reproduce:
$ ldapmodify -x -D "cn=Directory Manager" -w Secret123
dn: cn=config
changetype: modify
add: nsslapd-errorlog-level
nsslapd-errorlog-level: 8192

$ ldapsearch -o ldif-wrap=no -x -LLL -D 'cn=Directory Manager' -w Secret123 -b 'cn=config' '(nsslapd-errorlog-level=*)' nsslapd-errorlog-level

Actual results:
dn: cn=config
nsslapd-errorlog-level: 266346496


Expected results:
dn: cn=config
nsslapd-errorlog-level: 8192


Additional info:
In dse.ldif I see correct value:
# grep nsslapd-errorlog-level /etc/dirsrv/slapd-rhel7ds/dse.ldif
nsslapd-errorlog-level: 8192

Comment 2 Viktor Ashirov 2017-04-12 20:17:45 UTC
OK, looks like we need to update docs:
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html-single/Configuration_Command_and_File_Reference/index.html#error-logs-levels

Looking at the source code we have different levels:
ldap/servers/slapd/slap.h:

/* The default log levels:
 * (LDAP_DEBUG_ANY | LDAP_DEBUG_EMERG | LDAP_DEBUG_ALERT | LDAP_DEBUG_CRIT | LDAP_DEBUG_ERR | 
 *  LDAP_DEBUG_WARNING | LDAP_DEBUG_NOTICE | LDAP_DEBUG_INFO)
 */
#define SLAPD_DEFAULT_ERRORLOG_LEVEL            266354688
#define SLAPD_DEFAULT_ERRORLOG_LEVEL_STR        "266354688"

ldap/servers/slapd/proto-slap.h:
/*
 * log.c
 */
#define LDAP_DEBUG_TRACE      0x00000001  /*         1 */
#define LDAP_DEBUG_PACKETS    0x00000002  /*         2 */
#define LDAP_DEBUG_ARGS       0x00000004  /*         4 */
#define LDAP_DEBUG_CONNS      0x00000008  /*         8 */
#define LDAP_DEBUG_BER        0x00000010  /*        16 */
#define LDAP_DEBUG_FILTER     0x00000020  /*        32 */
#define LDAP_DEBUG_CONFIG     0x00000040  /*        64 */
#define LDAP_DEBUG_ACL        0x00000080  /*       128 */
#define LDAP_DEBUG_STATS      0x00000100  /*       256 */
#define LDAP_DEBUG_STATS2     0x00000200  /*       512 */
#define LDAP_DEBUG_SHELL      0x00000400  /*      1024 */
#define LDAP_DEBUG_PARSE      0x00000800  /*      2048 */
#define LDAP_DEBUG_HOUSE      0x00001000  /*      4096 */
#define LDAP_DEBUG_REPL       0x00002000  /*      8192 */
#define LDAP_DEBUG_ANY        0x00004000  /*     16384 */
#define LDAP_DEBUG_CACHE      0x00008000  /*     32768 */
#define LDAP_DEBUG_PLUGIN     0x00010000  /*     65536 */
#define LDAP_DEBUG_TIMING     0x00020000  /*    131072 */
#define LDAP_DEBUG_ACLSUMMARY 0x00040000  /*    262144 */
#define LDAP_DEBUG_BACKLDBM   0x00080000  /*    524288 */
#define LDAP_DEBUG_NUNCSTANS  0x00100000  /*   1048576 */
#define LDAP_DEBUG_EMERG      0x00200000  /*   2097152 */
#define LDAP_DEBUG_ALERT      0x00400000  /*   4194304 */
#define LDAP_DEBUG_CRIT       0x00800000  /*   8388608 */
#define LDAP_DEBUG_ERR        0x01000000  /*  16777216 */
#define LDAP_DEBUG_WARNING    0x02000000  /*  33554432 */
#define LDAP_DEBUG_NOTICE     0x04000000  /*  67108864 */
#define LDAP_DEBUG_INFO       0x08000000  /* 134217728 */
#define LDAP_DEBUG_DEBUG      0x10000000  /* 268435456 */
#define LDAP_DEBUG_ALL_LEVELS	0xFFFFFF


So my "weird" value is actually 8192 + default 266354688. 

Still, there is a discrepancy between what we set and what we get in cn=config and dse.ldif.

Comment 3 mreynolds 2017-04-20 17:02:46 UTC
Upstream ticket:
https://pagure.io/389-ds-base/issue/49227

Comment 5 Viktor Ashirov 2017-05-10 13:21:31 UTC
========================================================== test session starts ==========================================================
platform linux2 -- Python 2.7.5, pytest-3.0.7, py-1.4.33, pluggy-0.4.0 -- /usr/bin/python
cachedir: .cache
metadata: {'Python': '2.7.5', 'Platform': 'Linux-3.10.0-663.el7.x86_64-x86_64-with-redhat-7.4-Maipo', 'Packages': {'py': '1.4.33', 'pytest': '3.0.7', 'pluggy': '0.4.0'}, 'Plugins': {'beakerlib': '0.7.1', 'html': '1.14.2', 'cov': '2.5.0', 'metadata': '1.4.0'}}
DS build: 1.3.6.1
389-ds-base: 1.3.6.1-13.el7
nss: 3.28.4-6.el7
nspr: 4.13.1-1.0.el7_3
openldap: 2.4.44-4.el7
svrcore: 4.1.3-2.el7

rootdir: /export/tests, inifile:
plugins: metadata-1.4.0, html-1.14.2, cov-2.5.0, beakerlib-0.7.1
collected 1 items 

tickets/ticket49227_test.py::test_ticket49227 PASSED

------------------------------------- generated xml file: /mnt/tests/rhds/tests/upstream/report.xml -------------------------------------
------------------------------------ generated html file: /mnt/tests/rhds/tests/upstream/report.html ------------------------------------
======================================================= 1 passed in 10.74 seconds =======================================================

Comment 6 Viktor Ashirov 2017-05-29 13:16:48 UTC
I found another issue:

I set log level to 65536+16384+8192+128=90240, but ldapsearch returns 73856 (90240-16384). In dse.ldif there is a correct value.

So default loglevel is always subtracted no matter what.

Comment 7 Viktor Ashirov 2017-05-29 13:26:03 UTC
Another issue. After setting log level 64 or 1 in dse.ldif, I get this message in the errors logs: 
[29/May/2017:15:19:09.972284013 +0200] - NOTICE - slapd_bootstrap_config - nsslapd-errorlog-level: ignoring 64 (since -d 266354688 was given on the command line)

but parameter -d is not given on the command line:
# ps -ef | grep [n]s-slapd
dirsrv   14511     1  0 15:20 ?        00:00:02 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-master_1 -i /var/run/dirsrv/slapd-master_1.pid
dirsrv   14876     1  0 15:22 ?        00:00:00 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-master_2 -i /var/run/dirsrv/slapd-master_2.pid

Comment 8 Viktor Ashirov 2017-06-12 13:45:29 UTC
Marking as VERIFIED, remaining issues are tracked in https://bugzilla.redhat.com/show_bug.cgi?id=1460718

Comment 9 errata-xmlrpc 2017-08-01 21:16:38 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2086