Bug 1614836

Summary: Disable nunc-stans by default [rhel-7.5.z]
Product: Red Hat Enterprise Linux 7 Reporter: Jaroslav Reznik <jreznik>
Component: 389-ds-baseAssignee: mreynolds
Status: CLOSED ERRATA QA Contact: Viktor Ashirov <vashirov>
Severity: high Docs Contact: Marc Muehlfeld <mmuehlfe>
Priority: high    
Version: 7.4CC: mhonek, mreynolds, msauton, nkinder, rmeggins, spichugi, tbordaz, vashirov
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 389-ds-base-1.3.7.5-26.el7_5 Doc Type: Bug Fix
Doc Text:
Previously, the nucn-stans framework was enabled by default in Directory Server, but the framework is not stable. As a consequence, deadlocks and file descriptor leaks could occur. This update changes the default value of the nsslapd-enable-nunc-stans parameter to "off". As a result, Directory Server is now stable.
 Story Points: ---
Clone Of: 1614501 Environment:
Last Closed: 2018-09-25 19:06:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1614501    
Bug Blocks:    

Description Jaroslav Reznik 2018-08-10 14:13:29 UTC 
This bug has been copied from bug #1614501 and has been proposed to be backported to 7.5 z-stream (EUS).
Comment 5 Viktor Ashirov 2018-08-28 12:35:39 UTC 
Build tested: 389-ds-base-1.3.7.5-26.el7_5.x86_64

On a fresh instance:
[root@server ds]# ldapsearch -xLLL -D cn=Directory\ Manager -w password -b cn=config -s base nsslapd-enable-nunc-stans
dn: cn=config
nsslapd-enable-nunc-stans: off

[root@server ds]# pstack $(pidof ns-slapd) | grep 'nunc-stans\|ns_' -c
0

Nunc-stans is disabled by default, marking as VERIFIED.
Comment 7 errata-xmlrpc 2018-09-25 19:06:11 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:2757