Bug 1872930

Summary: dscreate: Not possible to bind to a unix domain socket
Product: Red Hat Enterprise Linux 8 Reporter: Graham Leggett <minfrin>
Component: 389-ds-baseAssignee: mreynolds
Status: CLOSED ERRATA QA Contact: RHDS QE <ds-qe-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.4CC: pasik, sgouvern, spichugi, tbordaz, vashirov
Target Milestone: rcFlags: pm-rhel: mirror+
Target Release: 8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: sync-to-jira
Fixed In Version: 389-ds-devel-1.4-8040020201105165416.866effaa Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-05-18 15:45:26 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Graham Leggett 2020-08-27 00:02:41 UTC 
Description of problem:

While 389ds can bind to a unix domain socket (ldapi:), the dscreate tool cannot configure 389ds to bind to a unix domain socket.

Version-Release number of selected component (if applicable):

389-ds-base-1.4.2.4-8.module_el8.2.0+366+71e3276f.x86_64

How reproducible:

Always

Steps to Reproduce:
1. Try to get dscreate to configure an LDAP server bound to a unix domain socket.
2.
3.

Actual results:

Not possible.

Expected results:

Possible and easy to achieve.

Additional info:

It looks like dscreate is only able to create one specific type of LDAP server - a server that binds to all interfaces using TLS and a self signed certificate. All other options, including give me a bare bones server that I can suitably configure are not possible or don't work.
Comment 1 mreynolds 2020-08-27 13:17:26 UTC 
You can use LDAPI, LDAPS, LDAP protocols with any client tool to contact the server.  There is no requirement, unless you configure it, to only allow TLS.  

Are you trying to "only" allow LDAPI connections?   There is no way to do that as of today, but we could change this bug into a RFE.

Anyway, please clarify what the exact problem is and how to reproduce it.
Comment 2 Graham Leggett 2020-08-27 15:23:05 UTC 
While 389ds might do LDAPI, LDAPS and LDAP, dscreate is only aple to create LDAPS. It is not possible to tell dscreate to bind a server to LDAPI, thus this ticket.

The exact problem is that dscreate does not allow you to configure LDAPI. To reproduce the problem, try to use dscreate to configure an LDAPI server.
Comment 3 mreynolds 2020-08-31 12:34:09 UTC 
(In reply to Graham Leggett from comment #2)
> While 389ds might do LDAPI, LDAPS and LDAP, dscreate is only aple to create
> LDAPS. It is not possible to tell dscreate to bind a server to LDAPI, thus
> this ticket.
> 
> The exact problem is that dscreate does not allow you to configure LDAPI. To
> reproduce the problem, try to use dscreate to configure an LDAPI server.

Okay I have a working patch where the installer will use LDAPI to bootstrap the server config.  I'll be sending that patch out for review later today.
Comment 4 mreynolds 2020-08-31 12:35:56 UTC 
*** Bug 1872910 has been marked as a duplicate of this bug. ***
Comment 5 mreynolds 2020-08-31 12:37:19 UTC 
*** Bug 1872915 has been marked as a duplicate of this bug. ***
Comment 6 mreynolds 2020-08-31 12:38:41 UTC 
Upstream ticket:
https://pagure.io/389-ds-base/issue/51253
Comment 7 mreynolds 2020-09-01 15:03:00 UTC 
Fixed upstream
Comment 9 sgouvern 2020-11-13 10:55:17 UTC 
Per gating tests results for 389-ds-1.4-8040020201112160023.866effaa /389-ds-base-1.4.3.16-1.module+el8.4.0+8740+d5ec8778 : dirsrvtests/tests/suites/basic/basic_test.py are PASSED
-> marking as Verified:tested
Comment 13 sgouvern 2020-11-16 15:31:04 UTC 
verified:tested (see comment 9) with build https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=1383684 
-> marking as VERIFIED
Comment 15 errata-xmlrpc 2021-05-18 15:45:26 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (389-ds:1.4 bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:1835