Bug 1997138

Summary: LDAP server crashes when dnaInterval attribute is set to 0
Product: Red Hat Enterprise Linux 8 Reporter: Akshay Adhikari <aadhikar>
Component: 389-ds-baseAssignee: mreynolds
Status: CLOSED ERRATA QA Contact: RHDS QE <ds-qe-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.5CC: ldap-maint, mreynolds, sgouvern
Target Milestone: rcKeywords: Triaged
Target Release: 8.5   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 389-ds-1.4-8050020210826134823.1a75f91c Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-11-09 18:12:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1998464    

Description Akshay Adhikari 2021-08-24 13:46:07 UTC 
Description of problem:

LDAP server crashes when dnaInterval attribute is set to 0

Version-Release number of selected component (if applicable):

389-ds-base-1.4.3.23-8.module+el8.5.0+12299+bd87b308.x86_64.rpm

How reproducible:

Every time

Steps to Reproduce:
1.Add DNA plugin config entry

dsconf -D "cn=Directory Manager" -w password ldap://localhost plugin dna config "dna config" add --type uidNumber --filter "(objectclass=top)" --scope ou=People,dc=example,dc=com --next-value 10 --interval 10 --max-value 1000 --magic-regen -1

2. Enable DNA plugin and restart the server

dsconf -D "cn=Directory Manager" -w password ldap://localhost plugin dna enable

dsctl <server> restart

3. Set the dnaInterval to 0

ldapmodify -x -p 389 -h `hostname` -D "cn=Directory Manager" -w password << EOF
dn: cn=dna config,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
changetype: modify
replace: dnaInterval
dnaInterval: 0
EOF

modifying entry "cn=dna config,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config"
ldap_result: Can't contact LDAP server (-1)

Actual results:

ldap_result: Can't contact LDAP server (-1)

Expected results:

The server should not crash.

Additional info:
Comment 1 mreynolds 2021-08-25 20:59:53 UTC 
Upstream ticket:

https://github.com/389ds/389-ds-base/issues/4884
Comment 2 Akshay Adhikari 2021-08-27 09:15:31 UTC 
Build Tested: 389-ds-base-1.4.3.23-10.module+el8.5.0+12398+47000435.x86_64

[root@localhost cloud-user]# dsconf -D "cn=Directory Manager" -w password ldap://localhost plugin dna config "dna config" add --type uidNumber --filter "(objectclass=top)" --scope ou=People,dc=example,dc=com --next-value 10 --interval 10 --max-value 1000 --magic-regen -1

Successfully created the cn=dna config,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
[root@localhost cloud-user]# dsconf -D "cn=Directory Manager" -w password ldap://localhost plugin dna enable
Enabled plugin 'Distributed Numeric Assignment Plugin'

[root@localhost cloud-user]# dsctl <server> restart 
Instance "localhost" has been restarted

[root@localhost cloud-user]# ldapmodify -x -p 389 -h `hostname` -D "cn=Directory Manager" -w password << EOF
dn: cn=dna config,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
changetype: modify
replace: dnaInterval
dnaInterval: 0
EOF
modifying entry "cn=dna config,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config"

Marking as verified: tested.
Comment 5 sgouvern 2021-08-27 13:38:34 UTC 
As per comment 2, moving to VERIFIED
Comment 7 errata-xmlrpc 2021-11-09 18:12:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (389-ds-base bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:4203