Bug 2063140

Summary: configuring per-suffix referral mode with dsconf does not work
Product: Red Hat Directory Server Reporter: sgouvern
Component: 389-ds-baseAssignee: LDAP Maintainers <ldap-maint>
Status: CLOSED DUPLICATE QA Contact: RHDS QE <ds-qe-bugs>
Severity: high Docs Contact: Evgenia Martynyuk <emartyny>
Priority: high    
Version: 12.2CC: ds-qe-bugs, ldap-maint, mreynolds, pasik
Target Milestone: ---Keywords: Triaged
Target Release: dirsrv-12.2   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Known Issue
Doc Text:
.Configuring a referral for a suffix fails in Directory Server If you set a back-end referral in Directory Server, setting the state of the backend using the `dsconf <instance_name> backend suffix set --state referral` command fails with the following error: ---- Error: 103 - 9 - 53 - Server is unwilling to perform - [] - need to set nsslapd-referral before moving to referral state ---- As a consequence, configuring a referral for suffixes fail. To work around the problem: . Set the `nsslapd-referral` parameter manually: + ---- # ldapmodify -D "cn=Directory Manager" -W -H ldap://server.example.com dn: cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config changetype: modify add: nsslapd-referral nsslapd-referral: ldap://remote_server:389/dc=example,dc=com ---- . Set the back-end state: + ---- # dsconf <instance_name> backend suffix set --state referral ---- As a result, with the workaround, you can configure a referral for a suffix.
 Story Points: ---
Clone Of: 2063033 Environment:
Last Closed: 2023-02-08 16:31:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2063033    
Bug Blocks:    

Description sgouvern 2022-03-11 11:05:14 UTC 
+++ This bug was initially created as a clone of Bug #2063033 +++

Description of problem:

After setting a backend referral using "dsconf inst1 backend suffix set --add-referral", 

setting the backend state to referral with "dsconf inst1 backend suffix set --state referral" returns an error  :
Error: 103 - 9 - 53 - Server is unwilling to perform - [] - need to set nsslapd-referral before moving to referral state 

Version-Release number of selected component (if applicable):
RHDS 12.0

How reproducible:
always

Steps to Reproduce:
Run these steps :
1. # dsconf inst1 backend suffix set --add-referral ldap://localhost:2389/dc=example,dc=com 'dc=example,dc=com'
The backend configuration was successfully updated
2. # dsconf inst1 backend suffix set --state referral userroot


Actual results:

Error: 103 - 9 - 53 - Server is unwilling to perform - [] - need to set nsslapd-referral before moving to referral state.

The suffix can't be configured with referral. 

Expected results:

Backend suffix state can be set to referral without error.

Additional info:

A workaround is to set nsslapd-referral in the mapping tree entry before running "dsconf inst1 backend suffix set --state referral" using ldapmodify :

# ldapmodify -D "cn=directory manager" -w secret12 -h localhost -p 1389 
dn: cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
changetype: modify
add: nsslapd-referral
nsslapd-referral: ldap://localhost:2389/dc=example,dc=com

modifying entry "cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config"

# dsconf inst1 backend suffix set --state referral 'dc=example,dc=com'
The backend configuration was successfully updated
Comment 1 sgouvern 2022-03-11 11:23:37 UTC 
The target version of this Bz is actually RHDS 11.6, but this target version does not exist yet as of today.
In RHDS 11.5 this Bz should be documented as a known issue, with a workaround.
Comment 4 mreynolds 2023-02-08 16:31:08 UTC 

*** This bug has been marked as a duplicate of bug 2063033 ***