Bug 230673
Summary: | LDAPI: referral mode needs LDAPI socket | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Retired] 389 | Reporter: | Noriko Hosoi <nhosoi> | ||||||||||
Component: | Admin | Assignee: | Noriko Hosoi <nhosoi> | ||||||||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Chandrasekar Kannan <ckannan> | ||||||||||
Severity: | medium | Docs Contact: | |||||||||||
Priority: | medium | ||||||||||||
Version: | 1.0.4 | CC: | benl, jgalipea | ||||||||||
Target Milestone: | --- | ||||||||||||
Target Release: | --- | ||||||||||||
Hardware: | All | ||||||||||||
OS: | Linux | ||||||||||||
Whiteboard: | |||||||||||||
Fixed In Version: | 8.1 | Doc Type: | Bug Fix | ||||||||||
Doc Text: | Story Points: | --- | |||||||||||
Clone Of: | Environment: | ||||||||||||
Last Closed: | 2009-04-29 22:59:49 UTC | Type: | --- | ||||||||||
Regression: | --- | Mount Type: | --- | ||||||||||
Documentation: | --- | CRM: | |||||||||||
Verified Versions: | Category: | --- | |||||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||||
Embargoed: | |||||||||||||
Bug Depends On: | |||||||||||||
Bug Blocks: | 249650, 493682 | ||||||||||||
Attachments: |
|
Comment 1
Noriko Hosoi
2007-03-02 21:28:31 UTC
(In reply to comment #0) > Description of problem: > [error #2] > [...] > Also, to work around this problem, is it okay to add this code to create the > directory to put the ldapi unix socket if it does not exist? Richard Megginson wrote: I don't think we should create the directory if it does not exist. That doesn't seem right to me. I think we should just warn. Pete Rowley wrote: > You know, given our server installs with newinst.pl in regular cases and all this has > default config set up for directories we already write to, perhaps the right thing to do > is to have default off for ldapi. That would have minimum impact on tests that don't > care about it (and are set up other ways) and wouldn't effect server installs through > regular means. Richard Megginson wrote: Then ds_newinst could set it to "on" if the user specified an ldapifilepath. I think that would appease Andrew as well. Based upon the suggestions from Pete and Rich, if setting "ldapifilepath= /path/to/ldapifile/slapd-ID.socket" in the install inf file is used as a trigger to set ldapi to "on". Otherwise, set to "off". The function ds_gen_confs in create_instance.c switches between on and off depending upon the existence of ldapifilepath value. Also, the ldapi default setting in libglobs.c is changed to "off". Created attachment 149157 [details]
cvs diffs (admin/src/create_instance.c, servers/slapd/libglobs.c)
Changes:
create_instance.c: if ldapifilepath is not passed, LDAPI is disabled in the
newly created instance.
libglobs.c: LDAPI is disabled in the initial configuration parameter setting.
Created attachment 149160 [details]
cvs commit message
Reviewed by Rich (Thank you!)
Checked in into HEAD.
Leave this bug opened for the Comment #1. Since we don't use the code, this problem does not exist any more? Just leave it for now... Created attachment 305187 [details]
cvs diff config.c
File: ldap/servers/slapd/config.c
Problem Description: If you start the server with the referral mode, e.g., like
this:
ns-slapd refer -D /etc/dirsrv/slapd-test -r ldap://laputa.example.com
UNIX socket for LDAPI was not opened since LDAPI configuration parameters are
not read from dse.ldif at that moment.
Fix Description: adding the code to process nsslapd-ldapifilepath and
nsslapd-ldapilisten in slapd_bootstrap_config.
Test case (using openLDAP client) # ldapsearch -Y EXTERNAL -H ldapi://%2fvar%2frun%2fslapd-test.socket -b "dc=example,dc=com" -v "(uid=*)" ldap_initialize( ldapi://%2fvar%2frun%2fslapd-test.socket ) SASL/EXTERNAL authentication started ldap_sasl_interactive_bind_s: Referral (10) I don't really like adding more code to the hack that is the bootstrap code in config.c, but this looks ok. Created attachment 305393 [details]
cvs commit message
Reviewed by Rich (Thank you!!)
Checked in into CVS HEAD.
Can you please add steps to setup and verify this bug with RH DS? Thanks Jenny (In reply to comment #11) > Can you please add steps to setup and verify this bug with RH DS? 1. enable ldapi nsslapd-ldaplisten: on 2. assume you have a referral server: ldap://<host>.<domain> 3. start the server with the referrel mode (note: this is another server which refer the referral server) cd /usr/lib[64]/dirsrv/slapd-ID ./ns-slapd refer -D /etc/dirsrv/slapd-ID -r ldap://<host>.<domain> If this server starts successfully, the bug is verified. Is this only a fedora bug? /etc/dirsrv/slapd-ID/ns-slapd does not exist and the flags are not valid for start-slapd (In reply to comment #13) > Is this only a fedora bug? > > /etc/dirsrv/slapd-ID/ns-slapd does not exist and the flags are not valid for > start-slapd Oops, sorry! :p /usr/sbin/ns-slapd refer -D /etc/dirsrv/slapd-ID -r ldap://<host>.<domain> that works! thank you fix verified DS 8.1 RHEL 5 [root@jennyv2 slapd-jennyv2]# /usr/sbin/ns-slapd refer -D /etc/dirsrv/slapd-jennyv2/ -r ldap://jennyv4.bos.redhat.com [root@jennyv2 slapd-jennyv2]# tail -f /var/log/dirsrv/slapd-jennyv2/errors [11/Mar/2009:15:14:31 -0400] - Listening on All Interfaces port 636 for LDAPS requests [11/Mar/2009:15:14:31 -0400] - Listening on /var/run/slapd-jennyv2.socket for LDAPI requests [11/Mar/2009:15:25:23 -0400] - slapd shutting down - signaling operation threads [11/Mar/2009:15:25:23 -0400] - slapd shutting down - closing down internal subsystems and plugins [11/Mar/2009:15:25:26 -0400] - Waiting for 4 database threads to stop [11/Mar/2009:15:25:26 -0400] - All database threads now stopped [11/Mar/2009:15:25:26 -0400] - slapd stopped. [11/Mar/2009:15:26:18 -0400] - Red Hat-Directory/8.1.0 B2009.050.914 starting up [11/Mar/2009:15:26:18 -0400] - slapd started. Listening on All Interfaces port 389 for LDAP requests [11/Mar/2009:15:26:18 -0400] - Listening on /var/run/slapd-jennyv2.socket for LDAPI requests An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2009-0455.html |