Bug 768084
| Summary: | [RFE] Allow automember to work on entries that have already been added | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Nathan Kinder <nkinder> |
| Component: | 389-ds-base | Assignee: | Rich Megginson <rmeggins> |
| Status: | CLOSED ERRATA | QA Contact: | Sankar Ramalingam <sramling> |
| Severity: | medium | Docs Contact: | |
| Priority: | high | ||
| Version: | 6.3 | CC: | jgalipea, mreynolds, nhosoi |
| Target Milestone: | rc | Keywords: | FutureFeature |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | 389-ds-base-1.2.11.15-7.el6 | Doc Type: | Enhancement |
| Doc Text: |
Added three new tasks:
[1] Rebuild the automembership
[2] Export the changes task [1] would perform to an ldif file
[3] Map changes. Reads in an ldif of entries, and writes out an ldif of the changes that would occur if these entries were added.
|
Story Points: | --- |
| Clone Of: | 747403 | Environment: | |
| Last Closed: | 2013-02-21 08:16:54 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 747403 | ||
| Bug Blocks: | 495079, 690319 | ||
|
Comment 1
Rich Megginson
2012-01-06 23:48:38 UTC
This request was not resolved in time for the current release. Red Hat invites you to ask your support representative to propose this request, if still desired, for consideration in the next release of Red Hat Enterprise Linux. This request was erroneously removed from consideration in Red Hat Enterprise Linux 6.4, which is currently under development. This request will be evaluated for inclusion in Red Hat Enterprise Linux 6.4. I encountered a failure for test autoMemTask03. It throws Could not open ldif file error while running automembers mapping tasks. [root@dell-pe2800-01 ~]# tail -f /var/log/dirsrv/slapd-dell-pe2800-01/errors [20/Nov/2012:00:07:41 -0500] auto-membership-plugin - Could not open ldif file "/tmp/Output_03.ldif" for reading 0 [20/Nov/2012:01:17:03 -0500] auto-membership-plugin - Could not open ldif file "/tmp/Output_03.ldif" for reading 0 [20/Nov/2012:01:21:42 -0500] auto-membership-plugin - Could not open ldif file "/tmp/Output_03.ldif" for reading 0 [20/Nov/2012:01:25:21 -0500] - slapd shutting down - signaling operation threads [20/Nov/2012:01:25:21 -0500] - slapd shutting down - closing down internal subsystems and plugins [20/Nov/2012:01:25:21 -0500] - Waiting for 4 database threads to stop [20/Nov/2012:01:25:21 -0500] - All database threads now stopped [20/Nov/2012:01:25:21 -0500] - slapd stopped. [20/Nov/2012:01:25:23 -0500] - 389-Directory/1.2.11.15 B2012.321.2026 starting up [20/Nov/2012:01:25:23 -0500] - slapd started. Listening on All Interfaces port 22518 for LDAP requests [20/Nov/2012:01:26:32 -0500] auto-membership-plugin - Could not open ldif file "/tmp/Output_03.ldif" for reading 0 Hence reassigning this bug. (In reply to comment #6) > I encountered a failure for test autoMemTask03. It throws Could not open > ldif file error while running automembers mapping tasks. > > [root@dell-pe2800-01 ~]# tail -f /var/log/dirsrv/slapd-dell-pe2800-01/errors > [20/Nov/2012:00:07:41 -0500] auto-membership-plugin - Could not open ldif > file "/tmp/Output_03.ldif" for reading 0 [20/Nov/2012:01:17:03 -0500] > auto-membership-plugin - Could not open ldif file "/tmp/Output_03.ldif" for > reading 0 [20/Nov/2012:01:21:42 -0500] auto-membership-plugin - Could not > open ldif file "/tmp/Output_03.ldif" for reading 0 [20/Nov/2012:01:25:21 > -0500] - slapd shutting down - signaling operation threads > [20/Nov/2012:01:25:21 -0500] - slapd shutting down - closing down internal > subsystems and plugins [20/Nov/2012:01:25:21 -0500] - Waiting for 4 database > threads to stop [20/Nov/2012:01:25:21 -0500] - All database threads now > stopped [20/Nov/2012:01:25:21 -0500] - slapd stopped. [20/Nov/2012:01:25:23 > -0500] - 389-Directory/1.2.11.15 B2012.321.2026 starting up > [20/Nov/2012:01:25:23 -0500] - slapd started. Listening on All Interfaces > port 22518 for LDAP requests [20/Nov/2012:01:26:32 -0500] > auto-membership-plugin - Could not open ldif file "/tmp/Output_03.ldif" for > reading 0 > > > Hence reassigning this bug. Is this SELinux related? Do you see any AVC messages in /var/log/audit/audit? I'd like to see the output of 'ls -lZ /tmp/Output_03.ldif'. (In reply to comment #7) > (In reply to comment #6) > > I encountered a failure for test autoMemTask03. It throws Could not open > > ldif file error while running automembers mapping tasks. > > > > [root@dell-pe2800-01 ~]# tail -f /var/log/dirsrv/slapd-dell-pe2800-01/errors > > [20/Nov/2012:00:07:41 -0500] auto-membership-plugin - Could not open ldif > > file "/tmp/Output_03.ldif" for reading 0 [20/Nov/2012:01:17:03 -0500] > > auto-membership-plugin - Could not open ldif file "/tmp/Output_03.ldif" for > > reading 0 [20/Nov/2012:01:21:42 -0500] auto-membership-plugin - Could not > > open ldif file "/tmp/Output_03.ldif" for reading 0 [20/Nov/2012:01:25:21 > > -0500] - slapd shutting down - signaling operation threads > > [20/Nov/2012:01:25:21 -0500] - slapd shutting down - closing down internal > > subsystems and plugins [20/Nov/2012:01:25:21 -0500] - Waiting for 4 database > > threads to stop [20/Nov/2012:01:25:21 -0500] - All database threads now > > stopped [20/Nov/2012:01:25:21 -0500] - slapd stopped. [20/Nov/2012:01:25:23 > > -0500] - 389-Directory/1.2.11.15 B2012.321.2026 starting up > > [20/Nov/2012:01:25:23 -0500] - slapd started. Listening on All Interfaces > > port 22518 for LDAP requests [20/Nov/2012:01:26:32 -0500] > > auto-membership-plugin - Could not open ldif file "/tmp/Output_03.ldif" for > > reading 0 > > > > > > Hence reassigning this bug. > > Is this SELinux related? Do you see any AVC messages in > /var/log/audit/audit? > > I'd like to see the output of 'ls -lZ /tmp/Output_03.ldif'. ls -lZ /tmp/Output_03.ldif -rwxrwxrwx. sramling sramling unconfined_u:object_r:dirsrv_tmp_t:s0 /tmp/Output_03.ldif (In reply to comment #8) > (In reply to comment #7) > > (In reply to comment #6) > > > I encountered a failure for test autoMemTask03. It throws Could not open > > > ldif file error while running automembers mapping tasks. > > > > > > [root@dell-pe2800-01 ~]# tail -f /var/log/dirsrv/slapd-dell-pe2800-01/errors > > > [20/Nov/2012:00:07:41 -0500] auto-membership-plugin - Could not open ldif > > > file "/tmp/Output_03.ldif" for reading 0 [20/Nov/2012:01:17:03 -0500] > > > auto-membership-plugin - Could not open ldif file "/tmp/Output_03.ldif" for > > > reading 0 [20/Nov/2012:01:21:42 -0500] auto-membership-plugin - Could not > > > open ldif file "/tmp/Output_03.ldif" for reading 0 [20/Nov/2012:01:25:21 > > > -0500] - slapd shutting down - signaling operation threads > > > [20/Nov/2012:01:25:21 -0500] - slapd shutting down - closing down internal > > > subsystems and plugins [20/Nov/2012:01:25:21 -0500] - Waiting for 4 database > > > threads to stop [20/Nov/2012:01:25:21 -0500] - All database threads now > > > stopped [20/Nov/2012:01:25:21 -0500] - slapd stopped. [20/Nov/2012:01:25:23 > > > -0500] - 389-Directory/1.2.11.15 B2012.321.2026 starting up > > > [20/Nov/2012:01:25:23 -0500] - slapd started. Listening on All Interfaces > > > port 22518 for LDAP requests [20/Nov/2012:01:26:32 -0500] > > > auto-membership-plugin - Could not open ldif file "/tmp/Output_03.ldif" for > > > reading 0 > > > > > > > > > Hence reassigning this bug. > > > > Is this SELinux related? Do you see any AVC messages in Audit log message... ==> /var/log/audit/audit.log <== type=AVC msg=audit(1353920226.164:2214675): avc: denied { search } for pid=1109 comm="ns-slapd" name="/" dev=dm-2 ino=2 scontext=unconfined_u:system_r:dirsrv_t:s0 tcontext=system_u:object_r:home_root_t:s0 tclass=dir type=SYSCALL msg=audit(1353920226.164:2214675): arch=40000003 syscall=5 success=no exit=-13 a0=9ba02468 a1=0 a2=1b6 a3=1da3d8 items=0 ppid=1 pid=1109 auid=0 uid=501 gid=501 euid=501 suid=501 fsuid=501 egid=501 sgid=501 fsgid=501 tty=(none) ses=9546 comm="ns-slapd" exe="/usr/sbin/ns-slapd" subj=unconfined_u:system_r:dirsrv_t:s0 key=(null) > > /var/log/audit/audit? > > > > I'd like to see the output of 'ls -lZ /tmp/Output_03.ldif'. > ls -lZ /tmp/Output_03.ldif > -rwxrwxrwx. sramling sramling unconfined_u:object_r:dirsrv_tmp_t:s0 > /tmp/Output_03.ldif Ok, first the logging is displaying the wrong file. It says it can't read /tmp/Output_03.ldif, but its really the input file it can not read. From tet: $DATA_LDIF/Input.ldif I was able to reproduce the error, and putting the input ldif in /var/lib/dirsrv solved the issue. Note: I do have selinux disabled, and it still complains unless the input file is in /var/lib/dirsrv. So this is an enviroment issue, not a DS issue. I just confirmed that having the input file in /tmp also works. I will change the automation scripts as suggested and verify from the official acceptance execution. [root@dell-pe2800-01 ~]# /usr/bin/ldapmodify -h dell-pe2800-01.rhts.eng.bos.redhat.com -p 8311 -D "cn=directory manager" -w Secret123 -avf /home/sramling/RHEL64/testcases/DS/6.0/tet_tmp_dir/Task_Mapping.ldif ldap_initialize( ldap://dell-pe2800-01.rhts.eng.bos.redhat.com:8311 ) add objectClass: top extensibleObject add basedn: ou=TaskEmployees,dc=autoMembers,dc=com add filter: (objectClass=posixAccount) add scope: sub add ldif_in: /tmp/Input.ldif add ldif_out: /tmp/Output_03.ldif adding new entry "cn=Mapping,cn=automember map updates,cn=tasks,cn=config" modify complete From error logs: tail -f /var/log/dirsrv/slapd-dell-pe2800-01/errors [05/Dec/2012:23:32:37 -0500] auto-membership-plugin - Could not open ldif file "/tmp/Output_03.ldif" for reading 0 /usr/bin/ldapmodify -h dell-pe2800-01.rhts.eng.bos.redhat.com -p 8311 -D "cn=directory manager" -w Secret123 -avf /home/sramling/RHEL64/testcases/DS/6.0/tet_tmp_dir/Task_Mapping.ldif ldap_initialize( ldap://dell-pe2800-01.rhts.eng.bos.redhat.com:8311 ) add objectClass: top extensibleObject add basedn: ou=TaskEmployees,dc=autoMembers,dc=com add filter: (objectClass=posixAccount) add scope: sub add ldif_in: /var/lib/dirsrv/slapd-dell-pe2800-01/ldif/Input.ldif add ldif_out: /tmp/Output_03.ldif adding new entry "cn=Mapping,cn=automember map updates,cn=tasks,cn=config" modify complete ls -al /tmp/Output_03.ldif -rw-------. 1 sramling sramling 1610 Dec 5 23:30 /tmp/Output_03.ldif It works only when the input file is kept under /var/lib/dirsrv/slapd-$inst/ldif. Marking the bug as Verified since Mapping tasks accepts the value for input file as - /var/lib/dirsrv/slapd-$inst/ldif/Input.ldif. Additional fix for this bug is provided. https://fedorahosted.org/389/ticket/20 Attachment 0001 [details]-Ticket-20-Allow-automember-to-work-on-entries-that.patch​ added Improved error codes, and made two error code functions available to the plugin API No more error messages aobserved from autoMembers test reports. Hence marking the bug as Verified. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0503.html |