Bug 1012991 - errorlog-level 16384 is listed as 0 in cn=config
Summary: errorlog-level 16384 is listed as 0 in cn=config
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: 389-ds-base
Version: 7.0
Hardware: x86_64
OS: Linux
low
medium
Target Milestone: rc
: 7.0
Assignee: mreynolds
QA Contact: Viktor Ashirov
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-09-27 14:22 UTC by Jean Figarella
Modified: 2020-09-13 20:52 UTC (History)
4 users (show)

Fixed In Version: 389-ds-base-1.3.3.1-10.el7
Doc Type: Bug Fix
Doc Text:
Cause: Configuration processing was deliberately converting the "default level" to zero. Consequence: Searching on the configuration error log level returned an unexpected value of zero. This conflicts with the server documentation. Fix: Do not convert the default log level to zero, but still allow zero to be used to reset the log level to the the default level. Result: The correct log level is always returned to the client application.
Clone Of:
Environment:
Last Closed: 2015-03-05 09:31:04 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Github 389ds 389-ds-base issues 973 0 None None None 2020-09-13 20:52:55 UTC
Red Hat Product Errata RHSA-2015:0416 0 normal SHIPPED_LIVE Important: 389-ds-base security, bug fix, and enhancement update 2015-03-05 14:26:33 UTC

Description Jean Figarella 2013-09-27 14:22:25 UTC 
Description of problem:

Using ldapmodify to set errorlog-level to 16384 or:

nsslapd-errorlog-level: 16384

When I verify the updated setting using ldapsearch, I get a value of '0' in return. But if I grep the dse.ldif file, then the expected value of 16384 is returned. For other values, both an ldapsearch and a grep do actually return the expected result.


Version-Release number of selected component (if applicable):

# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 6.4 (Santiago)

# uname -p
x86_64

# rpm -qa | grep redhat-ds
redhat-ds-base-9.1.0-1.el6dsrv.x86_64
redhat-ds-9.1.0-1.el6.x86_64
redhat-ds-admin-9.1.0-1.el6.x86_64
redhat-ds-console-doc-9.1.0-1.el6.noarch
redhat-ds-console-9.1.0-1.el6.noarch

# rpm -qa | grep 389-ds
389-ds-base-1.2.11.15-20.el6_4.x86_64
389-ds-console-doc-1.2.7-1.el6.noarch
389-ds-console-1.2.7-1.el6.noarch
389-ds-base-libs-1.2.11.15-20.el6_4.x86_64


Steps to Reproduce:

[Test #1]
# ldapmodify -x -y ~/.rootdnpass -h localhost -p 390 -D "cn=Directory Manager"
dn: cn=config
changetype: modify
replace: nsslapd-errorlog-level
nsslapd-errorlog-level: 8192

modifying entry "cn=config"

^C

# ldapsearch -x -y ~/.rootdnpass -h localhost -p 390 -D "cn=Directory Manager" -b "cn=config" | grep -i errorlog-level
nsslapd-errorlog-level: 8192

# grep errorlog-level /etc/dirsrv/slapd-nss-ds-ca-2/dse.ldif
nsslapd-errorlog-level: 8192
[/Test #1]

[Test #2]
# ldapmodify -x -y ~/.rootdnpass -h localhost -p 390 -D "cn=Directory Manager"
dn: cn=config
changetype: modify
replace: nsslapd-errorlog-level
nsslapd-errorlog-level: 16384

modifying entry "cn=config"

^C

# ldapsearch -x -y ~/.rootdnpass -h localhost -p 390 -D "cn=Directory Manager" -b "cn=config" | grep -i errorlog-level
nsslapd-errorlog-level: 0

# grep errorlog-level /etc/dirsrv/slapd-nss-ds-ca-2/dse.ldif
nsslapd-errorlog-level: 16384
[/Test #2]

[Test #3]
# ldapmodify -x -y ~/.rootdnpass -h localhost -p 390 -D "cn=Directory Manager"
dn: cn=config
changetype: modify
replace: nsslapd-errorlog-level
nsslapd-errorlog-level: 32768

modifying entry "cn=config"

^C

# ldapsearch -x -y ~/.rootdnpass -h localhost -p 390 -D "cn=Directory Manager" -b "cn=config" | grep -i errorlog-level
nsslapd-errorlog-level: 32768

# grep errorlog-level /etc/dirsrv/slapd-nss-ds-ca-2/dse.ldif
nsslapd-errorlog-level: 32768
[/Test #3]
Comment 2 Nathan Kinder 2013-12-18 16:16:21 UTC 
Upstream ticket:
https://fedorahosted.org/389/ticket/47636
Comment 3 mreynolds 2014-05-23 17:47:19 UTC 
Fixed upstream
Comment 5 Sankar Ramalingam 2014-12-01 05:59:51 UTC 
[root@vm-idm-035 ~]# ldapmodify -x -p 1189 -h localhost -D "cn=Directory Manager" -w Secret123 << EOF
dn: cn=config
changetype: modify
replace: nsslapd-errorlog-level
nsslapd-errorlog-level: 8192
EOF

[root@vm-idm-035 ~]# ldapsearch -x -p 1189 -h localhost -D "cn=Directory Manager" -w Secret123 -b "cn=config" | grep -i nsslapd-errorlog-level:
nsslapd-errorlog-level: 24576
[root@vm-idm-035 ~]# ldapmodify -x -p 1189 -h localhost -D "cn=Directory Manager" -w Secret123 << EOF
dn: cn=config
changetype: modify
replace: nsslapd-errorlog-level
nsslapd-errorlog-level: 8192
EOF
modifying entry "cn=config"

[root@vm-idm-035 ~]# ldapsearch -x -p 1189 -h localhost -D "cn=Directory Manager" -w Secret123 -b "cn=config" | grep -i nsslapd-errorlog-level:
nsslapd-errorlog-level: 24576
[root@vm-idm-035 ~]# grep errorlog-level /etc/dirsrv/slapd-M1/dse.ldif
nsslapd-errorlog-level: 8192
[root@vm-idm-035 ~]# ldapmodify -x -p 1189 -h localhost -D "cn=Directory Manager" -w Secret123 << EOF
dn: cn=config
changetype: modify
replace: nsslapd-errorlog-level
nsslapd-errorlog-level: 32768
EOF

modifying entry "cn=config"

[root@vm-idm-035 ~]# grep errorlog-level /etc/dirsrv/slapd-M1/dse.ldif
nsslapd-errorlog-level: 32768
[root@vm-idm-035 ~]# ldapsearch -x -p 1189 -h localhost -D "cn=Directory Manager" -w Secret123 -b "cn=config" | grep -i nsslapd-errorlog-level:
nsslapd-errorlog-level: 49152


Ldapsearch shows different results. I am not sure this is expected.
Comment 6 mreynolds 2014-12-01 15:08:54 UTC 
It's adding the default level (16384) to the specified debug log level.  

So setting the debug level for replication (8192) is actually doing: 8192  + 16384 = 24576

So this is correct and incorrect.  It's the correct value that is used internally, but it's the wrong value you would expect to see from a search on cn=config.

I need to work on a new fix for this.
Comment 7 mreynolds 2014-12-08 22:07:36 UTC 
Fixed upstream.
Comment 8 Amita Sharma 2014-12-29 11:44:37 UTC 
[root@dhcp201-126 db]# ldapmodify -x -p 389 -h localhost -D "cn=Directory Manager" -w Secret123 << EOF
> dn: cn=config
> changetype: modify
> replace: nsslapd-errorlog-level
> nsslapd-errorlog-level: 8192
> EOF
modifying entry "cn=config"


[root@dhcp201-126 db]# ldapsearch -x -p 389 -h localhost -D "cn=Directory Manager" -w Secret123 -b "cn=config" | grep -i nsslapd-errorlog-level:
nsslapd-errorlog-level: 8192

[root@dhcp201-126 db]# grep errorlog-level /etc/dirsrv/slapd-dhcp201-126/dse.ldif
nsslapd-errorlog-level: 8192

[root@dhcp201-126 db]# ldapmodify -x -p 389 -h localhost -D "cn=Directory Manager" -w Secret123 << EOF
> dn: cn=config
> changetype: modify
> replace: nsslapd-errorlog-level
> nsslapd-errorlog-level: 16384
> EOF
modifying entry "cn=config"

[root@dhcp201-126 db]# grep errorlog-level /etc/dirsrv/slapd-dhcp201-126/dse.ldif
nsslapd-errorlog-level: 16384

[root@dhcp201-126 db]# ldapsearch -x -p 389 -h localhost -D "cn=Directory Manager" -w Secret123 -b "cn=config" | grep -i nsslapd-errorlog-level:
nsslapd-errorlog-level: 16384

[root@dhcp201-126 db]# ldapmodify -x -p 389 -h localhost -D "cn=Directory Manager" -w Secret123 << EOF
> dn: cn=config
> changetype: modify
> replace: nsslapd-errorlog-level
> nsslapd-errorlog-level: 32768
> EOF
modifying entry "cn=config"

[root@dhcp201-126 db]# ldapsearch -x -p 389 -h localhost -D "cn=Directory Manager" -w Secret123 -b "cn=config" | grep -i nsslapd-errorlog-level:
nsslapd-errorlog-level: 32768

[root@dhcp201-126 db]# grep errorlog-level /etc/dirsrv/slapd-dhcp201-126/dse.ldif
nsslapd-errorlog-level: 32768
Comment 10 errata-xmlrpc 2015-03-05 09:31:04 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0416.html
Note You need to log in before you can comment on or make changes to this bug.