Bug 1012991 - errorlog-level 16384 is listed as 0 in cn=config
errorlog-level 16384 is listed as 0 in cn=config
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: 389-ds-base (Show other bugs)
7.0
x86_64 Linux
low Severity medium
: rc
: 7.0
Assigned To: mreynolds
Viktor Ashirov
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-09-27 10:22 EDT by Jean Figarella
Modified: 2015-03-05 04:31 EST (History)
4 users (show)

See Also:
Fixed In Version: 389-ds-base-1.3.3.1-10.el7
Doc Type: Bug Fix
Doc Text:
Cause: Configuration processing was deliberately converting the "default level" to zero. Consequence: Searching on the configuration error log level returned an unexpected value of zero. This conflicts with the server documentation. Fix: Do not convert the default log level to zero, but still allow zero to be used to reset the log level to the the default level. Result: The correct log level is always returned to the client application.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-03-05 04:31:04 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jean Figarella 2013-09-27 10:22:25 EDT
Description of problem:

Using ldapmodify to set errorlog-level to 16384 or:

nsslapd-errorlog-level: 16384

When I verify the updated setting using ldapsearch, I get a value of '0' in return. But if I grep the dse.ldif file, then the expected value of 16384 is returned. For other values, both an ldapsearch and a grep do actually return the expected result.


Version-Release number of selected component (if applicable):

# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 6.4 (Santiago)

# uname -p
x86_64

# rpm -qa | grep redhat-ds
redhat-ds-base-9.1.0-1.el6dsrv.x86_64
redhat-ds-9.1.0-1.el6.x86_64
redhat-ds-admin-9.1.0-1.el6.x86_64
redhat-ds-console-doc-9.1.0-1.el6.noarch
redhat-ds-console-9.1.0-1.el6.noarch

# rpm -qa | grep 389-ds
389-ds-base-1.2.11.15-20.el6_4.x86_64
389-ds-console-doc-1.2.7-1.el6.noarch
389-ds-console-1.2.7-1.el6.noarch
389-ds-base-libs-1.2.11.15-20.el6_4.x86_64


Steps to Reproduce:

[Test #1]
# ldapmodify -x -y ~/.rootdnpass -h localhost -p 390 -D "cn=Directory Manager"
dn: cn=config
changetype: modify
replace: nsslapd-errorlog-level
nsslapd-errorlog-level: 8192

modifying entry "cn=config"

^C

# ldapsearch -x -y ~/.rootdnpass -h localhost -p 390 -D "cn=Directory Manager" -b "cn=config" | grep -i errorlog-level
nsslapd-errorlog-level: 8192

# grep errorlog-level /etc/dirsrv/slapd-nss-ds-ca-2/dse.ldif
nsslapd-errorlog-level: 8192
[/Test #1]

[Test #2]
# ldapmodify -x -y ~/.rootdnpass -h localhost -p 390 -D "cn=Directory Manager"
dn: cn=config
changetype: modify
replace: nsslapd-errorlog-level
nsslapd-errorlog-level: 16384

modifying entry "cn=config"

^C

# ldapsearch -x -y ~/.rootdnpass -h localhost -p 390 -D "cn=Directory Manager" -b "cn=config" | grep -i errorlog-level
nsslapd-errorlog-level: 0

# grep errorlog-level /etc/dirsrv/slapd-nss-ds-ca-2/dse.ldif
nsslapd-errorlog-level: 16384
[/Test #2]

[Test #3]
# ldapmodify -x -y ~/.rootdnpass -h localhost -p 390 -D "cn=Directory Manager"
dn: cn=config
changetype: modify
replace: nsslapd-errorlog-level
nsslapd-errorlog-level: 32768

modifying entry "cn=config"

^C

# ldapsearch -x -y ~/.rootdnpass -h localhost -p 390 -D "cn=Directory Manager" -b "cn=config" | grep -i errorlog-level
nsslapd-errorlog-level: 32768

# grep errorlog-level /etc/dirsrv/slapd-nss-ds-ca-2/dse.ldif
nsslapd-errorlog-level: 32768
[/Test #3]
Comment 2 Nathan Kinder 2013-12-18 11:16:21 EST
Upstream ticket:
https://fedorahosted.org/389/ticket/47636
Comment 3 mreynolds 2014-05-23 13:47:19 EDT
Fixed upstream
Comment 5 Sankar Ramalingam 2014-12-01 00:59:51 EST
[root@vm-idm-035 ~]# ldapmodify -x -p 1189 -h localhost -D "cn=Directory Manager" -w Secret123 << EOF
dn: cn=config
changetype: modify
replace: nsslapd-errorlog-level
nsslapd-errorlog-level: 8192
EOF

[root@vm-idm-035 ~]# ldapsearch -x -p 1189 -h localhost -D "cn=Directory Manager" -w Secret123 -b "cn=config" | grep -i nsslapd-errorlog-level:
nsslapd-errorlog-level: 24576
[root@vm-idm-035 ~]# ldapmodify -x -p 1189 -h localhost -D "cn=Directory Manager" -w Secret123 << EOF
dn: cn=config
changetype: modify
replace: nsslapd-errorlog-level
nsslapd-errorlog-level: 8192
EOF
modifying entry "cn=config"

[root@vm-idm-035 ~]# ldapsearch -x -p 1189 -h localhost -D "cn=Directory Manager" -w Secret123 -b "cn=config" | grep -i nsslapd-errorlog-level:
nsslapd-errorlog-level: 24576
[root@vm-idm-035 ~]# grep errorlog-level /etc/dirsrv/slapd-M1/dse.ldif
nsslapd-errorlog-level: 8192
[root@vm-idm-035 ~]# ldapmodify -x -p 1189 -h localhost -D "cn=Directory Manager" -w Secret123 << EOF
dn: cn=config
changetype: modify
replace: nsslapd-errorlog-level
nsslapd-errorlog-level: 32768
EOF

modifying entry "cn=config"

[root@vm-idm-035 ~]# grep errorlog-level /etc/dirsrv/slapd-M1/dse.ldif
nsslapd-errorlog-level: 32768
[root@vm-idm-035 ~]# ldapsearch -x -p 1189 -h localhost -D "cn=Directory Manager" -w Secret123 -b "cn=config" | grep -i nsslapd-errorlog-level:
nsslapd-errorlog-level: 49152


Ldapsearch shows different results. I am not sure this is expected.
Comment 6 mreynolds 2014-12-01 10:08:54 EST
It's adding the default level (16384) to the specified debug log level.  

So setting the debug level for replication (8192) is actually doing: 8192  + 16384 = 24576

So this is correct and incorrect.  It's the correct value that is used internally, but it's the wrong value you would expect to see from a search on cn=config.

I need to work on a new fix for this.
Comment 7 mreynolds 2014-12-08 17:07:36 EST
Fixed upstream.
Comment 8 Amita Sharma 2014-12-29 06:44:37 EST
[root@dhcp201-126 db]# ldapmodify -x -p 389 -h localhost -D "cn=Directory Manager" -w Secret123 << EOF
> dn: cn=config
> changetype: modify
> replace: nsslapd-errorlog-level
> nsslapd-errorlog-level: 8192
> EOF
modifying entry "cn=config"


[root@dhcp201-126 db]# ldapsearch -x -p 389 -h localhost -D "cn=Directory Manager" -w Secret123 -b "cn=config" | grep -i nsslapd-errorlog-level:
nsslapd-errorlog-level: 8192

[root@dhcp201-126 db]# grep errorlog-level /etc/dirsrv/slapd-dhcp201-126/dse.ldif
nsslapd-errorlog-level: 8192

[root@dhcp201-126 db]# ldapmodify -x -p 389 -h localhost -D "cn=Directory Manager" -w Secret123 << EOF
> dn: cn=config
> changetype: modify
> replace: nsslapd-errorlog-level
> nsslapd-errorlog-level: 16384
> EOF
modifying entry "cn=config"

[root@dhcp201-126 db]# grep errorlog-level /etc/dirsrv/slapd-dhcp201-126/dse.ldif
nsslapd-errorlog-level: 16384

[root@dhcp201-126 db]# ldapsearch -x -p 389 -h localhost -D "cn=Directory Manager" -w Secret123 -b "cn=config" | grep -i nsslapd-errorlog-level:
nsslapd-errorlog-level: 16384

[root@dhcp201-126 db]# ldapmodify -x -p 389 -h localhost -D "cn=Directory Manager" -w Secret123 << EOF
> dn: cn=config
> changetype: modify
> replace: nsslapd-errorlog-level
> nsslapd-errorlog-level: 32768
> EOF
modifying entry "cn=config"

[root@dhcp201-126 db]# ldapsearch -x -p 389 -h localhost -D "cn=Directory Manager" -w Secret123 -b "cn=config" | grep -i nsslapd-errorlog-level:
nsslapd-errorlog-level: 32768

[root@dhcp201-126 db]# grep errorlog-level /etc/dirsrv/slapd-dhcp201-126/dse.ldif
nsslapd-errorlog-level: 32768
Comment 10 errata-xmlrpc 2015-03-05 04:31:04 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0416.html

Note You need to log in before you can comment on or make changes to this bug.