Hide Forgot
Description of problem: Using ldapmodify to set errorlog-level to 16384 or: nsslapd-errorlog-level: 16384 When I verify the updated setting using ldapsearch, I get a value of '0' in return. But if I grep the dse.ldif file, then the expected value of 16384 is returned. For other values, both an ldapsearch and a grep do actually return the expected result. Version-Release number of selected component (if applicable): # cat /etc/redhat-release Red Hat Enterprise Linux Server release 6.4 (Santiago) # uname -p x86_64 # rpm -qa | grep redhat-ds redhat-ds-base-9.1.0-1.el6dsrv.x86_64 redhat-ds-9.1.0-1.el6.x86_64 redhat-ds-admin-9.1.0-1.el6.x86_64 redhat-ds-console-doc-9.1.0-1.el6.noarch redhat-ds-console-9.1.0-1.el6.noarch # rpm -qa | grep 389-ds 389-ds-base-1.2.11.15-20.el6_4.x86_64 389-ds-console-doc-1.2.7-1.el6.noarch 389-ds-console-1.2.7-1.el6.noarch 389-ds-base-libs-1.2.11.15-20.el6_4.x86_64 Steps to Reproduce: [Test #1] # ldapmodify -x -y ~/.rootdnpass -h localhost -p 390 -D "cn=Directory Manager" dn: cn=config changetype: modify replace: nsslapd-errorlog-level nsslapd-errorlog-level: 8192 modifying entry "cn=config" ^C # ldapsearch -x -y ~/.rootdnpass -h localhost -p 390 -D "cn=Directory Manager" -b "cn=config" | grep -i errorlog-level nsslapd-errorlog-level: 8192 # grep errorlog-level /etc/dirsrv/slapd-nss-ds-ca-2/dse.ldif nsslapd-errorlog-level: 8192 [/Test #1] [Test #2] # ldapmodify -x -y ~/.rootdnpass -h localhost -p 390 -D "cn=Directory Manager" dn: cn=config changetype: modify replace: nsslapd-errorlog-level nsslapd-errorlog-level: 16384 modifying entry "cn=config" ^C # ldapsearch -x -y ~/.rootdnpass -h localhost -p 390 -D "cn=Directory Manager" -b "cn=config" | grep -i errorlog-level nsslapd-errorlog-level: 0 # grep errorlog-level /etc/dirsrv/slapd-nss-ds-ca-2/dse.ldif nsslapd-errorlog-level: 16384 [/Test #2] [Test #3] # ldapmodify -x -y ~/.rootdnpass -h localhost -p 390 -D "cn=Directory Manager" dn: cn=config changetype: modify replace: nsslapd-errorlog-level nsslapd-errorlog-level: 32768 modifying entry "cn=config" ^C # ldapsearch -x -y ~/.rootdnpass -h localhost -p 390 -D "cn=Directory Manager" -b "cn=config" | grep -i errorlog-level nsslapd-errorlog-level: 32768 # grep errorlog-level /etc/dirsrv/slapd-nss-ds-ca-2/dse.ldif nsslapd-errorlog-level: 32768 [/Test #3]
Upstream ticket: https://fedorahosted.org/389/ticket/47636
Fixed upstream
[root@vm-idm-035 ~]# ldapmodify -x -p 1189 -h localhost -D "cn=Directory Manager" -w Secret123 << EOF dn: cn=config changetype: modify replace: nsslapd-errorlog-level nsslapd-errorlog-level: 8192 EOF [root@vm-idm-035 ~]# ldapsearch -x -p 1189 -h localhost -D "cn=Directory Manager" -w Secret123 -b "cn=config" | grep -i nsslapd-errorlog-level: nsslapd-errorlog-level: 24576 [root@vm-idm-035 ~]# ldapmodify -x -p 1189 -h localhost -D "cn=Directory Manager" -w Secret123 << EOF dn: cn=config changetype: modify replace: nsslapd-errorlog-level nsslapd-errorlog-level: 8192 EOF modifying entry "cn=config" [root@vm-idm-035 ~]# ldapsearch -x -p 1189 -h localhost -D "cn=Directory Manager" -w Secret123 -b "cn=config" | grep -i nsslapd-errorlog-level: nsslapd-errorlog-level: 24576 [root@vm-idm-035 ~]# grep errorlog-level /etc/dirsrv/slapd-M1/dse.ldif nsslapd-errorlog-level: 8192 [root@vm-idm-035 ~]# ldapmodify -x -p 1189 -h localhost -D "cn=Directory Manager" -w Secret123 << EOF dn: cn=config changetype: modify replace: nsslapd-errorlog-level nsslapd-errorlog-level: 32768 EOF modifying entry "cn=config" [root@vm-idm-035 ~]# grep errorlog-level /etc/dirsrv/slapd-M1/dse.ldif nsslapd-errorlog-level: 32768 [root@vm-idm-035 ~]# ldapsearch -x -p 1189 -h localhost -D "cn=Directory Manager" -w Secret123 -b "cn=config" | grep -i nsslapd-errorlog-level: nsslapd-errorlog-level: 49152 Ldapsearch shows different results. I am not sure this is expected.
It's adding the default level (16384) to the specified debug log level. So setting the debug level for replication (8192) is actually doing: 8192 + 16384 = 24576 So this is correct and incorrect. It's the correct value that is used internally, but it's the wrong value you would expect to see from a search on cn=config. I need to work on a new fix for this.
Fixed upstream.
[root@dhcp201-126 db]# ldapmodify -x -p 389 -h localhost -D "cn=Directory Manager" -w Secret123 << EOF > dn: cn=config > changetype: modify > replace: nsslapd-errorlog-level > nsslapd-errorlog-level: 8192 > EOF modifying entry "cn=config" [root@dhcp201-126 db]# ldapsearch -x -p 389 -h localhost -D "cn=Directory Manager" -w Secret123 -b "cn=config" | grep -i nsslapd-errorlog-level: nsslapd-errorlog-level: 8192 [root@dhcp201-126 db]# grep errorlog-level /etc/dirsrv/slapd-dhcp201-126/dse.ldif nsslapd-errorlog-level: 8192 [root@dhcp201-126 db]# ldapmodify -x -p 389 -h localhost -D "cn=Directory Manager" -w Secret123 << EOF > dn: cn=config > changetype: modify > replace: nsslapd-errorlog-level > nsslapd-errorlog-level: 16384 > EOF modifying entry "cn=config" [root@dhcp201-126 db]# grep errorlog-level /etc/dirsrv/slapd-dhcp201-126/dse.ldif nsslapd-errorlog-level: 16384 [root@dhcp201-126 db]# ldapsearch -x -p 389 -h localhost -D "cn=Directory Manager" -w Secret123 -b "cn=config" | grep -i nsslapd-errorlog-level: nsslapd-errorlog-level: 16384 [root@dhcp201-126 db]# ldapmodify -x -p 389 -h localhost -D "cn=Directory Manager" -w Secret123 << EOF > dn: cn=config > changetype: modify > replace: nsslapd-errorlog-level > nsslapd-errorlog-level: 32768 > EOF modifying entry "cn=config" [root@dhcp201-126 db]# ldapsearch -x -p 389 -h localhost -D "cn=Directory Manager" -w Secret123 -b "cn=config" | grep -i nsslapd-errorlog-level: nsslapd-errorlog-level: 32768 [root@dhcp201-126 db]# grep errorlog-level /etc/dirsrv/slapd-dhcp201-126/dse.ldif nsslapd-errorlog-level: 32768
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-0416.html