Hide Forgot
This bug is created as a clone of upstream ticket: https://fedorahosted.org/389/ticket/47601 Ticket #47384 adds some sanity testing to the value of nsslapd-pluginPath when a plugin entry is added or modified. This is tripping up the slapi-nis self-tests which involve modifying the plugin entry (the plugin entry is added to dse.ldif offline), as the server now returns an unwilling-to-perform error in response to the modify request when it succeeded before. I think that any of these would work: * When checking a modify request, only sanity-check nsslapd-pluginPath when it shows up in the list of mods. * Add a run-time-configurable whitelist of locations where plugins could be found. * Replace the pathname check with an stat() call or a dlopen(RTLD_NOW) equivalent, to see if it can be loaded (with dlopen() followed by an immediate dlclose()).
Seems that selinux was the culprit.. [root@dhcp201-126 ~]# cp /usr/lib64/dirsrv/plugins/libautomember-plugin.so /tmp [root@dhcp201-126 ~]# getenforce Enforcing [root@dhcp201-126 ~]# setenforce 0 [root@dhcp201-126 ~]# ls -al /tmp total 96 drwxrwxrwt. 9 root root 4096 Jan 9 14:46 . dr-xr-xr-x. 19 root root 4096 Nov 5 18:57 .. drwxrwxrwt. 2 root root 6 Nov 5 13:35 .font-unix drwxrwxrwt. 2 root root 6 Nov 5 13:35 .ICE-unix -rwxr-xr-x. 1 root root 45120 Jan 9 14:46 libautomember-plugin.so -rw-------. 1 root root 5495 Jan 6 16:35 setup0Xa3ia.log -rw-------. 1 root root 5495 Dec 30 13:11 setupAziFGz.log -rw-------. 1 root root 1524 Jan 9 12:39 setupeNbm8D.log -rw-------. 1 root root 5635 Jan 9 12:40 setupotKmaL.log -rw-------. 1 root root 1524 Jan 5 13:56 setupPCo5sN.log -rw-------. 1 root root 6852 Jan 5 13:56 setupZ2iB6r.log drwx------. 3 root root 16 Nov 10 13:15 systemd-private-nLBTOZ drwx------. 3 root root 16 Dec 22 17:11 systemd-private-yCZgiJ drwxrwxrwt. 2 root root 6 Nov 5 13:35 .Test-unix drwxrwxrwt. 2 root root 6 Nov 5 13:35 .X11-unix drwxrwxrwt. 2 root root 6 Nov 5 13:35 .XIM-unix [root@dhcp201-126 ~]# chmod 777 /tmp/libautomember-plugin.so [root@dhcp201-126 ~]# ldapmodify -x -p 389 -h localhost -D "cn=Directory Manager" -w Secret123 << EOF > dn: cn=Auto Membership Plugin,cn=plugins,cn=config > changetype: modify > replace: nsslapd-pluginPath > nsslapd-pluginPath: /tmp/libautomember-plugin.so > EOF modifying entry "cn=Auto Membership Plugin,cn=plugins,cn=config" [root@dhcp201-126 ~]# /usr/lib64/dirsrv/slapd-dhcp201-126/stop-slapd [root@dhcp201-126 ~]# /usr/lib64/dirsrv/slapd-dhcp201-126/start-slapd [root@dhcp201-126 ~]# Hence VERIFIED.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-0416.html