Bug 1074447 - Part of DNA shared configuration is deleted after server restart
Summary: Part of DNA shared configuration is deleted after server restart
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: 389-ds-base
Version: 7.0
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: rc
: ---
Assignee: mreynolds
QA Contact: Viktor Ashirov
URL:
Whiteboard:
: 1074444 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-03-10 09:32 UTC by Milan Kubík
Modified: 2015-03-05 09:34 UTC (History)
3 users (show)

Fixed In Version: 389-ds-base-1.3.3.1-1.el7
Doc Type: Bug Fix
Doc Text:
Cause: Performing an update that triggers the plugin to assign a new value to an entry Consequence: If using remote shared server settings, they get removed after DNA assigns a value. This means the settings lost, and DNA will not be able to retrieve a new range of numbers from that remote server. Fix: Restore the remote shared server configuration when the plugin assigns a new value to a entry. Result: The plugin continues to work as expected and contact remote shared servers when its range of numbers is exhausted.
Clone Of:
Environment:
Last Closed: 2015-03-05 09:34:00 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:0416 normal SHIPPED_LIVE Important: 389-ds-base security, bug fix, and enhancement update 2015-03-05 14:26:33 UTC

Description Milan Kubík 2014-03-10 09:32:52 UTC
Description of problem:
When the server with DNA shared configuration entries (MMR + DNA setup) has set dnaRemoteBindMethod and dnaRemoteConnProtocol attributes in its shared entry and is restarted, the configuration is being deleted by an update event triggered some time after DNA plugin initialization.

log:
[07/Mar/2014:13:48:01 -0500] NS7bitAttr - ADD begin
[07/Mar/2014:13:48:01 -0500] NS7bitAttr - ADD target=dnaHostname=example.com+dnaPortNum=1389,cn=Account UIDs,ou=Ranges,dc=example,dc=com
[07/Mar/2014:13:48:01 -0500] NSMMReplicationPlugin - changelog program - cl5WriteOperationTxn: successfully written entry with csn (531a1462000200070000)


Version-Release number of selected component (if applicable):
389-ds-base-1.3.1.6-21.el7

How reproducible:
always

Steps to Reproduce:
1. Set up MMR + DNA.
2. Configure dnaRemoteBindMethod and dnaRemoteConnProtocol in the shared entry on one of the masters.
3. Restart the directory server instance that owns the entry.

Actual results:
The attributes are deleted from the shared configuration entry in less than a minute after the server starts.

Expected results:
The configuration is not affected by server restart.

Additional info:

Comment 3 Noriko Hosoi 2014-04-11 19:11:39 UTC
Upstream ticket:
https://fedorahosted.org/389/ticket/47779

Comment 4 mreynolds 2014-04-21 17:08:15 UTC
Fixed upstream.

Comment 5 mreynolds 2014-04-21 20:21:11 UTC
Verification steps

[1]  Setup a single instance using "dc=example,dc=com"
[2]  Create "ou=ranges,dc=example,dc=com"
[3]  Add this entry(or something similar)

dn: dnaHostname=localhost.localdomain+dnaPortNum=389,ou=ranges,dc=example,dc=com
objectClass: extensibleObject
objectClass: top
dnaHostname: localhost.localdomain
dnaPortNum: 389
dnaSecurePortNum: 636
dnaRemainingValues: 500
dnaRemoteBindMethod: SIMPLE
dnaRemoteConnProtocol: LDAP


[4] Add this entry to cn=config

dn: cn=DNA Config Entry,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn
 =config
objectClass: top
objectClass: extensibleObject
cn: DNA Config Entry
dnaType: description
dnaInterval: 1
dnaMaxValue: 5000
dnaMagicRegen: 0
dnaThreshold: 100
dnaFilter: (objectclass=groupofuniquenames)
dnaScope: dc=example,dc=com
dnaSharedCfgDN: ou=ranges,dc=example,dc=com
dnaNextValue: 500
dnaRemoteBindDN: uid=replica,cn=config
dnaRemoteBindCred: password

[5] Enable the DNA plugin
[6] Add a group with a "description" attribute set to 0:

dn: cn=group,dc=example,dc=com
objectclass: top
objectclass: groupofuniquenames
cn: group
description: 0

[7] Wait 30 seconds, and check to see if the shared config entry (dnaHostname=localhost.localdomain+dnaPortNum=389,ou=ranges,dc=example,dc=com) still has the these two attributes:

dnaRemoteBindMethod
dnaRemoteConnProtocol

[8]  Restart the server
[9]  Modify the group we just created, and reset the description attribute to 0:

dn: cn=group,dc=example,dc=com
changetype: modify
replace: description
description: 0

[10]  Wait 30 seconds
[11]  Check the shared config entry again, and make sure it still has those two dna remote server settings(like from step 7).

Bug is verified if configuration is still present in the entry.

Comment 6 mreynolds 2014-05-21 15:59:00 UTC
*** Bug 1074444 has been marked as a duplicate of this bug. ***

Comment 8 Viktor Ashirov 2015-01-27 00:48:47 UTC
$ rpm -qa | grep 389 
389-ds-base-libs-1.3.3.1-12.el7.x86_64
389-ds-base-debuginfo-1.3.3.1-12.el7.x86_64
389-ds-base-1.3.3.1-12.el7.x86_64

[1]  Setup a single instance using "dc=example,dc=com"
[2]  Create "ou=ranges,dc=example,dc=com"
$ ldapmodify -D "cn=Directory Manager" -w Secret123 << EOF
dn: ou=ranges,dc=example,dc=com
changetype: add
ou: ranges
objectClass: top
objectClass: organizationalunit
EOF
adding new entry "ou=ranges,dc=example,dc=com"

[3]  Add this entry(or something similar)
$ ldapmodify -D "cn=Directory Manager" -w Secret123 << EOF
dn: dnaHostname=rhel7.brq.redhat.com+dnaPortNum=389,ou=ranges,dc=example,dc=com
changetype: add
objectClass: dnaSharedConfig
objectClass: top
dnaHostname: rhel7.brq.redhat.com
dnaPortNum: 389
dnaSecurePortNum: 636
dnaRemainingValues: 500
dnaRemoteBindMethod: SIMPLE
dnaRemoteConnProtocol: LDAP
EOF
adding new entry "dnaHostname=rhel7.brq.redhat.com+dnaPortNum=389,ou=ranges,dc=example,dc=com"

[4] Add this entry to cn=config
$ ldapmodify -D "cn=Directory Manager" -w Secret123 << EOF
dn: cn=DNA Config Entry,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
changetype: add
objectClass: top
objectClass: extensibleObject
cn: DNA Config Entry
dnaType: description
dnaInterval: 1
dnaMaxValue: 5000
dnaMagicRegen: 0
dnaThreshold: 100
dnaFilter: (objectclass=groupofuniquenames)
dnaScope: dc=example,dc=com
dnaSharedCfgDN: ou=ranges,dc=example,dc=com
dnaNextValue: 500
dnaRemoteBindDN: cn=Directory Manager
dnaRemoteBindCred: Secret123
EOF
adding new entry "cn=DNA Config Entry,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config"


[5] Enable the DNA plugin
$ ldapmodify -D "cn=Directory Manager" -w Secret123 << EOF
dn: cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
changetype: modify
replace: nsslapd-pluginEnabled
nsslapd-pluginEnabled: on
EOF
modifying entry "cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config"

[6] Add a group with a "description" attribute set to 0:
ldapmodify -D "cn=Directory Manager" -w Secret123 << EOF
dn: cn=group,dc=example,dc=com
changetype: add
objectclass: top
objectclass: groupofuniquenames
cn: group
description: 0
EOF
adding new entry "cn=group,dc=example,dc=com"


[7] Wait 30 seconds, and check to see if the shared config entry (dnaHostname=localhost.localdomain+dnaPortNum=389,ou=ranges,dc=example,dc=com) still has the these two attributes:

dnaRemoteBindMethod
dnaRemoteConnProtocol

$ ldapsearch -LLL -o ldif-wrap=no -D "cn=Directory Manager" -w Secret123 -b "dnaHostname=rhel7.brq.redhat.com+dnaPortNum=389,ou=ranges,dc=example,dc=com" dnaRemoteBindMethod dnaRemoteConnProtocol
dn: dnaHostname=rhel7.brq.redhat.com+dnaPortNum=389,ou=ranges,dc=example,dc=com
dnaRemoteBindMethod: SIMPLE
dnaRemoteConnProtocol: LDAP


[8]  Restart the server
$ sudo systemctl restart dirsrv.target

[9]  Modify the group we just created, and reset the description attribute to 0:
$ ldapmodify -D "cn=Directory Manager" -w Secret123 << EOF
dn: cn=group,dc=example,dc=com
changetype: modify
replace: description
description: 0
EOF
modifying entry "cn=group,dc=example,dc=com"

[10]  Wait 30 seconds
[11]  Check the shared config entry again, and make sure it still has those two dna remote server settings(like from step 7).
$ ldapsearch -LLL -o ldif-wrap=no -D "cn=Directory Manager" -w Secret123 -b "dnaHostname=rhel7.brq.redhat.com+dnaPortNum=389,ou=ranges,dc=example,dc=com" dnaRemoteBindMethod dnaRemoteConnProtocol
dn: dnaHostname=rhel7.brq.redhat.com+dnaPortNum=389,ou=ranges,dc=example,dc=com
dnaRemoteBindMethod: SIMPLE
dnaRemoteConnProtocol: LDAP


Configuration is still present in the entry. Marking as VERIFIED.

Comment 10 errata-xmlrpc 2015-03-05 09:34:00 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0416.html


Note You need to log in before you can comment on or make changes to this bug.