Bug 1074447 – Part of DNA shared configuration is deleted after server restart

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1074447 - Part of DNA shared configuration is deleted after server restart

Summary:	Part of DNA shared configuration is deleted after server restart

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	389-ds-base (Show other bugs)
Sub Component:
Version:	7.0
Hardware:	Unspecified Unspecified

Priority	medium Severity unspecified
Target Milestone:	rc
Target Release:	---
Assigned To:	mreynolds
QA Contact:	Viktor Ashirov
Docs Contact:

URL:
Whiteboard:
Keywords:

Duplicates:	1074444 (view as bug list)
Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2014-03-10 05:32 EDT by Milan Kubík
Modified:	2015-03-05 04:34 EST (History)
CC List:	3 users (show)

See Also:
Fixed In Version:	389-ds-base-1.3.3.1-1.el7
Doc Type:	Bug Fix
Doc Text:	Cause: Performing an update that triggers the plugin to assign a new value to an entry Consequence: If using remote shared server settings, they get removed after DNA assigns a value. This means the settings lost, and DNA will not be able to retrieve a new range of numbers from that remote server. Fix: Restore the remote shared server configuration when the plugin assigns a new value to a entry. Result: The plugin continues to work as expected and contact remote shared servers when its range of numbers is exhausted.
Story Points:	---
Clone Of:
Environment:
Last Closed:	2015-03-05 04:34:00 EST
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2015:0416	normal	SHIPPED_LIVE	Important: 389-ds-base security, bug fix, and enhancement update	2015-03-05 09:26:33 EST

Groups: None (edit)

Description Milan Kubík 2014-03-10 05:32:52 EDT

Description of problem:
When the server with DNA shared configuration entries (MMR + DNA setup) has set dnaRemoteBindMethod and dnaRemoteConnProtocol attributes in its shared entry and is restarted, the configuration is being deleted by an update event triggered some time after DNA plugin initialization.

log:
[07/Mar/2014:13:48:01 -0500] NS7bitAttr - ADD begin
[07/Mar/2014:13:48:01 -0500] NS7bitAttr - ADD target=dnaHostname=example.com+dnaPortNum=1389,cn=Account UIDs,ou=Ranges,dc=example,dc=com
[07/Mar/2014:13:48:01 -0500] NSMMReplicationPlugin - changelog program - cl5WriteOperationTxn: successfully written entry with csn (531a1462000200070000)


Version-Release number of selected component (if applicable):
389-ds-base-1.3.1.6-21.el7

How reproducible:
always

Steps to Reproduce:
1. Set up MMR + DNA.
2. Configure dnaRemoteBindMethod and dnaRemoteConnProtocol in the shared entry on one of the masters.
3. Restart the directory server instance that owns the entry.

Actual results:
The attributes are deleted from the shared configuration entry in less than a minute after the server starts.

Expected results:
The configuration is not affected by server restart.

Additional info:

Comment 3 Noriko Hosoi 2014-04-11 15:11:39 EDT

Upstream ticket:
https://fedorahosted.org/389/ticket/47779

Comment 4 mreynolds 2014-04-21 13:08:15 EDT

Fixed upstream.

Comment 5 mreynolds 2014-04-21 16:21:11 EDT

Verification steps

[1]  Setup a single instance using "dc=example,dc=com"
[2]  Create "ou=ranges,dc=example,dc=com"
[3]  Add this entry(or something similar)

dn: dnaHostname=localhost.localdomain+dnaPortNum=389,ou=ranges,dc=example,dc=com
objectClass: extensibleObject
objectClass: top
dnaHostname: localhost.localdomain
dnaPortNum: 389
dnaSecurePortNum: 636
dnaRemainingValues: 500
dnaRemoteBindMethod: SIMPLE
dnaRemoteConnProtocol: LDAP


[4] Add this entry to cn=config

dn: cn=DNA Config Entry,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn
 =config
objectClass: top
objectClass: extensibleObject
cn: DNA Config Entry
dnaType: description
dnaInterval: 1
dnaMaxValue: 5000
dnaMagicRegen: 0
dnaThreshold: 100
dnaFilter: (objectclass=groupofuniquenames)
dnaScope: dc=example,dc=com
dnaSharedCfgDN: ou=ranges,dc=example,dc=com
dnaNextValue: 500
dnaRemoteBindDN: uid=replica,cn=config
dnaRemoteBindCred: password

[5] Enable the DNA plugin
[6] Add a group with a "description" attribute set to 0:

dn: cn=group,dc=example,dc=com
objectclass: top
objectclass: groupofuniquenames
cn: group
description: 0

[7] Wait 30 seconds, and check to see if the shared config entry (dnaHostname=localhost.localdomain+dnaPortNum=389,ou=ranges,dc=example,dc=com) still has the these two attributes:

dnaRemoteBindMethod
dnaRemoteConnProtocol

[8]  Restart the server
[9]  Modify the group we just created, and reset the description attribute to 0:

dn: cn=group,dc=example,dc=com
changetype: modify
replace: description
description: 0

[10]  Wait 30 seconds
[11]  Check the shared config entry again, and make sure it still has those two dna remote server settings(like from step 7).

Bug is verified if configuration is still present in the entry.

Comment 6 mreynolds 2014-05-21 11:59:00 EDT

*** Bug 1074444 has been marked as a duplicate of this bug. ***

Comment 8 Viktor Ashirov 2015-01-26 19:48:47 EST

$ rpm -qa | grep 389 
389-ds-base-libs-1.3.3.1-12.el7.x86_64
389-ds-base-debuginfo-1.3.3.1-12.el7.x86_64
389-ds-base-1.3.3.1-12.el7.x86_64

[1]  Setup a single instance using "dc=example,dc=com"
[2]  Create "ou=ranges,dc=example,dc=com"
$ ldapmodify -D "cn=Directory Manager" -w Secret123 << EOF
dn: ou=ranges,dc=example,dc=com
changetype: add
ou: ranges
objectClass: top
objectClass: organizationalunit
EOF
adding new entry "ou=ranges,dc=example,dc=com"

[3]  Add this entry(or something similar)
$ ldapmodify -D "cn=Directory Manager" -w Secret123 << EOF
dn: dnaHostname=rhel7.brq.redhat.com+dnaPortNum=389,ou=ranges,dc=example,dc=com
changetype: add
objectClass: dnaSharedConfig
objectClass: top
dnaHostname: rhel7.brq.redhat.com
dnaPortNum: 389
dnaSecurePortNum: 636
dnaRemainingValues: 500
dnaRemoteBindMethod: SIMPLE
dnaRemoteConnProtocol: LDAP
EOF
adding new entry "dnaHostname=rhel7.brq.redhat.com+dnaPortNum=389,ou=ranges,dc=example,dc=com"

[4] Add this entry to cn=config
$ ldapmodify -D "cn=Directory Manager" -w Secret123 << EOF
dn: cn=DNA Config Entry,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
changetype: add
objectClass: top
objectClass: extensibleObject
cn: DNA Config Entry
dnaType: description
dnaInterval: 1
dnaMaxValue: 5000
dnaMagicRegen: 0
dnaThreshold: 100
dnaFilter: (objectclass=groupofuniquenames)
dnaScope: dc=example,dc=com
dnaSharedCfgDN: ou=ranges,dc=example,dc=com
dnaNextValue: 500
dnaRemoteBindDN: cn=Directory Manager
dnaRemoteBindCred: Secret123
EOF
adding new entry "cn=DNA Config Entry,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config"


[5] Enable the DNA plugin
$ ldapmodify -D "cn=Directory Manager" -w Secret123 << EOF
dn: cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
changetype: modify
replace: nsslapd-pluginEnabled
nsslapd-pluginEnabled: on
EOF
modifying entry "cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config"

[6] Add a group with a "description" attribute set to 0:
ldapmodify -D "cn=Directory Manager" -w Secret123 << EOF
dn: cn=group,dc=example,dc=com
changetype: add
objectclass: top
objectclass: groupofuniquenames
cn: group
description: 0
EOF
adding new entry "cn=group,dc=example,dc=com"


[7] Wait 30 seconds, and check to see if the shared config entry (dnaHostname=localhost.localdomain+dnaPortNum=389,ou=ranges,dc=example,dc=com) still has the these two attributes:

dnaRemoteBindMethod
dnaRemoteConnProtocol

$ ldapsearch -LLL -o ldif-wrap=no -D "cn=Directory Manager" -w Secret123 -b "dnaHostname=rhel7.brq.redhat.com+dnaPortNum=389,ou=ranges,dc=example,dc=com" dnaRemoteBindMethod dnaRemoteConnProtocol
dn: dnaHostname=rhel7.brq.redhat.com+dnaPortNum=389,ou=ranges,dc=example,dc=com
dnaRemoteBindMethod: SIMPLE
dnaRemoteConnProtocol: LDAP


[8]  Restart the server
$ sudo systemctl restart dirsrv.target

[9]  Modify the group we just created, and reset the description attribute to 0:
$ ldapmodify -D "cn=Directory Manager" -w Secret123 << EOF
dn: cn=group,dc=example,dc=com
changetype: modify
replace: description
description: 0
EOF
modifying entry "cn=group,dc=example,dc=com"

[10]  Wait 30 seconds
[11]  Check the shared config entry again, and make sure it still has those two dna remote server settings(like from step 7).
$ ldapsearch -LLL -o ldif-wrap=no -D "cn=Directory Manager" -w Secret123 -b "dnaHostname=rhel7.brq.redhat.com+dnaPortNum=389,ou=ranges,dc=example,dc=com" dnaRemoteBindMethod dnaRemoteConnProtocol
dn: dnaHostname=rhel7.brq.redhat.com+dnaPortNum=389,ou=ranges,dc=example,dc=com
dnaRemoteBindMethod: SIMPLE
dnaRemoteConnProtocol: LDAP


Configuration is still present in the entry. Marking as VERIFIED.

Comment 10 errata-xmlrpc 2015-03-05 04:34:00 EST

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0416.html

Note You need to log in before you can comment on or make changes to this bug.