RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1172597 - Server crashes when memberOf plugin is partially configured
Summary: Server crashes when memberOf plugin is partially configured
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: 389-ds-base
Version: 7.1
Hardware: x86_64
OS: Linux
high
high
Target Milestone: rc
: ---
Assignee: mreynolds
QA Contact: Viktor Ashirov
URL:
Whiteboard:
Depends On:
Blocks: 1044205 1168850
TreeView+ depends on / blocked
 
Reported: 2014-12-10 12:54 UTC by Sankar Ramalingam
Modified: 2015-03-05 09:40 UTC (History)
5 users (show)

Fixed In Version: 389-ds-base-1.3.3.1-10.el7
Doc Type: Known Issue
Doc Text:
Cause: Directory server crashes when member of plugin is incorrectly configured with nsslapd-pluginConfigArea. Consequence: Manually edit dse.ldif file to remove the plugin configuration for nsslapd-pluginConfigArea and star the server. Workaround (if any): Configure plugin with required attributes and create necessary supported entries before hand. Result:
Clone Of:
Environment:
Last Closed: 2015-03-05 09:40:04 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:0416 0 normal SHIPPED_LIVE Important: 389-ds-base security, bug fix, and enhancement update 2015-03-05 14:26:33 UTC

Description Sankar Ramalingam 2014-12-10 12:54:06 UTC 
Description of problem: When trying to configure member of plugin for alternate config area, the server crashed. 


Version-Release number of selected component (if applicable): 389-ds-base-1.3.3.1-9


How reproducible: Consistently.


Steps to Reproduce:
1. Install 389-ds-base-1.3.3.x on RHEL7.1
2. Enable member of plugin
[root@mgmt9 MMR_WINSYNC]# ldapmodify -x -p 20018 -h localhost -D "Cn=Directory manager" -w Secret123 << EOF
dn: cn=MemberOf Plugin,cn=plugins,cn=config
changetype: modify
replace: nsslapd-pluginEnabled
nsslapd-pluginEnabled: on
> EOF
modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config"

3. Add nsslapd-pluginconfigArea to memberof plugin 
[root@mgmt9 MMR_WINSYNC]# ldapmodify -x -p 20018 -h localhost -D "Cn=Directory manager" -w Secret123 << EOF
dn: cn=MemberOf Plugin,cn=plugins,cn=config
changetype: modify
add: nsslapd-pluginConfigArea
> nsslapd-pluginConfigArea: ou=groups,dc=newmemof,dc=com
> EOF
modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config"
ldap_modify: Server is unwilling to perform (53)

4. error messages observed as 

[10/Dec/2014:07:36:46 -0500] memberof-plugin - Error 53: The memberOfGroupAttr and memberOfAttr configuration attributes must be provided
[10/Dec/2014:07:36:46 -0500] memberof-plugin - configuration failed (Server is unwilling to perform)
[10/Dec/2014:07:36:46 -0500] - Failed to start betxnpostoperation plugin MemberOf Plugin
[10/Dec/2014:07:47:35 -0500] memberof-plugin - The memberOfGroupAttr and memberOfAttr configuration attributes must be provided[10/Dec/2014:07:47:35 -0500] memberof-plugin - The memberOfGroupAttr and memberOfAttr configuration attributes must be provided[10/Dec/2014:07:47:35 -0500] memberof-plugin - ����[10/Dec/2014:07:47:35 -0500] - cos_cache_change_notify:  failed to get objectclass from 


5. Run ldapsearch to server
ldapsearch -x -p 20018 -h localhost -D "Cn=Directory manager" -w Secret123 -b "" -s base
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)


Actual results: Server crashes for partial configuration.


Expected results: Server should throw error messages in the logs and it should not crash. 


Additional info:
https://bugzilla.redhat.com/show_bug.cgi?id=1044205#c9
https://bugzilla.redhat.com/show_bug.cgi?id=1044205#c11
Comment 1 Sankar Ramalingam 2014-12-10 12:55:41 UTC 
Associated upstream ticket - https://fedorahosted.org/389/ticket/47525
Comment 3 Sankar Ramalingam 2014-12-10 13:06:09 UTC 
As per https://bugzilla.redhat.com/show_bug.cgi?id=1044205#c12, requesting Mark to move this bug to POST.
Comment 4 mreynolds 2014-12-10 15:01:41 UTC 
Fixed upstream
Comment 6 Amita Sharma 2014-12-26 13:14:43 UTC 
Your new DS instance 'dhcp201-126' was successfully created.
Exiting . . .
Log file is '/tmp/setupGQHAqJ.log'

[root@dhcp201-126 /]# ldapmodify -D "cn=directory manager" -w Secret123 -p 389 -h localhost << EOF
> dn: cn=MemberOf Plugin,cn=plugins,cn=config
> changetype: modify
> replace: nsslapd-pluginEnabled
> nsslapd-pluginEnabled: on
> EOF
modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config"

[root@dhcp201-126 /]# ldapmodify -D "cn=directory manager" -w Secret123 -p 389 -h localhost << EOF
> dn: cn=MemberOf Plugin,cn=plugins,cn=config
> changetype: modify
> add: nsslapd-pluginConfigArea
> nsslapd-pluginConfigArea: ou=groups,dc=newmemof,dc=com
> EOF
modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config"

[root@dhcp201-126 /]# tail -f /var/log/dirsrv/slapd-dhcp201-126/errors
[26/Dec/2014:18:44:14 +051800] - import userRoot: Creating ancestorid index (new idl)...
[26/Dec/2014:18:44:14 +051800] - import userRoot: Created ancestorid index (new idl).
[26/Dec/2014:18:44:15 +051800] - import userRoot: Flushing caches...
[26/Dec/2014:18:44:15 +051800] - import userRoot: Closing files...
[26/Dec/2014:18:44:15 +051800] - All database threads now stopped
[26/Dec/2014:18:44:15 +051800] - import userRoot: Import complete.  Processed 9 entries in 2 seconds. (4.50 entries/sec)
[26/Dec/2014:18:44:15 +051800] - 389-Directory/1.3.3.1 B2014.351.2355 starting up
[26/Dec/2014:18:44:15 +051800] - Db home directory is not set. Possibly nsslapd-directory (optionally nsslapd-db-home-directory) is missing in the config file.
[26/Dec/2014:18:44:15 +051800] - I'm resizing my cache now...cache was 1560379392 and is now 6400000
[26/Dec/2014:18:44:16 +051800] - slapd started.  Listening on All Interfaces port 389 for LDAP requests


^R
^C
[root@dhcp201-126 /]# ldapsearch -b "" -s base -xLLL passwordRetryCount=* passwordRetryCount
[root@dhcp201-126 /]# ldapsearch -LLL -D "cn=directory manager" -w Secret123 -p 389 -h localhost -b  "cn=config"
dn: cn=config
cn: config
objectClass: top
objectClass: extensibleObject
objectClass: nsslapdConfig
nsslapd-backendconfig: cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=co
 nfig

Hence VERIFIED.
Comment 8 errata-xmlrpc 2015-03-05 09:40:04 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0416.html
Note You need to log in before you can comment on or make changes to this bug.