Bug 1172597 - Server crashes when memberOf plugin is partially configured
Summary: Server crashes when memberOf plugin is partially configured
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: 389-ds-base
Version: 7.1
Hardware: x86_64
OS: Linux
high
high
Target Milestone: rc
: ---
Assignee: mreynolds
QA Contact: Viktor Ashirov
URL:
Whiteboard:
Depends On:
Blocks: 1044205 1168850
TreeView+ depends on / blocked
 
Reported: 2014-12-10 12:54 UTC by Sankar Ramalingam
Modified: 2015-03-05 09:40 UTC (History)
5 users (show)

Fixed In Version: 389-ds-base-1.3.3.1-10.el7
Doc Type: Known Issue
Doc Text:
Cause: Directory server crashes when member of plugin is incorrectly configured with nsslapd-pluginConfigArea. Consequence: Manually edit dse.ldif file to remove the plugin configuration for nsslapd-pluginConfigArea and star the server. Workaround (if any): Configure plugin with required attributes and create necessary supported entries before hand. Result:
Clone Of:
Environment:
Last Closed: 2015-03-05 09:40:04 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:0416 normal SHIPPED_LIVE Important: 389-ds-base security, bug fix, and enhancement update 2015-03-05 14:26:33 UTC

Description Sankar Ramalingam 2014-12-10 12:54:06 UTC
Description of problem: When trying to configure member of plugin for alternate config area, the server crashed. 


Version-Release number of selected component (if applicable): 389-ds-base-1.3.3.1-9


How reproducible: Consistently.


Steps to Reproduce:
1. Install 389-ds-base-1.3.3.x on RHEL7.1
2. Enable member of plugin
[root@mgmt9 MMR_WINSYNC]# ldapmodify -x -p 20018 -h localhost -D "Cn=Directory manager" -w Secret123 << EOF
dn: cn=MemberOf Plugin,cn=plugins,cn=config
changetype: modify
replace: nsslapd-pluginEnabled
nsslapd-pluginEnabled: on
> EOF
modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config"

3. Add nsslapd-pluginconfigArea to memberof plugin 
[root@mgmt9 MMR_WINSYNC]# ldapmodify -x -p 20018 -h localhost -D "Cn=Directory manager" -w Secret123 << EOF
dn: cn=MemberOf Plugin,cn=plugins,cn=config
changetype: modify
add: nsslapd-pluginConfigArea
> nsslapd-pluginConfigArea: ou=groups,dc=newmemof,dc=com
> EOF
modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config"
ldap_modify: Server is unwilling to perform (53)

4. error messages observed as 

[10/Dec/2014:07:36:46 -0500] memberof-plugin - Error 53: The memberOfGroupAttr and memberOfAttr configuration attributes must be provided
[10/Dec/2014:07:36:46 -0500] memberof-plugin - configuration failed (Server is unwilling to perform)
[10/Dec/2014:07:36:46 -0500] - Failed to start betxnpostoperation plugin MemberOf Plugin
[10/Dec/2014:07:47:35 -0500] memberof-plugin - The memberOfGroupAttr and memberOfAttr configuration attributes must be provided[10/Dec/2014:07:47:35 -0500] memberof-plugin - The memberOfGroupAttr and memberOfAttr configuration attributes must be provided[10/Dec/2014:07:47:35 -0500] memberof-plugin - ����[10/Dec/2014:07:47:35 -0500] - cos_cache_change_notify:  failed to get objectclass from 


5. Run ldapsearch to server
ldapsearch -x -p 20018 -h localhost -D "Cn=Directory manager" -w Secret123 -b "" -s base
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)


Actual results: Server crashes for partial configuration.


Expected results: Server should throw error messages in the logs and it should not crash. 


Additional info:
https://bugzilla.redhat.com/show_bug.cgi?id=1044205#c9
https://bugzilla.redhat.com/show_bug.cgi?id=1044205#c11

Comment 1 Sankar Ramalingam 2014-12-10 12:55:41 UTC
Associated upstream ticket - https://fedorahosted.org/389/ticket/47525

Comment 3 Sankar Ramalingam 2014-12-10 13:06:09 UTC
As per https://bugzilla.redhat.com/show_bug.cgi?id=1044205#c12, requesting Mark to move this bug to POST.

Comment 4 mreynolds 2014-12-10 15:01:41 UTC
Fixed upstream

Comment 6 Amita Sharma 2014-12-26 13:14:43 UTC
Your new DS instance 'dhcp201-126' was successfully created.
Exiting . . .
Log file is '/tmp/setupGQHAqJ.log'

[root@dhcp201-126 /]# ldapmodify -D "cn=directory manager" -w Secret123 -p 389 -h localhost << EOF
> dn: cn=MemberOf Plugin,cn=plugins,cn=config
> changetype: modify
> replace: nsslapd-pluginEnabled
> nsslapd-pluginEnabled: on
> EOF
modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config"

[root@dhcp201-126 /]# ldapmodify -D "cn=directory manager" -w Secret123 -p 389 -h localhost << EOF
> dn: cn=MemberOf Plugin,cn=plugins,cn=config
> changetype: modify
> add: nsslapd-pluginConfigArea
> nsslapd-pluginConfigArea: ou=groups,dc=newmemof,dc=com
> EOF
modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config"

[root@dhcp201-126 /]# tail -f /var/log/dirsrv/slapd-dhcp201-126/errors
[26/Dec/2014:18:44:14 +051800] - import userRoot: Creating ancestorid index (new idl)...
[26/Dec/2014:18:44:14 +051800] - import userRoot: Created ancestorid index (new idl).
[26/Dec/2014:18:44:15 +051800] - import userRoot: Flushing caches...
[26/Dec/2014:18:44:15 +051800] - import userRoot: Closing files...
[26/Dec/2014:18:44:15 +051800] - All database threads now stopped
[26/Dec/2014:18:44:15 +051800] - import userRoot: Import complete.  Processed 9 entries in 2 seconds. (4.50 entries/sec)
[26/Dec/2014:18:44:15 +051800] - 389-Directory/1.3.3.1 B2014.351.2355 starting up
[26/Dec/2014:18:44:15 +051800] - Db home directory is not set. Possibly nsslapd-directory (optionally nsslapd-db-home-directory) is missing in the config file.
[26/Dec/2014:18:44:15 +051800] - I'm resizing my cache now...cache was 1560379392 and is now 6400000
[26/Dec/2014:18:44:16 +051800] - slapd started.  Listening on All Interfaces port 389 for LDAP requests


^R
^C
[root@dhcp201-126 /]# ldapsearch -b "" -s base -xLLL passwordRetryCount=* passwordRetryCount
[root@dhcp201-126 /]# ldapsearch -LLL -D "cn=directory manager" -w Secret123 -p 389 -h localhost -b  "cn=config"
dn: cn=config
cn: config
objectClass: top
objectClass: extensibleObject
objectClass: nsslapdConfig
nsslapd-backendconfig: cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=co
 nfig

Hence VERIFIED.

Comment 8 errata-xmlrpc 2015-03-05 09:40:04 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0416.html


Note You need to log in before you can comment on or make changes to this bug.