Red Hat Bugzilla – Bug 1172597
Server crashes when memberOf plugin is partially configured
Last modified: 2015-03-05 04:40:04 EST
Description of problem: When trying to configure member of plugin for alternate config area, the server crashed. Version-Release number of selected component (if applicable): 389-ds-base-1.3.3.1-9 How reproducible: Consistently. Steps to Reproduce: 1. Install 389-ds-base-1.3.3.x on RHEL7.1 2. Enable member of plugin [root@mgmt9 MMR_WINSYNC]# ldapmodify -x -p 20018 -h localhost -D "Cn=Directory manager" -w Secret123 << EOF dn: cn=MemberOf Plugin,cn=plugins,cn=config changetype: modify replace: nsslapd-pluginEnabled nsslapd-pluginEnabled: on > EOF modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config" 3. Add nsslapd-pluginconfigArea to memberof plugin [root@mgmt9 MMR_WINSYNC]# ldapmodify -x -p 20018 -h localhost -D "Cn=Directory manager" -w Secret123 << EOF dn: cn=MemberOf Plugin,cn=plugins,cn=config changetype: modify add: nsslapd-pluginConfigArea > nsslapd-pluginConfigArea: ou=groups,dc=newmemof,dc=com > EOF modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config" ldap_modify: Server is unwilling to perform (53) 4. error messages observed as [10/Dec/2014:07:36:46 -0500] memberof-plugin - Error 53: The memberOfGroupAttr and memberOfAttr configuration attributes must be provided [10/Dec/2014:07:36:46 -0500] memberof-plugin - configuration failed (Server is unwilling to perform) [10/Dec/2014:07:36:46 -0500] - Failed to start betxnpostoperation plugin MemberOf Plugin [10/Dec/2014:07:47:35 -0500] memberof-plugin - The memberOfGroupAttr and memberOfAttr configuration attributes must be provided[10/Dec/2014:07:47:35 -0500] memberof-plugin - The memberOfGroupAttr and memberOfAttr configuration attributes must be provided[10/Dec/2014:07:47:35 -0500] memberof-plugin - ����[10/Dec/2014:07:47:35 -0500] - cos_cache_change_notify: failed to get objectclass from 5. Run ldapsearch to server ldapsearch -x -p 20018 -h localhost -D "Cn=Directory manager" -w Secret123 -b "" -s base ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) Actual results: Server crashes for partial configuration. Expected results: Server should throw error messages in the logs and it should not crash. Additional info: https://bugzilla.redhat.com/show_bug.cgi?id=1044205#c9 https://bugzilla.redhat.com/show_bug.cgi?id=1044205#c11
Associated upstream ticket - https://fedorahosted.org/389/ticket/47525
As per https://bugzilla.redhat.com/show_bug.cgi?id=1044205#c12, requesting Mark to move this bug to POST.
Fixed upstream
Your new DS instance 'dhcp201-126' was successfully created. Exiting . . . Log file is '/tmp/setupGQHAqJ.log' [root@dhcp201-126 /]# ldapmodify -D "cn=directory manager" -w Secret123 -p 389 -h localhost << EOF > dn: cn=MemberOf Plugin,cn=plugins,cn=config > changetype: modify > replace: nsslapd-pluginEnabled > nsslapd-pluginEnabled: on > EOF modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config" [root@dhcp201-126 /]# ldapmodify -D "cn=directory manager" -w Secret123 -p 389 -h localhost << EOF > dn: cn=MemberOf Plugin,cn=plugins,cn=config > changetype: modify > add: nsslapd-pluginConfigArea > nsslapd-pluginConfigArea: ou=groups,dc=newmemof,dc=com > EOF modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config" [root@dhcp201-126 /]# tail -f /var/log/dirsrv/slapd-dhcp201-126/errors [26/Dec/2014:18:44:14 +051800] - import userRoot: Creating ancestorid index (new idl)... [26/Dec/2014:18:44:14 +051800] - import userRoot: Created ancestorid index (new idl). [26/Dec/2014:18:44:15 +051800] - import userRoot: Flushing caches... [26/Dec/2014:18:44:15 +051800] - import userRoot: Closing files... [26/Dec/2014:18:44:15 +051800] - All database threads now stopped [26/Dec/2014:18:44:15 +051800] - import userRoot: Import complete. Processed 9 entries in 2 seconds. (4.50 entries/sec) [26/Dec/2014:18:44:15 +051800] - 389-Directory/1.3.3.1 B2014.351.2355 starting up [26/Dec/2014:18:44:15 +051800] - Db home directory is not set. Possibly nsslapd-directory (optionally nsslapd-db-home-directory) is missing in the config file. [26/Dec/2014:18:44:15 +051800] - I'm resizing my cache now...cache was 1560379392 and is now 6400000 [26/Dec/2014:18:44:16 +051800] - slapd started. Listening on All Interfaces port 389 for LDAP requests ^R ^C [root@dhcp201-126 /]# ldapsearch -b "" -s base -xLLL passwordRetryCount=* passwordRetryCount [root@dhcp201-126 /]# ldapsearch -LLL -D "cn=directory manager" -w Secret123 -p 389 -h localhost -b "cn=config" dn: cn=config cn: config objectClass: top objectClass: extensibleObject objectClass: nsslapdConfig nsslapd-backendconfig: cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=co nfig Hence VERIFIED.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-0416.html