Bug 2063033 - configuring per-suffix referral mode with dsconf does not work
Summary: configuring per-suffix referral mode with dsconf does not work
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Directory Server
Classification: Red Hat
Component: cockpit-389-ds
Version: 12.1
Hardware: Unspecified
OS: Unspecified
high
medium
Target Milestone: ---
: dirsrv-12.3
Assignee: LDAP Maintainers
QA Contact: LDAP QA Team
Evgenia Martynyuk
URL:
Whiteboard:
: 2063140 (view as bug list)
Depends On:
Blocks: 2063140
TreeView+ depends on / blocked
 
Reported: 2022-03-11 07:48 UTC by sgouvern
Modified: 2024-01-10 16:32 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Known Issue
Doc Text:
.Configuring a referral for a suffix fails in Directory Server If you set a back-end referral in Directory Server, setting the state of the backend using the `dsconf <instance_name> backend suffix set --state referral` command fails with the following error: ---- Error: 103 - 9 - 53 - Server is unwilling to perform - [] - need to set nsslapd-referral before moving to referral state ---- As a consequence, configuring a referral for suffixes fail. To work around the problem: . Set the `nsslapd-referral` parameter manually: + ---- # ldapmodify -D "cn=Directory Manager" -W -H ldap://server.example.com dn: cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config changetype: modify add: nsslapd-referral nsslapd-referral: ldap://remote_server:389/dc=example,dc=com ---- . Set the back-end state: + ---- # dsconf <instance_name> backend suffix set --state referral ---- As a result, with the workaround, you can configure a referral for a suffix.
Clone Of:
: 2063140 (view as bug list)
Environment:
Last Closed: 2024-01-10 16:32:32 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github 389ds 389-ds-base issues 5701 0 None closed Referral mode is not working 2023-10-27 02:31:34 UTC

Description sgouvern 2022-03-11 07:48:02 UTC 
Description of problem:

After setting a backend referral using "dsconf inst1 backend suffix set --add-referral", 

setting the backend state to referral with "dsconf inst1 backend suffix set --state referral" returns an error  :
Error: 103 - 9 - 53 - Server is unwilling to perform - [] - need to set nsslapd-referral before moving to referral state 

Version-Release number of selected component (if applicable):
RHDS 12.0

How reproducible:
always

Steps to Reproduce:
Run these steps :
1. # dsconf inst1 backend suffix set --add-referral ldap://localhost:2389/dc=example,dc=com 'dc=example,dc=com'
The backend configuration was successfully updated
2. # dsconf inst1 backend suffix set --state referral userroot


Actual results:

Error: 103 - 9 - 53 - Server is unwilling to perform - [] - need to set nsslapd-referral before moving to referral state.

The suffix can't be configured with referral. 

Expected results:

Backend suffix state can be set to referral without error.

Additional info:

A workaround is to set nsslapd-referral in the mapping tree entry before running "dsconf inst1 backend suffix set --state referral" using ldapmodify :

# ldapmodify -D "cn=directory manager" -w secret12 -h localhost -p 1389 
dn: cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
changetype: modify
add: nsslapd-referral
nsslapd-referral: ldap://localhost:2389/dc=example,dc=com

modifying entry "cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config"

# dsconf inst1 backend suffix set --state referral 'dc=example,dc=com'
The backend configuration was successfully updated
Comment 1 mreynolds 2022-09-14 15:14:09 UTC 
Also noticed:

[root@fedora mareynol]# dsconf localhost backend suffix set --state referral userroot
Error: 'BackendSuffixView' object has no attribute 'set_state'
Comment 2 mreynolds 2023-02-08 16:31:08 UTC 
*** Bug 2063140 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.