2063140 – configuring per-suffix referral mode with dsconf does not work

Bug 2063140 - configuring per-suffix referral mode with dsconf does not work

Summary: configuring per-suffix referral mode with dsconf does not work

Keywords:
Status:	CLOSED DUPLICATE of bug 2063033
Alias:	None
Product:	Red Hat Directory Server
Classification:	Red Hat
Component:	389-ds-base
Sub Component:
Version:	12.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	dirsrv-12.2
Assignee:	LDAP Maintainers
QA Contact:	RHDS QE
Docs Contact:	Evgenia Martynyuk
URL:
Whiteboard:
Depends On:	2063033
Blocks:
TreeView+	depends on / blocked

Reported:	2022-03-11 11:05 UTC by sgouvern
Modified:	2023-02-08 16:31 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Known Issue
Doc Text:	.Configuring a referral for a suffix fails in Directory Server If you set a back-end referral in Directory Server, setting the state of the backend using the `dsconf <instance_name> backend suffix set --state referral` command fails with the following error: ---- Error: 103 - 9 - 53 - Server is unwilling to perform - [] - need to set nsslapd-referral before moving to referral state ---- As a consequence, configuring a referral for suffixes fail. To work around the problem: . Set the `nsslapd-referral` parameter manually: + ---- # ldapmodify -D "cn=Directory Manager" -W -H ldap://server.example.com dn: cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config changetype: modify add: nsslapd-referral nsslapd-referral: ldap://remote_server:389/dc=example,dc=com ---- . Set the back-end state: + ---- # dsconf <instance_name> backend suffix set --state referral ---- As a result, with the workaround, you can configure a referral for a suffix.
Clone Of:	2063033
Environment:
Last Closed:	2023-02-08 16:31:08 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description sgouvern 2022-03-11 11:05:14 UTC

+++ This bug was initially created as a clone of Bug #2063033 +++

Description of problem:

After setting a backend referral using "dsconf inst1 backend suffix set --add-referral", 

setting the backend state to referral with "dsconf inst1 backend suffix set --state referral" returns an error  :
Error: 103 - 9 - 53 - Server is unwilling to perform - [] - need to set nsslapd-referral before moving to referral state 

Version-Release number of selected component (if applicable):
RHDS 12.0

How reproducible:
always

Steps to Reproduce:
Run these steps :
1. # dsconf inst1 backend suffix set --add-referral ldap://localhost:2389/dc=example,dc=com 'dc=example,dc=com'
The backend configuration was successfully updated
2. # dsconf inst1 backend suffix set --state referral userroot


Actual results:

Error: 103 - 9 - 53 - Server is unwilling to perform - [] - need to set nsslapd-referral before moving to referral state.

The suffix can't be configured with referral. 

Expected results:

Backend suffix state can be set to referral without error.

Additional info:

A workaround is to set nsslapd-referral in the mapping tree entry before running "dsconf inst1 backend suffix set --state referral" using ldapmodify :

# ldapmodify -D "cn=directory manager" -w secret12 -h localhost -p 1389 
dn: cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
changetype: modify
add: nsslapd-referral
nsslapd-referral: ldap://localhost:2389/dc=example,dc=com

modifying entry "cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config"

# dsconf inst1 backend suffix set --state referral 'dc=example,dc=com'
The backend configuration was successfully updated

Comment 1 sgouvern 2022-03-11 11:23:37 UTC

The target version of this Bz is actually RHDS 11.6, but this target version does not exist yet as of today.
In RHDS 11.5 this Bz should be documented as a known issue, with a workaround.

Comment 4 mreynolds 2023-02-08 16:31:08 UTC


*** This bug has been marked as a duplicate of bug 2063033 ***

Note You need to log in before you can comment on or make changes to this bug.