Bug 230498 - allow ds_newinst with ldapi and no serverport
allow ds_newinst with ldapi and no serverport
Status: CLOSED UPSTREAM
Product: 389
Classification: Community
Component: Install/Uninstall (Show other bugs)
1.0.4
All All
medium Severity medium
: ---
: ---
Assigned To: Rich Megginson
Chandrasekar Kannan
:
Depends On:
Blocks: FDS1.1.0
  Show dependency treegraph
 
Reported: 2007-02-28 20:01 EST by Rich Megginson
Modified: 2015-01-04 18:24 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-06-22 09:34:53 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
diffs (11.55 KB, patch)
2007-02-28 21:07 EST, Rich Megginson
no flags Details | Diff
diffs (11.55 KB, patch)
2007-02-28 21:15 EST, Rich Megginson
no flags Details | Diff
new diffs (11.59 KB, patch)
2007-02-28 21:58 EST, Rich Megginson
no flags Details | Diff
cvs commit log (559 bytes, text/plain)
2007-02-28 22:35 EST, Rich Megginson
no flags Details
strace of ds_newinst binary (1.44 KB, text/plain)
2007-02-28 22:58 EST, Andrew Bartlett
no flags Details
Inf file generated by samba4 build system (1.50 KB, text/plain)
2007-03-01 17:03 EST, Andrew Bartlett
no flags Details
new inf file (1.21 KB, text/plain)
2007-03-01 17:08 EST, Rich Megginson
no flags Details

  None (edit)
Description Rich Megginson 2007-02-28 20:01:05 EST
In order to test with ldapi, it is useful to be able to create a new server
instance that only uses ldapi.  So we need to be able to tell the server not to
listen on a tcp port.  We do this by passing a value of 0 to the dse.ldif file
for the non-secure ldap port.  ds_newinst/create_instance.c cannot handle this -
you cannot pass in the ldapi filename, and you must pass in a server port.
Comment 1 Rich Megginson 2007-02-28 21:07:48 EST
Created attachment 148982 [details]
diffs
Comment 2 Rich Megginson 2007-02-28 21:15:26 EST
Created attachment 148983 [details]
diffs
Comment 3 Noriko Hosoi 2007-02-28 21:45:22 EST
Looks good to me.

The C code has ENABLE_LDAPI macro, but the perl frontend does not.
1) If the inf file happens to have ldapifilepath value and the ds_newinst-bin is
built with LDAPI disabled, the attribute-value is just ignored.
2) If the port 0 is given to the LDAPI disabled server, checkport returns the
error and the installation fails.
I'm assuming these observations are correct... :)
Comment 4 Nathan Kinder 2007-02-28 21:50:26 EST
The changes look good, but I have one question.

In ds_newinst.pl.in, the following code section looks like it would allow you to
explicitly specify "ServerPort = 0" in the inf file without specifying a ldapi
filename.  Should we check if ServerPort is set to 0 before setting "$canlisten
= 1"?

+# either servport or ldapifilepath must be specified - the server must
+# listen to something . . .
+my $canlisten = 0;
+if (defined($table{"slapd"}->{"ServerPort"})) {
+    $canlisten = 1;
+    $cgiargs{"servport"} = $table{"slapd"}->{"ServerPort"};
+} else {
+    $cgiargs{"servport"} = "0"; # 0 means do not listen
+}
+if (defined($table{"slapd"}->{"ldapifilepath"})) {
+    $canlisten = 1;
+    $cgiargs{"ldapifilepath"} = $table{"slapd"}->{"ldapifilepath"};
+}
+if (! $canlisten) {
+    usage("Either ServerPort or ldapifilepath must be specified in the slapd
section of $filename");
+}
Comment 5 Rich Megginson 2007-02-28 21:57:01 EST
(In reply to comment #3)
> Looks good to me.
> 
> The C code has ENABLE_LDAPI macro, but the perl frontend does not.
> 1) If the inf file happens to have ldapifilepath value and the ds_newinst-bin is
> built with LDAPI disabled, the attribute-value is just ignored.

Right.  That should make it easier to share .inf files between fedora-ds and
redhat-ds.

> 2) If the port 0 is given to the LDAPI disabled server, checkport returns the
> error and the installation fails.
> I'm assuming these observations are correct... :)

Right.
Comment 6 Rich Megginson 2007-02-28 21:58:08 EST
Created attachment 148985 [details]
new diffs

Diffs to address nkinder's concerns
Comment 7 Nathan Kinder 2007-02-28 22:14:02 EST
Looks good!
Comment 8 Rich Megginson 2007-02-28 22:35:13 EST
Created attachment 148986 [details]
cvs commit log

Reviewed by: nkinder, nhosoi (Thanks!)
Files: see diff
Branch: HEAD
Fix Description: Two new fields have been added to the ds_newinst .inf files:
ldapifilepath - the full path and file name of the server ldapi file
start_server - if present and has a value of 0, this tells ds_newinst not to
start the server - default is 1
The ds_newinst code has been changed to allow an empty or "0" value servport if
an ldapifilepath is given (and ENABLE_LDAPI is defined).  Either a valid server
port or an ldapifilepath must be provided, or both.
In addition, I changed ds_newinst.pl to accept a .inf file given on stdin.
Platforms tested: RHEL4, FC6
Flag Day: no
Doc impact: We will have to document ldapi support on the wiki.
Comment 9 Andrew Bartlett 2007-02-28 22:57:37 EST
Using only ldapi:// doesn't seem to work.  The ds_newinst binary is stuck trying
to talk to localhost:389

Comment 10 Andrew Bartlett 2007-02-28 22:58:39 EST
Created attachment 148987 [details]
strace of ds_newinst binary
Comment 11 Rich Megginson 2007-03-01 11:45:55 EST
It looks like you are specifying ServerPort= 389 in your .inf file.  ds_newinst
will attempt to verify that the port is free by trying to connect to it.  Do you
need to specify a port number?  If I use an .inf file like this:[General]
FullMachineName=   localhost.localdomain
SuiteSpotUserID=   nobody
ServerRoot=    /usr/lib64/fedora-ds
[slapd]
#ServerPort=   1100
start_server= 0
ldapifilepath= /var/run/ldapi
ServerIdentifier=   localhost
Suffix=   dc=example,dc=com
RootDN=   cn=Directory Manager
RootDNPwd=  Secret123

It works just fine, and I don't see any connect() calls in strace (except for
other system daemons).
Comment 12 Andrew Bartlett 2007-03-01 17:03:24 EST
Created attachment 149056 [details]
Inf file generated by samba4 build system

This is what I'm currently using
Comment 13 Rich Megginson 2007-03-01 17:08:25 EST
Created attachment 149057 [details]
new inf file

The Config* and AdminDomain settings are not needed for fedora-ds-base - those
are admin server/console specific things.  In fact, not only do they not accept
ldapi LDAP URLs, they also cause the server to try to start even if
start_server=0.  ServerPort does not need to be specified if not using it.

Note You need to log in before you can comment on or make changes to this bug.