Bug 830206 - the module needs to ensure it's built against 389-ds-base 1.2.10 or later to have transaction support enabled
the module needs to ensure it's built against 389-ds-base 1.2.10 or later to ...
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: slapi-nis (Show other bugs)
6.2
Unspecified Unspecified
urgent Severity urgent
: rc
: ---
Assigned To: Nalin Dahyabhai
IDM QE LIST
: ZStream
Depends On: 829502
Blocks:
  Show dependency treegraph
 
Reported: 2012-06-08 10:35 EDT by RHEL Product and Program Management
Modified: 2012-06-14 16:54 EDT (History)
8 users (show)

See Also:
Fixed In Version: slapi-nis-0.40-1.el6_3.1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-06-13 14:55:56 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description RHEL Product and Program Management 2012-06-08 10:35:34 EDT
This bug has been copied from bug #829502 and has been proposed
to be backported to 6.3 z-stream (EUS).
Comment 6 Jenny Galipeau 2012-06-13 09:16:15 EDT
The test variable is whether or not the server supports transactions. If we test the old version of the package (the 6.2 version: 0.26) with the new version of the directory server (the 6.3 version: 1.2.10 or later), we should see the server deadlock if we modify an entry for which computing the contents of the corresponding synthetic entry requires that we read information from other entries in the directory. 

In that scenario (say, we modify a group entry, where the compat entry is configured so that it will provide the "uid" values of its members as if they were its own "memberUid" values, so the plugin has to go look at member entries), we should expect a deadlock. 

If we replace the version of the plugin with one which has transaction support (this update -- note that the original 6.3 update had support for it in the source, but we didn't compile it in properly), that same operation should succeed without a deadlock.
Comment 7 Jenny Galipeau 2012-06-13 12:57:18 EDT
reproduced with ::

ipa-server-2.2.0-16.el6.i686
slapi-nis-0.40-1.el6.i686
389-ds-base-1.2.10.2-15.el6.i686

command hung and directory server unresponsive and would not start on machine reboot


verification attempt with ::

ipa-server-2.2.0-16.el6.i686
389-ds-base-1.2.10.2-17.el6_3.i686
slapi-nis-0.40-1.el6_3.1.i686


# ldapmodify -x -D "cn=Directory Manager" -w Secret123 -f /tmp/modifycfg.ldif 
modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config"
# service dirsrv restart
Shutting down dirsrv: 
    PKI-IPA...                                             [  OK  ]
    TESTRELM-COM...                                        [  OK  ]
Starting dirsrv: 
    PKI-IPA...                                             [  OK  ]
    TESTRELM-COM...                                        [  OK  ]

# ldapsearch -x -D "cn=Directory Manager" -w Secret123 -b "cn=config" | grep "schema-compat-entry-attribute: memberUid="
schema-compat-entry-attribute: memberUid=%{memberUid}
schema-compat-entry-attribute: memberUid=%deref_r("member","uid")


# ldapsearch -x -D "cn=Directory Manager" -w Secret123 -b "cn=config" | grep "schema-compat-entry-attribute: memberUid="
schema-compat-entry-attribute: memberUid=%{memberUid}
schema-compat-entry-attribute: memberUid=%deref_r("member","uid")

# ipa user-add --first=compat1 --last=compat1 compat1


command still hangs and directory server is unresponsive

ldapsearch unsuccessful - hangs

and 

/var/log/messages

<snip>
Jun 13 12:41:02 dhcp-187-175 named[31176]: LDAP query timed out. Try to adjust "timeout" parameter
Jun 13 12:41:32 dhcp-187-175 named[31176]: LDAP query timed out. Try to adjust "timeout" parameter
Jun 13 12:42:02 dhcp-187-175 named[31176]: LDAP query timed out. Try to adjust "timeout" parameter
Jun 13 12:42:32 dhcp-187-175 named[31176]: LDAP query timed out. Try to adjust "timeout" parameter
Jun 13 12:43:02 dhcp-187-175 named[31176]: LDAP query timed out. Try to adjust "timeout" parameter
Jun 13 12:43:32 dhcp-187-175 named[31176]: LDAP query timed out. Try to adjust "timeout" parameter
Jun 13 12:44:02 dhcp-187-175 named[31176]: LDAP query timed out. Try to adjust "timeout" parameter
Jun 13 12:44:32 dhcp-187-175 named[31176]: LDAP query timed out. Try to adjust "timeout" parameter
Jun 13 12:45:02 dhcp-187-175 named[31176]: LDAP query timed out. Try to adjust "timeout" parameter

</snip>
Comment 8 Nalin Dahyabhai 2012-06-13 14:03:04 EDT
Here's what the current failure looks like:

thread 29:
  add
  our-postop-add
  our wrlock succeeds
  search
  back-search (database lock blocks)
thread 30:
  modify
  back-modify (database lock succeeds)
  memberof-postop-modify
  modify
  our-internal-postop-modify
  our wrlock blocks
Comment 9 Jenny Galipeau 2012-06-13 14:55:56 EDT
Transactions will not be supported with 389-ds-base and IPA in RHEL 6.3 and there for the need to build slapi-nis with transaction support is not necessary.  Closing this bug WONTFIX for 6.3 and leaving the 6.4 bug open for the support.

Note You need to log in before you can comment on or make changes to this bug.