Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 887855 - RootDN Access Control plugin is missing after upgrade from RHEL63 to RHEL64
RootDN Access Control plugin is missing after upgrade from RHEL63 to RHEL64
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: 389-ds-base (Show other bugs)
6.4
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Rich Megginson
Sankar Ramalingam
:
Depends On:
Blocks: 895654
  Show dependency treegraph
 
Reported: 2012-12-17 08:34 EST by Ján Rusnačko
Modified: 2013-02-21 03:21 EST (History)
6 users (show)

See Also:
Fixed In Version: 389-ds-base-1.2.11.15-8.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-02-21 03:21:47 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:0503 normal SHIPPED_LIVE Moderate: 389-ds-base security, bug fix, and enhancement update 2013-02-21 03:18:44 EST

  None (edit)
Description Ján Rusnačko 2012-12-17 08:34:49 EST 
Description of problem:
To limit bind of Directory Manager (account specified under nsslapd-rootdn), new plugin cn=RootDN Access Control,cn=plugins,cn=config was introduced. This plugin is missing in directory server after upgrade from RHEL63, but is present in fresh install.

Version-Release number of selected component (if applicable):
RHEL64 with 389-ds-base-1.2.11.15-7.el6

Steps to Reproduce:
1. Install 389-ds-base-1.2.10.2-20.el6_3 on RHEL63
2. Upgrade to RHEL64 and 389-ds-base-1.2.11.15-7.el6
3. [jrusnack@dstet slapd-dstet]$ ldapsearch -D "cn=directory manager" -w Secret123 -h localhost -p 22222 -b "cn=RootDN Access Control,cn=plugins,cn=config"
# extended LDIF
#
# LDAPv3
# base <cn=RootDN Access Control,cn=plugins,cn=config> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 0 Success

[jrusnack@dstet slapd-dstet]$ rpm -qa | grep 389-ds-base
389-ds-base-libs-1.2.11.15-7.el6.i686

  
Actual results:
RootDN Access Control plugin is missing. 

Additional info:
https://fedorahosted.org/389/ticket/110
Comment 4 Nathan Kinder 2012-12-18 12:30:27 EST 
Upstream ticket:
https://fedorahosted.org/389/ticket/541
Comment 5 mreynolds 2012-12-18 16:11:35 EST 
For 6.4:

commit d324d6782f74b7e28f7a457428fe43c77b39944c
Author: Mark Reynolds <​mreynolds@redhat.com>
Date: Tue Dec 18 16:04:01 2012 -0500

    Ticket 541 - need to set plugin as off in ldif template

commit 9a7fa90eed49f47aa0bc64c496815fececb437f2
Author: Mark Reynolds <​mreynolds@redhat.com>
Date: Tue Dec 18 15:58:32 2012 -0500

    Ticket 541 - RootDN Access Control plugin is missing after upgrade
Comment 7 Ján Rusnačko 2012-12-19 05:15:22 EST 
Now after upgrade:

[jrusnack@dstet ~]$ ldapsearch -D "cn=directory manager " -w Secret123 -h localhost -p 22222 -LLL -b "cn=RootDN Access Control,cn=plugins,cn=config"
dn: cn=RootDN Access Control,cn=plugins,cn=config
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
cn: RootDN Access Control
nsslapd-pluginPath: librootdn-access-plugin.so
nsslapd-pluginInitfunc: rootdn_init
nsslapd-pluginType: internalpreoperation
nsslapd-pluginEnabled: off
nsslapd-plugin-depends-on-type: database
nsslapd-pluginId: none
nsslapd-pluginVersion: none
nsslapd-pluginVendor: none
nsslapd-pluginDescription: none

[jrusnack@dstet ~]$ rpm -qa | grep 389-ds-base
389-ds-base-1.2.11.15-8.el6.i686
389-ds-base-libs-1.2.11.15-8.el6.i686

Verified.
Comment 8 errata-xmlrpc 2013-02-21 03:21:47 EST 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0503.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.