Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 994690

Summary: [RFE] Allow dynamically adding/enabling/disabling/removing plugins without requiring a server restart
Product: Red Hat Enterprise Linux 7 Reporter: Sankar Ramalingam <sramling>
Component: 389-ds-baseAssignee: mreynolds
Status: CLOSED ERRATA QA Contact: Viktor Ashirov <vashirov>
Severity: high Docs Contact:
Priority: medium    
Version: 7.0CC: amsharma, mreynolds, nhosoi, nkinder, rmeggins
Target Milestone: rcKeywords: FutureFeature
Target Release: 7.1   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 389-ds-base-1.3.3.1-10.el7 Doc Type: Enhancement
Doc Text:
Feature: Allow plugins to be stopped/started/configured without requiring a server restart for it to take effect. Reason: The server can be configured without having to stop the server, and disrupt a live production environment. Result (if any):
 Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-05 09:31:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1162997, 1166252    
Bug Blocks:    

Description Sankar Ramalingam 2013-08-07 19:08:58 UTC 
Description of problem: Directory server should support dynamic configuration changes for the plugins. Currently, it requires a server restart for plugin configuration changes. 


Version-Release number of selected component (if applicable): 389-ds-base-1.2.11.15-20


How reproducible: Consistently.


Steps to Reproduce:

# Add container for automembers plugin
ldapmodify -h $IP -p $PORT -D "cn=directory manager" -w Secret123 -a <<EOF
dn: $PLUGIN_ROOT
objectClass: top
objectClass: nscontainer
EOF


# Configure nsslapd-pluginConfigArea
ldapmodify -h $IP -p $PORT -D "cn=directory manager" -w Secret123 -a <<EOF
dn: $PLUGIN_AUTO
changetype: modify
add: nsslapd-pluginConfigArea
nsslapd-pluginConfigArea: $ROOT
-
replace: nsslapd-pluginEnabled
nsslapd-pluginEnabled: on
EOF


# Add rules that conlict with pluginConfigArea
ldapmodify -h $IP -p $PORT -D "cn=directory manager" -w Secret123 -a <<EOF
dn: cn=replsubGroups,$PLUGIN_ROOT
objectclass: autoMemberDefinition
autoMemberScope: cn=Employees,$ROOT
autoMemberFilter: objectclass=posixAccount
autoMemberDefaultGroup: cn=SubDef1,$ROOT
autoMemberDefaultGroup: cn=SubDef2,$ROOT
autoMemberDefaultGroup: cn=SubDef3,$ROOT
autoMemberDefaultGroup: cn=SubDef4,$ROOT
autoMemberDefaultGroup: cn=SubDef5,$ROOT
autoMemberGroupingAttr: member: dn

dn: cn=Managers,cn=replsubGroups,$PLUGIN_ROOT
objectclass: autoMemberRegexRule
description: Group placement for Managers
cn: Managers
autoMemberTargetGroup: cn=Managers,cn=replsubGroups,$ROOT
autoMemberInclusiveRegex: uidNumber=^5..5$
autoMemberInclusiveRegex: gidNumber=^[1-4]..3$
autoMemberInclusiveRegex: nsAdminGroupName=^Manager$|^Supervisor$
autoMemberExclusiveRegex: uidNumber=^999$
autoMemberExclusiveRegex: gidNumber=^[6-8].0$
autoMemberExclusiveRegex: nsAdminGroupName=^Junior$

dn:cn=Contractors,cn=replsubGroups,$PLUGIN_ROOT
objectclass: autoMemberRegexRule
description: Group placement for Contractors
cn:  Contractors
autoMemberTargetGroup: cn=Contractors,cn=replsubGroups,$ROOT
autoMemberInclusiveRegex: uidNumber=^8..5$
autoMemberInclusiveRegex: gidNumber=^[5-9]..3$
autoMemberInclusiveRegex: nsAdminGroupName=^Contract|^Temporary$
autoMemberExclusiveRegex: uidNumber=^[1,3,8]99$
autoMemberExclusiveRegex: gidNumber=^[2-4]00$
autoMemberExclusiveRegex: nsAdminGroupName=^Employee$
EOF


Actual results: Automembership plugin accepts invalid configuration. It requires a server restart to reject the configuration.


Expected results: Plugin should reject the invalid configuration dynamically.


Additional info: 
Associated upstream ticket - https://fedorahosted.org/389/ticket/47451
Comment 2 Nathan Kinder 2013-08-07 19:23:28 UTC 
Upstream ticket:
https://fedorahosted.org/389/ticket/47451
Comment 6 Amita Sharma 2014-11-18 06:43:44 UTC 
Test Plan created :: 
https://tcms.engineering.redhat.com/plan/15540/add-enable-disable-remove-plugins-without-server-restart

Few plugins tested :: DNA, memberof, automember.

One new crash bug reported during testing of this bug :: https://bugzilla.redhat.com/show_bug.cgi?id=1162997 

Marking this bug as VERIFIED, new bugs will be opened at later stage when detailed testing will be performed.
Comment 7 Jiri Herrmann 2014-12-12 15:32:01 UTC 
If this Feature should be included in the 7.1 Release Notes, could you please change the Doc Type from Enhancement to "Release Note"?

Note that the Release Notes are intended to list the most prominent and customer-relevant new features rather than every single enhancement.

Cheers,
Jirka
Comment 8 mreynolds 2014-12-16 20:30:03 UTC 
Fixed upstream
Comment 11 errata-xmlrpc 2015-03-05 09:31:02 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0416.html