Bug 994690 - [RFE] Allow dynamically adding/enabling/disabling/removing plugins without requiring a server restart
Summary: [RFE] Allow dynamically adding/enabling/disabling/removing plugins without re...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: 389-ds-base
Version: 7.0
Hardware: All
OS: Linux
medium
high
Target Milestone: rc
: 7.1
Assignee: mreynolds
QA Contact: Viktor Ashirov
URL:
Whiteboard:
Depends On: 1162997 1166252
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-08-07 19:08 UTC by Sankar Ramalingam
Modified: 2015-03-05 09:31 UTC (History)
5 users (show)

Fixed In Version: 389-ds-base-1.3.3.1-10.el7
Doc Type: Enhancement
Doc Text:
Feature: Allow plugins to be stopped/started/configured without requiring a server restart for it to take effect. Reason: The server can be configured without having to stop the server, and disrupt a live production environment. Result (if any):
Clone Of:
Environment:
Last Closed: 2015-03-05 09:31:02 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:0416 normal SHIPPED_LIVE Important: 389-ds-base security, bug fix, and enhancement update 2015-03-05 14:26:33 UTC

Description Sankar Ramalingam 2013-08-07 19:08:58 UTC
Description of problem: Directory server should support dynamic configuration changes for the plugins. Currently, it requires a server restart for plugin configuration changes. 


Version-Release number of selected component (if applicable): 389-ds-base-1.2.11.15-20


How reproducible: Consistently.


Steps to Reproduce:

# Add container for automembers plugin
ldapmodify -h $IP -p $PORT -D "cn=directory manager" -w Secret123 -a <<EOF
dn: $PLUGIN_ROOT
objectClass: top
objectClass: nscontainer
EOF


# Configure nsslapd-pluginConfigArea
ldapmodify -h $IP -p $PORT -D "cn=directory manager" -w Secret123 -a <<EOF
dn: $PLUGIN_AUTO
changetype: modify
add: nsslapd-pluginConfigArea
nsslapd-pluginConfigArea: $ROOT
-
replace: nsslapd-pluginEnabled
nsslapd-pluginEnabled: on
EOF


# Add rules that conlict with pluginConfigArea
ldapmodify -h $IP -p $PORT -D "cn=directory manager" -w Secret123 -a <<EOF
dn: cn=replsubGroups,$PLUGIN_ROOT
objectclass: autoMemberDefinition
autoMemberScope: cn=Employees,$ROOT
autoMemberFilter: objectclass=posixAccount
autoMemberDefaultGroup: cn=SubDef1,$ROOT
autoMemberDefaultGroup: cn=SubDef2,$ROOT
autoMemberDefaultGroup: cn=SubDef3,$ROOT
autoMemberDefaultGroup: cn=SubDef4,$ROOT
autoMemberDefaultGroup: cn=SubDef5,$ROOT
autoMemberGroupingAttr: member: dn

dn: cn=Managers,cn=replsubGroups,$PLUGIN_ROOT
objectclass: autoMemberRegexRule
description: Group placement for Managers
cn: Managers
autoMemberTargetGroup: cn=Managers,cn=replsubGroups,$ROOT
autoMemberInclusiveRegex: uidNumber=^5..5$
autoMemberInclusiveRegex: gidNumber=^[1-4]..3$
autoMemberInclusiveRegex: nsAdminGroupName=^Manager$|^Supervisor$
autoMemberExclusiveRegex: uidNumber=^999$
autoMemberExclusiveRegex: gidNumber=^[6-8].0$
autoMemberExclusiveRegex: nsAdminGroupName=^Junior$

dn:cn=Contractors,cn=replsubGroups,$PLUGIN_ROOT
objectclass: autoMemberRegexRule
description: Group placement for Contractors
cn:  Contractors
autoMemberTargetGroup: cn=Contractors,cn=replsubGroups,$ROOT
autoMemberInclusiveRegex: uidNumber=^8..5$
autoMemberInclusiveRegex: gidNumber=^[5-9]..3$
autoMemberInclusiveRegex: nsAdminGroupName=^Contract|^Temporary$
autoMemberExclusiveRegex: uidNumber=^[1,3,8]99$
autoMemberExclusiveRegex: gidNumber=^[2-4]00$
autoMemberExclusiveRegex: nsAdminGroupName=^Employee$
EOF


Actual results: Automembership plugin accepts invalid configuration. It requires a server restart to reject the configuration.


Expected results: Plugin should reject the invalid configuration dynamically.


Additional info: 
Associated upstream ticket - https://fedorahosted.org/389/ticket/47451

Comment 2 Nathan Kinder 2013-08-07 19:23:28 UTC
Upstream ticket:
https://fedorahosted.org/389/ticket/47451

Comment 6 Amita Sharma 2014-11-18 06:43:44 UTC
Test Plan created :: 
https://tcms.engineering.redhat.com/plan/15540/add-enable-disable-remove-plugins-without-server-restart

Few plugins tested :: DNA, memberof, automember.

One new crash bug reported during testing of this bug :: https://bugzilla.redhat.com/show_bug.cgi?id=1162997 

Marking this bug as VERIFIED, new bugs will be opened at later stage when detailed testing will be performed.

Comment 7 Jiri Herrmann 2014-12-12 15:32:01 UTC
If this Feature should be included in the 7.1 Release Notes, could you please change the Doc Type from Enhancement to "Release Note"?

Note that the Release Notes are intended to list the most prominent and customer-relevant new features rather than every single enhancement.

Cheers,
Jirka

Comment 8 mreynolds 2014-12-16 20:30:03 UTC
Fixed upstream

Comment 11 errata-xmlrpc 2015-03-05 09:31:02 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0416.html


Note You need to log in before you can comment on or make changes to this bug.