Bug 994690 - [RFE] Allow dynamically adding/enabling/disabling/removing plugins without requiring a server restart
[RFE] Allow dynamically adding/enabling/disabling/removing plugins without re...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: 389-ds-base (Show other bugs)
7.0
All Linux
medium Severity high
: rc
: 7.1
Assigned To: mreynolds
Viktor Ashirov
: FutureFeature
Depends On: 1162997 1166252
Blocks:
  Show dependency treegraph
 
Reported: 2013-08-07 15:08 EDT by Sankar Ramalingam
Modified: 2015-03-05 04:31 EST (History)
5 users (show)

See Also:
Fixed In Version: 389-ds-base-1.3.3.1-10.el7
Doc Type: Enhancement
Doc Text:
Feature: Allow plugins to be stopped/started/configured without requiring a server restart for it to take effect. Reason: The server can be configured without having to stop the server, and disrupt a live production environment. Result (if any):
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-03-05 04:31:02 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Sankar Ramalingam 2013-08-07 15:08:58 EDT
Description of problem: Directory server should support dynamic configuration changes for the plugins. Currently, it requires a server restart for plugin configuration changes. 


Version-Release number of selected component (if applicable): 389-ds-base-1.2.11.15-20


How reproducible: Consistently.


Steps to Reproduce:

# Add container for automembers plugin
ldapmodify -h $IP -p $PORT -D "cn=directory manager" -w Secret123 -a <<EOF
dn: $PLUGIN_ROOT
objectClass: top
objectClass: nscontainer
EOF


# Configure nsslapd-pluginConfigArea
ldapmodify -h $IP -p $PORT -D "cn=directory manager" -w Secret123 -a <<EOF
dn: $PLUGIN_AUTO
changetype: modify
add: nsslapd-pluginConfigArea
nsslapd-pluginConfigArea: $ROOT
-
replace: nsslapd-pluginEnabled
nsslapd-pluginEnabled: on
EOF


# Add rules that conlict with pluginConfigArea
ldapmodify -h $IP -p $PORT -D "cn=directory manager" -w Secret123 -a <<EOF
dn: cn=replsubGroups,$PLUGIN_ROOT
objectclass: autoMemberDefinition
autoMemberScope: cn=Employees,$ROOT
autoMemberFilter: objectclass=posixAccount
autoMemberDefaultGroup: cn=SubDef1,$ROOT
autoMemberDefaultGroup: cn=SubDef2,$ROOT
autoMemberDefaultGroup: cn=SubDef3,$ROOT
autoMemberDefaultGroup: cn=SubDef4,$ROOT
autoMemberDefaultGroup: cn=SubDef5,$ROOT
autoMemberGroupingAttr: member: dn

dn: cn=Managers,cn=replsubGroups,$PLUGIN_ROOT
objectclass: autoMemberRegexRule
description: Group placement for Managers
cn: Managers
autoMemberTargetGroup: cn=Managers,cn=replsubGroups,$ROOT
autoMemberInclusiveRegex: uidNumber=^5..5$
autoMemberInclusiveRegex: gidNumber=^[1-4]..3$
autoMemberInclusiveRegex: nsAdminGroupName=^Manager$|^Supervisor$
autoMemberExclusiveRegex: uidNumber=^999$
autoMemberExclusiveRegex: gidNumber=^[6-8].0$
autoMemberExclusiveRegex: nsAdminGroupName=^Junior$

dn:cn=Contractors,cn=replsubGroups,$PLUGIN_ROOT
objectclass: autoMemberRegexRule
description: Group placement for Contractors
cn:  Contractors
autoMemberTargetGroup: cn=Contractors,cn=replsubGroups,$ROOT
autoMemberInclusiveRegex: uidNumber=^8..5$
autoMemberInclusiveRegex: gidNumber=^[5-9]..3$
autoMemberInclusiveRegex: nsAdminGroupName=^Contract|^Temporary$
autoMemberExclusiveRegex: uidNumber=^[1,3,8]99$
autoMemberExclusiveRegex: gidNumber=^[2-4]00$
autoMemberExclusiveRegex: nsAdminGroupName=^Employee$
EOF


Actual results: Automembership plugin accepts invalid configuration. It requires a server restart to reject the configuration.


Expected results: Plugin should reject the invalid configuration dynamically.


Additional info: 
Associated upstream ticket - https://fedorahosted.org/389/ticket/47451
Comment 2 Nathan Kinder 2013-08-07 15:23:28 EDT
Upstream ticket:
https://fedorahosted.org/389/ticket/47451
Comment 6 Amita Sharma 2014-11-18 01:43:44 EST
Test Plan created :: 
https://tcms.engineering.redhat.com/plan/15540/add-enable-disable-remove-plugins-without-server-restart

Few plugins tested :: DNA, memberof, automember.

One new crash bug reported during testing of this bug :: https://bugzilla.redhat.com/show_bug.cgi?id=1162997 

Marking this bug as VERIFIED, new bugs will be opened at later stage when detailed testing will be performed.
Comment 7 Jiri Herrmann 2014-12-12 10:32:01 EST
If this Feature should be included in the 7.1 Release Notes, could you please change the Doc Type from Enhancement to "Release Note"?

Note that the Release Notes are intended to list the most prominent and customer-relevant new features rather than every single enhancement.

Cheers,
Jirka
Comment 8 mreynolds 2014-12-16 15:30:03 EST
Fixed upstream
Comment 11 errata-xmlrpc 2015-03-05 04:31:02 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0416.html

Note You need to log in before you can comment on or make changes to this bug.