Bug 994690 – [RFE] Allow dynamically adding/enabling/disabling/removing plugins without requiring a server restart

Bug 994690 - [RFE] Allow dynamically adding/enabling/disabling/removing plugins without requiring a server restart

Summary:	[RFE] Allow dynamically adding/enabling/disabling/removing plugins without re...

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	389-ds-base (Show other bugs)
Sub Component:
Version:	7.0
Hardware:	All Linux

Priority	medium Severity high
Target Milestone:	rc
Target Release:	7.1
Assigned To:	mreynolds
QA Contact:	Viktor Ashirov
Docs Contact:

URL:
Whiteboard:
Keywords:	FutureFeature

Depends On:	1162997 1166252
Blocks:
	Show dependency tree / graph

Reported:	2013-08-07 15:08 EDT by Sankar Ramalingam
Modified:	2015-03-05 04:31 EST (History)
CC List:	5 users (show)

See Also:
Fixed In Version:	389-ds-base-1.3.3.1-10.el7
Doc Type:	Enhancement
Doc Text:	Feature: Allow plugins to be stopped/started/configured without requiring a server restart for it to take effect. Reason: The server can be configured without having to stop the server, and disrupt a live production environment. Result (if any):
Story Points:	---
Clone Of:
Environment:
Last Closed:	2015-03-05 04:31:02 EST
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Sankar Ramalingam 2013-08-07 15:08:58 EDT

Description of problem: Directory server should support dynamic configuration changes for the plugins. Currently, it requires a server restart for plugin configuration changes. 


Version-Release number of selected component (if applicable): 389-ds-base-1.2.11.15-20


How reproducible: Consistently.


Steps to Reproduce:

# Add container for automembers plugin
ldapmodify -h $IP -p $PORT -D "cn=directory manager" -w Secret123 -a <<EOF
dn: $PLUGIN_ROOT
objectClass: top
objectClass: nscontainer
EOF


# Configure nsslapd-pluginConfigArea
ldapmodify -h $IP -p $PORT -D "cn=directory manager" -w Secret123 -a <<EOF
dn: $PLUGIN_AUTO
changetype: modify
add: nsslapd-pluginConfigArea
nsslapd-pluginConfigArea: $ROOT
-
replace: nsslapd-pluginEnabled
nsslapd-pluginEnabled: on
EOF


# Add rules that conlict with pluginConfigArea
ldapmodify -h $IP -p $PORT -D "cn=directory manager" -w Secret123 -a <<EOF
dn: cn=replsubGroups,$PLUGIN_ROOT
objectclass: autoMemberDefinition
autoMemberScope: cn=Employees,$ROOT
autoMemberFilter: objectclass=posixAccount
autoMemberDefaultGroup: cn=SubDef1,$ROOT
autoMemberDefaultGroup: cn=SubDef2,$ROOT
autoMemberDefaultGroup: cn=SubDef3,$ROOT
autoMemberDefaultGroup: cn=SubDef4,$ROOT
autoMemberDefaultGroup: cn=SubDef5,$ROOT
autoMemberGroupingAttr: member: dn

dn: cn=Managers,cn=replsubGroups,$PLUGIN_ROOT
objectclass: autoMemberRegexRule
description: Group placement for Managers
cn: Managers
autoMemberTargetGroup: cn=Managers,cn=replsubGroups,$ROOT
autoMemberInclusiveRegex: uidNumber=^5..5$
autoMemberInclusiveRegex: gidNumber=^[1-4]..3$
autoMemberInclusiveRegex: nsAdminGroupName=^Manager$|^Supervisor$
autoMemberExclusiveRegex: uidNumber=^999$
autoMemberExclusiveRegex: gidNumber=^[6-8].0$
autoMemberExclusiveRegex: nsAdminGroupName=^Junior$

dn:cn=Contractors,cn=replsubGroups,$PLUGIN_ROOT
objectclass: autoMemberRegexRule
description: Group placement for Contractors
cn:  Contractors
autoMemberTargetGroup: cn=Contractors,cn=replsubGroups,$ROOT
autoMemberInclusiveRegex: uidNumber=^8..5$
autoMemberInclusiveRegex: gidNumber=^[5-9]..3$
autoMemberInclusiveRegex: nsAdminGroupName=^Contract|^Temporary$
autoMemberExclusiveRegex: uidNumber=^[1,3,8]99$
autoMemberExclusiveRegex: gidNumber=^[2-4]00$
autoMemberExclusiveRegex: nsAdminGroupName=^Employee$
EOF


Actual results: Automembership plugin accepts invalid configuration. It requires a server restart to reject the configuration.


Expected results: Plugin should reject the invalid configuration dynamically.


Additional info: 
Associated upstream ticket - https://fedorahosted.org/389/ticket/47451

Comment 2 Nathan Kinder 2013-08-07 15:23:28 EDT

Upstream ticket:
https://fedorahosted.org/389/ticket/47451

Comment 6 Amita Sharma 2014-11-18 01:43:44 EST

Test Plan created :: 
https://tcms.engineering.redhat.com/plan/15540/add-enable-disable-remove-plugins-without-server-restart

Few plugins tested :: DNA, memberof, automember.

One new crash bug reported during testing of this bug :: https://bugzilla.redhat.com/show_bug.cgi?id=1162997 

Marking this bug as VERIFIED, new bugs will be opened at later stage when detailed testing will be performed.

Comment 7 Jiri Herrmann 2014-12-12 10:32:01 EST

If this Feature should be included in the 7.1 Release Notes, could you please change the Doc Type from Enhancement to "Release Note"?

Note that the Release Notes are intended to list the most prominent and customer-relevant new features rather than every single enhancement.

Cheers,
Jirka

Comment 8 mreynolds 2014-12-16 15:30:03 EST

Fixed upstream

Comment 11 errata-xmlrpc 2015-03-05 04:31:02 EST

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0416.html

Note You need to log in before you can comment on or make changes to this bug.