[Freeipa-devel] [PATCH 0229] dsinstance: Detect dynamic plugin support and restart server

Petr Viktorin pviktori at redhat.com
Thu Jun 26 08:29:31 UTC 2014 

On 06/18/2014 05:14 PM, Tomas Babej wrote:
> Hi,
>
> With 389-ds-base 1.3.3. comes the dynamic plugin support. We need to
> restart the server right after modifying the schema, as the plugins
> will be enabled at the point they are added (and not at the next
> server restart).
>
> Properly handle both situations in the installer.
>
> https://fedorahosted.org/freeipa/ticket/4203

Installation succeeded with normal DS, but with a build with dynamic 
plugins, the DS didn't start and installation failed.


There were some plugin-related failures in the DS error log:

[26/Jun/2014:10:11:41 +0200] ipapwd_start - [file ipa_pwd_extop.c, line 
1243]: No config Entry extop?
[26/Jun/2014:10:11:41 +0200] ipapwd_post_modadd - [file prepost.c, line 
1019]: Internal error, couldn't find pluginextension ?!
[26/Jun/2014:10:11:41 +0200] ipapwd_post_modadd - [file prepost.c, line 
1019]: Internal error, couldn't find pluginextension ?!
[26/Jun/2014:10:13:15 +0200] ipa_winsync_config - [file 
ipa-winsync-config.c, line 115]: Error: IPA WinSync plug-in already 
configured.  Please remove the plugin config entry 
[cn=ipa-winsync,cn=plugins,cn=config]
[26/Jun/2014:10:13:15 +0200] ipa_winsync_plugin_start - [file 
ipa-winsync.c, line 651]: configuration failed (Bad parameter to an ldap 
routine)
[26/Jun/2014:10:13:15 +0200] - Failed to start preoperation plugin 
ipa-winsync
[26/Jun/2014:10:13:15 +0200] - plugin_restart: Plugin 
(cn=ipa-winsync,cn=plugins,cn=config) failed to restart after 
configuration change (Failed to start plugin "ipa-winsync".  See errors 
log.).  Reverting to original plugin entry.
[26/Jun/2014:10:13:16 +0200] ipa_winsync_config - [file 
ipa-winsync-config.c, line 115]: Error: IPA WinSync plug-in already 
configured.  Please remove the plugin config entry 
[cn=ipa-winsync,cn=plugins,cn=config]
[26/Jun/2014:10:13:16 +0200] ipa_winsync_plugin_start - [file 
ipa-winsync.c, line 651]: configuration failed (Bad parameter to an ldap 
routine)
[26/Jun/2014:10:13:16 +0200] - Failed to start preoperation plugin 
ipa-winsync
[26/Jun/2014:10:13:16 +0200] dse_post_modify_plugin - The configuration 
change for plugin (cn=ipa-winsync,cn=plugins,cn=config) could not be 
applied dynamically, and will be ignored until the server is restarted.

...

[26/Jun/2014:10:14:30 +0200] memberof-plugin - Memberof task starts 
(arg: (objectclass=*)) ...
[26/Jun/2014:10:14:30 +0200] memberof-plugin - Memberof task starts 
(arg: (objectclass=*)) ...
[26/Jun/2014:10:14:31 +0200] memberof-plugin - Memberof task finished 
(arg: (objectclass=*)) ...
[26/Jun/2014:10:14:32 +0200] memberof-plugin - Memberof task finished 
(arg: (objectclass=*)) ...
[26/Jun/2014:10:14:40 +0200] NSACLPlugin - The ACL target 
cn=dns,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com does not exist
[26/Jun/2014:10:14:40 +0200] NSACLPlugin - The ACL target 
cn=dns,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com does not exist
[26/Jun/2014:10:15:19 +0200] - Entry "cn=adtrust 
agents,cn=sysaccounts,cn=etc,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com" 
-- attribute "memberOf" not allowed
[26/Jun/2014:10:15:19 +0200] memberof-plugin - memberof_postop_add: 
failed to add dn(cn=System: Read system trust 
accounts,cn=permissions,cn=pbac,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com), 
error (-1)


If you want I can give access to the VM.



For the record, here's how to build 389-ds with the plugins enabled.

1.) Build dependencies & source:

yum install 389-ds-base* libicu* icu* bzip* net-snmp net-snmp-devel
pcre* pam* mod-nss gdb gcc* perl-Archive-Tar -y --skip-broken

git clone git://git.fedorahosted.org/git/389/ds.git
cd ds

2.) Apply this diff:

diff --git a/ldap/ldif/template-dse.ldif.in b/ldap/ldif/template-dse.ldif.in
index 85662a3..f4b32c7 100644
--- a/ldap/ldif/template-dse.ldif.in
+++ b/ldap/ldif/template-dse.ldif.in
@@ -58,7 +58,7 @@ nsslapd-maxdescriptors: 1024
  nsslapd-max-filter-nest-level: 40
  nsslapd-ndn-cache-enabled: on
  nsslapd-sasl-mapping-fallback: off
-nsslapd-dynamic-plugins: off
+nsslapd-dynamic-plugins: on
  nsslapd-allow-hashed-passwords: off

  dn: cn=features,cn=config
diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
index e890aed..e13c468 100644
--- a/ldap/servers/slapd/libglobs.c
+++ b/ldap/servers/slapd/libglobs.c
@@ -1567,7 +1567,7 @@ FrontendConfig_init () {
    init_plugin_logging = cfg->plugin_logging = LDAP_OFF;
    init_listen_backlog_size = cfg->listen_backlog_size = 
DAEMON_LISTEN_SIZE;
    init_ignore_time_skew = cfg->ignore_time_skew = LDAP_OFF;
-  init_dynamic_plugins = cfg->dynamic_plugins = LDAP_OFF;
+  init_dynamic_plugins = cfg->dynamic_plugins = LDAP_ON;
    init_cn_uses_dn_syntax_in_dns = cfg->cn_uses_dn_syntax_in_dns = 
LDAP_OFF;
  #if defined(LINUX)
    init_malloc_mxfast = cfg->malloc_mxfast = DEFAULT_MALLOC_UNSET;

3.) Build
make -j1 -f rpm.mk rpms




-- 
Petr³

More information about the Freeipa-devel mailing list