[Freeipa-devel] [PATCH 0229] dsinstance: Detect dynamic plugin support and restart server
Petr Viktorin
pviktori at redhat.com
Thu Jun 26 08:29:31 UTC 2014
On 06/18/2014 05:14 PM, Tomas Babej wrote:
> Hi,
>
> With 389-ds-base 1.3.3. comes the dynamic plugin support. We need to
> restart the server right after modifying the schema, as the plugins
> will be enabled at the point they are added (and not at the next
> server restart).
>
> Properly handle both situations in the installer.
>
> https://fedorahosted.org/freeipa/ticket/4203
Installation succeeded with normal DS, but with a build with dynamic
plugins, the DS didn't start and installation failed.
There were some plugin-related failures in the DS error log:
[26/Jun/2014:10:11:41 +0200] ipapwd_start - [file ipa_pwd_extop.c, line
1243]: No config Entry extop?
[26/Jun/2014:10:11:41 +0200] ipapwd_post_modadd - [file prepost.c, line
1019]: Internal error, couldn't find pluginextension ?!
[26/Jun/2014:10:11:41 +0200] ipapwd_post_modadd - [file prepost.c, line
1019]: Internal error, couldn't find pluginextension ?!
[26/Jun/2014:10:13:15 +0200] ipa_winsync_config - [file
ipa-winsync-config.c, line 115]: Error: IPA WinSync plug-in already
configured. Please remove the plugin config entry
[cn=ipa-winsync,cn=plugins,cn=config]
[26/Jun/2014:10:13:15 +0200] ipa_winsync_plugin_start - [file
ipa-winsync.c, line 651]: configuration failed (Bad parameter to an ldap
routine)
[26/Jun/2014:10:13:15 +0200] - Failed to start preoperation plugin
ipa-winsync
[26/Jun/2014:10:13:15 +0200] - plugin_restart: Plugin
(cn=ipa-winsync,cn=plugins,cn=config) failed to restart after
configuration change (Failed to start plugin "ipa-winsync". See errors
log.). Reverting to original plugin entry.
[26/Jun/2014:10:13:16 +0200] ipa_winsync_config - [file
ipa-winsync-config.c, line 115]: Error: IPA WinSync plug-in already
configured. Please remove the plugin config entry
[cn=ipa-winsync,cn=plugins,cn=config]
[26/Jun/2014:10:13:16 +0200] ipa_winsync_plugin_start - [file
ipa-winsync.c, line 651]: configuration failed (Bad parameter to an ldap
routine)
[26/Jun/2014:10:13:16 +0200] - Failed to start preoperation plugin
ipa-winsync
[26/Jun/2014:10:13:16 +0200] dse_post_modify_plugin - The configuration
change for plugin (cn=ipa-winsync,cn=plugins,cn=config) could not be
applied dynamically, and will be ignored until the server is restarted.
...
[26/Jun/2014:10:14:30 +0200] memberof-plugin - Memberof task starts
(arg: (objectclass=*)) ...
[26/Jun/2014:10:14:30 +0200] memberof-plugin - Memberof task starts
(arg: (objectclass=*)) ...
[26/Jun/2014:10:14:31 +0200] memberof-plugin - Memberof task finished
(arg: (objectclass=*)) ...
[26/Jun/2014:10:14:32 +0200] memberof-plugin - Memberof task finished
(arg: (objectclass=*)) ...
[26/Jun/2014:10:14:40 +0200] NSACLPlugin - The ACL target
cn=dns,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com does not exist
[26/Jun/2014:10:14:40 +0200] NSACLPlugin - The ACL target
cn=dns,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com does not exist
[26/Jun/2014:10:15:19 +0200] - Entry "cn=adtrust
agents,cn=sysaccounts,cn=etc,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com"
-- attribute "memberOf" not allowed
[26/Jun/2014:10:15:19 +0200] memberof-plugin - memberof_postop_add:
failed to add dn(cn=System: Read system trust
accounts,cn=permissions,cn=pbac,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com),
error (-1)
If you want I can give access to the VM.
For the record, here's how to build 389-ds with the plugins enabled.
1.) Build dependencies & source:
yum install 389-ds-base* libicu* icu* bzip* net-snmp net-snmp-devel
pcre* pam* mod-nss gdb gcc* perl-Archive-Tar -y --skip-broken
git clone git://git.fedorahosted.org/git/389/ds.git
cd ds
2.) Apply this diff:
diff --git a/ldap/ldif/template-dse.ldif.in b/ldap/ldif/template-dse.ldif.in
index 85662a3..f4b32c7 100644
--- a/ldap/ldif/template-dse.ldif.in
+++ b/ldap/ldif/template-dse.ldif.in
@@ -58,7 +58,7 @@ nsslapd-maxdescriptors: 1024
nsslapd-max-filter-nest-level: 40
nsslapd-ndn-cache-enabled: on
nsslapd-sasl-mapping-fallback: off
-nsslapd-dynamic-plugins: off
+nsslapd-dynamic-plugins: on
nsslapd-allow-hashed-passwords: off
dn: cn=features,cn=config
diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
index e890aed..e13c468 100644
--- a/ldap/servers/slapd/libglobs.c
+++ b/ldap/servers/slapd/libglobs.c
@@ -1567,7 +1567,7 @@ FrontendConfig_init () {
init_plugin_logging = cfg->plugin_logging = LDAP_OFF;
init_listen_backlog_size = cfg->listen_backlog_size =
DAEMON_LISTEN_SIZE;
init_ignore_time_skew = cfg->ignore_time_skew = LDAP_OFF;
- init_dynamic_plugins = cfg->dynamic_plugins = LDAP_OFF;
+ init_dynamic_plugins = cfg->dynamic_plugins = LDAP_ON;
init_cn_uses_dn_syntax_in_dns = cfg->cn_uses_dn_syntax_in_dns =
LDAP_OFF;
#if defined(LINUX)
init_malloc_mxfast = cfg->malloc_mxfast = DEFAULT_MALLOC_UNSET;
3.) Build
make -j1 -f rpm.mk rpms
--
Petr³
More information about the Freeipa-devel
mailing list