On 06/18/2014 05:14 PM, Tomas Babej wrote:
Hi,
With 389-ds-base 1.3.3. comes the dynamic plugin support. We need to
restart the server right after modifying the schema, as the plugins
will be enabled at the point they are added (and not at the next
server restart).
Properly handle both situations in the installer.
https://fedorahosted.org/freeipa/ticket/4203
Installation succeeded with normal DS, but with a build with dynamic
plugins, the DS didn't start and installation failed.
There were some plugin-related failures in the DS error log:
[26/Jun/2014:10:11:41 +0200] ipapwd_start - [file ipa_pwd_extop.c, line
1243]: No config Entry extop?
[26/Jun/2014:10:11:41 +0200] ipapwd_post_modadd - [file prepost.c, line
1019]: Internal error, couldn't find pluginextension ?!
[26/Jun/2014:10:11:41 +0200] ipapwd_post_modadd - [file prepost.c, line
1019]: Internal error, couldn't find pluginextension ?!
[26/Jun/2014:10:13:15 +0200] ipa_winsync_config - [file
ipa-winsync-config.c, line 115]: Error: IPA WinSync plug-in already
configured. Please remove the plugin config entry
[cn=ipa-winsync,cn=plugins,cn=config]
[26/Jun/2014:10:13:15 +0200] ipa_winsync_plugin_start - [file
ipa-winsync.c, line 651]: configuration failed (Bad parameter to an ldap
routine)
[26/Jun/2014:10:13:15 +0200] - Failed to start preoperation plugin
ipa-winsync
[26/Jun/2014:10:13:15 +0200] - plugin_restart: Plugin
(cn=ipa-winsync,cn=plugins,cn=config) failed to restart after
configuration change (Failed to start plugin "ipa-winsync". See errors
log.). Reverting to original plugin entry.
[26/Jun/2014:10:13:16 +0200] ipa_winsync_config - [file
ipa-winsync-config.c, line 115]: Error: IPA WinSync plug-in already
configured. Please remove the plugin config entry
[cn=ipa-winsync,cn=plugins,cn=config]
[26/Jun/2014:10:13:16 +0200] ipa_winsync_plugin_start - [file
ipa-winsync.c, line 651]: configuration failed (Bad parameter to an ldap
routine)
[26/Jun/2014:10:13:16 +0200] - Failed to start preoperation plugin
ipa-winsync
[26/Jun/2014:10:13:16 +0200] dse_post_modify_plugin - The configuration
change for plugin (cn=ipa-winsync,cn=plugins,cn=config) could not be
applied dynamically, and will be ignored until the server is restarted.
...
[26/Jun/2014:10:14:30 +0200] memberof-plugin - Memberof task starts
(arg: (objectclass=*)) ...
[26/Jun/2014:10:14:30 +0200] memberof-plugin - Memberof task starts
(arg: (objectclass=*)) ...
[26/Jun/2014:10:14:31 +0200] memberof-plugin - Memberof task finished
(arg: (objectclass=*)) ...
[26/Jun/2014:10:14:32 +0200] memberof-plugin - Memberof task finished
(arg: (objectclass=*)) ...
[26/Jun/2014:10:14:40 +0200] NSACLPlugin - The ACL target
cn=dns,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com does not exist
[26/Jun/2014:10:14:40 +0200] NSACLPlugin - The ACL target
cn=dns,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com does not exist
[26/Jun/2014:10:15:19 +0200] - Entry "cn=adtrust
agents,cn=sysaccounts,cn=etc,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com"
-- attribute "memberOf" not allowed
[26/Jun/2014:10:15:19 +0200] memberof-plugin - memberof_postop_add:
failed to add dn(cn=System: Read system trust
accounts,cn=permissions,cn=pbac,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com),
error (-1)
If you want I can give access to the VM.
For the record, here's how to build 389-ds with the plugins enabled.
1.) Build dependencies & source:
yum install 389-ds-base* libicu* icu* bzip* net-snmp net-snmp-devel
pcre* pam* mod-nss gdb gcc* perl-Archive-Tar -y --skip-broken
git clone git://git.fedorahosted.org/git/389/ds.git
cd ds
2.) Apply this diff:
diff --git a/ldap/ldif/template-dse.ldif.in b/ldap/ldif/template-dse.ldif.in
index 85662a3..f4b32c7 100644
--- a/ldap/ldif/template-dse.ldif.in
+++ b/ldap/ldif/template-dse.ldif.in
@@ -58,7 +58,7 @@ nsslapd-maxdescriptors: 1024
nsslapd-max-filter-nest-level: 40
nsslapd-ndn-cache-enabled: on
nsslapd-sasl-mapping-fallback: off
-nsslapd-dynamic-plugins: off
+nsslapd-dynamic-plugins: on
nsslapd-allow-hashed-passwords: off
dn: cn=features,cn=config
diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
index e890aed..e13c468 100644
--- a/ldap/servers/slapd/libglobs.c
+++ b/ldap/servers/slapd/libglobs.c
@@ -1567,7 +1567,7 @@ FrontendConfig_init () {
init_plugin_logging = cfg->plugin_logging = LDAP_OFF;
init_listen_backlog_size = cfg->listen_backlog_size =
DAEMON_LISTEN_SIZE;
init_ignore_time_skew = cfg->ignore_time_skew = LDAP_OFF;
- init_dynamic_plugins = cfg->dynamic_plugins = LDAP_OFF;
+ init_dynamic_plugins = cfg->dynamic_plugins = LDAP_ON;
init_cn_uses_dn_syntax_in_dns = cfg->cn_uses_dn_syntax_in_dns =
LDAP_OFF;
#if defined(LINUX)
init_malloc_mxfast = cfg->malloc_mxfast = DEFAULT_MALLOC_UNSET;
3.) Build
make -j1 -f rpm.mk rpms
--
PetrĀ³
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
