Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 230498 - allow ds_newinst with ldapi and no serverport
Summary: allow ds_newinst with ldapi and no serverport
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: 389
Classification: Retired
Component: Install/Uninstall
Version: 1.0.4
Hardware: All
OS: All
medium
medium
Target Milestone: ---
Assignee: Rich Megginson
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks: FDS1.1.0
TreeView+ depends on / blocked
 
Reported: 2007-03-01 01:01 UTC by Rich Megginson
Modified: 2015-01-04 23:24 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-06-22 13:34:53 UTC


Attachments (Terms of Use)
diffs (deleted)
2007-03-01 02:07 UTC, Rich Megginson
no flags Details | Diff
diffs (deleted)
2007-03-01 02:15 UTC, Rich Megginson
no flags Details | Diff
new diffs (deleted)
2007-03-01 02:58 UTC, Rich Megginson
no flags Details | Diff
cvs commit log (deleted)
2007-03-01 03:35 UTC, Rich Megginson
no flags Details
strace of ds_newinst binary (deleted)
2007-03-01 03:58 UTC, Andrew Bartlett
no flags Details
Inf file generated by samba4 build system (deleted)
2007-03-01 22:03 UTC, Andrew Bartlett
no flags Details
new inf file (deleted)
2007-03-01 22:08 UTC, Rich Megginson
no flags Details

Description Rich Megginson 2007-03-01 01:01:05 UTC
In order to test with ldapi, it is useful to be able to create a new server
instance that only uses ldapi.  So we need to be able to tell the server not to
listen on a tcp port.  We do this by passing a value of 0 to the dse.ldif file
for the non-secure ldap port.  ds_newinst/create_instance.c cannot handle this -
you cannot pass in the ldapi filename, and you must pass in a server port.

Comment 1 Rich Megginson 2007-03-01 02:07:48 UTC
Created attachment 148982 [details]
diffs

Comment 2 Rich Megginson 2007-03-01 02:15:26 UTC
Created attachment 148983 [details]
diffs

Comment 3 Noriko Hosoi 2007-03-01 02:45:22 UTC
Looks good to me.

The C code has ENABLE_LDAPI macro, but the perl frontend does not.
1) If the inf file happens to have ldapifilepath value and the ds_newinst-bin is
built with LDAPI disabled, the attribute-value is just ignored.
2) If the port 0 is given to the LDAPI disabled server, checkport returns the
error and the installation fails.
I'm assuming these observations are correct... :)

Comment 4 Nathan Kinder 2007-03-01 02:50:26 UTC
The changes look good, but I have one question.

In ds_newinst.pl.in, the following code section looks like it would allow you to
explicitly specify "ServerPort = 0" in the inf file without specifying a ldapi
filename.  Should we check if ServerPort is set to 0 before setting "$canlisten
= 1"?

+# either servport or ldapifilepath must be specified - the server must
+# listen to something . . .
+my $canlisten = 0;
+if (defined($table{"slapd"}->{"ServerPort"})) {
+    $canlisten = 1;
+    $cgiargs{"servport"} = $table{"slapd"}->{"ServerPort"};
+} else {
+    $cgiargs{"servport"} = "0"; # 0 means do not listen
+}
+if (defined($table{"slapd"}->{"ldapifilepath"})) {
+    $canlisten = 1;
+    $cgiargs{"ldapifilepath"} = $table{"slapd"}->{"ldapifilepath"};
+}
+if (! $canlisten) {
+    usage("Either ServerPort or ldapifilepath must be specified in the slapd
section of $filename");
+}

Comment 5 Rich Megginson 2007-03-01 02:57:01 UTC
(In reply to comment #3)
> Looks good to me.
> 
> The C code has ENABLE_LDAPI macro, but the perl frontend does not.
> 1) If the inf file happens to have ldapifilepath value and the ds_newinst-bin is
> built with LDAPI disabled, the attribute-value is just ignored.

Right.  That should make it easier to share .inf files between fedora-ds and
redhat-ds.

> 2) If the port 0 is given to the LDAPI disabled server, checkport returns the
> error and the installation fails.
> I'm assuming these observations are correct... :)

Right.

Comment 6 Rich Megginson 2007-03-01 02:58:08 UTC
Created attachment 148985 [details]
new diffs

Diffs to address nkinder's concerns

Comment 7 Nathan Kinder 2007-03-01 03:14:02 UTC
Looks good!

Comment 8 Rich Megginson 2007-03-01 03:35:13 UTC
Created attachment 148986 [details]
cvs commit log

Reviewed by: nkinder, nhosoi (Thanks!)
Files: see diff
Branch: HEAD
Fix Description: Two new fields have been added to the ds_newinst .inf files:
ldapifilepath - the full path and file name of the server ldapi file
start_server - if present and has a value of 0, this tells ds_newinst not to
start the server - default is 1
The ds_newinst code has been changed to allow an empty or "0" value servport if
an ldapifilepath is given (and ENABLE_LDAPI is defined).  Either a valid server
port or an ldapifilepath must be provided, or both.
In addition, I changed ds_newinst.pl to accept a .inf file given on stdin.
Platforms tested: RHEL4, FC6
Flag Day: no
Doc impact: We will have to document ldapi support on the wiki.

Comment 9 Andrew Bartlett 2007-03-01 03:57:37 UTC
Using only ldapi:// doesn't seem to work.  The ds_newinst binary is stuck trying
to talk to localhost:389



Comment 10 Andrew Bartlett 2007-03-01 03:58:39 UTC
Created attachment 148987 [details]
strace of ds_newinst binary

Comment 11 Rich Megginson 2007-03-01 16:45:55 UTC
It looks like you are specifying ServerPort= 389 in your .inf file.  ds_newinst
will attempt to verify that the port is free by trying to connect to it.  Do you
need to specify a port number?  If I use an .inf file like this:[General]
FullMachineName=   localhost.localdomain
SuiteSpotUserID=   nobody
ServerRoot=    /usr/lib64/fedora-ds
[slapd]
#ServerPort=   1100
start_server= 0
ldapifilepath= /var/run/ldapi
ServerIdentifier=   localhost
Suffix=   dc=example,dc=com
RootDN=   cn=Directory Manager
RootDNPwd=  Secret123

It works just fine, and I don't see any connect() calls in strace (except for
other system daemons).

Comment 12 Andrew Bartlett 2007-03-01 22:03:24 UTC
Created attachment 149056 [details]
Inf file generated by samba4 build system

This is what I'm currently using

Comment 13 Rich Megginson 2007-03-01 22:08:25 UTC
Created attachment 149057 [details]
new inf file

The Config* and AdminDomain settings are not needed for fedora-ds-base - those
are admin server/console specific things.  In fact, not only do they not accept
ldapi LDAP URLs, they also cause the server to try to start even if
start_server=0.  ServerPort does not need to be specified if not using it.


Note You need to log in before you can comment on or make changes to this bug.