Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 230673 - LDAPI: referral mode needs LDAPI socket
Summary: LDAPI: referral mode needs LDAPI socket
Alias: None
Product: 389
Classification: Retired
Component: Admin
Version: 1.0.4
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Noriko Hosoi
QA Contact: Chandrasekar Kannan
Depends On:
Blocks: FDS1.2.0
TreeView+ depends on / blocked
Reported: 2007-03-02 01:24 UTC by Noriko Hosoi
Modified: 2015-01-04 23:24 UTC (History)
2 users (show)

Fixed In Version: 8.1
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2009-04-29 22:59:49 UTC

Attachments (Terms of Use)
cvs diffs (admin/src/create_instance.c, servers/slapd/libglobs.c) (deleted)
2007-03-02 21:43 UTC, Noriko Hosoi
no flags Details | Diff
cvs commit message (deleted)
2007-03-02 22:39 UTC, Noriko Hosoi
no flags Details
cvs diff config.c (deleted)
2008-05-13 00:14 UTC, Noriko Hosoi
no flags Details | Diff
cvs commit message (deleted)
2008-05-14 18:40 UTC, Noriko Hosoi
no flags Details

Comment 1 Noriko Hosoi 2007-03-02 21:28:31 UTC
(In reply to comment #0)
>> Description of problem:
>> [error #1]
>> [...]
>> I guess my question is PR_Bind for LDAPI is needed for the referral mode.  If
>> not, we could just skip it?
Richard Megginson wrote:
> It could be.  I could see where it would be useful.  We may have to change the
> server to add another command line argument for referral mode, to allow you to
> pass in the ldapi url.  I'll note that openldap allows you to use -H LDAPURL e.g.
> -H ldap://hostname:389/ -H ldapi:///var/run/ldapi etc.  However, we do not yet
> have an LDAP URL parser that understands ldapi.

This issue should be revisited for the 7.3 release.

Comment 2 Noriko Hosoi 2007-03-02 21:38:01 UTC
(In reply to comment #0)
> Description of problem:
> [error #2]
> [...]
> Also, to work around this problem, is it okay to add this code to create the
> directory to put the ldapi unix socket if it does not exist?
Richard Megginson wrote:
I don't think we should create the directory if it does not exist.  That doesn't
seem right to
me.  I think we should just warn.

Pete Rowley wrote:
> You know, given our server installs with in regular cases and all
this has 
> default config set up for directories we already write to, perhaps the right
thing to do 
> is to have default off for ldapi.  That would have minimum impact on tests
that don't 
> care about it (and are set up other ways) and wouldn't effect server installs
> regular means.
Richard Megginson wrote:
Then ds_newinst could set it to "on" if the user specified an ldapifilepath.  I
think that
would appease Andrew as well.

Based upon the suggestions from Pete and Rich, if setting "ldapifilepath=
/path/to/ldapifile/slapd-ID.socket" in the install inf file is used as a trigger
to set ldapi to
"on".  Otherwise, set to "off".  The function ds_gen_confs in create_instance.c
between on and off depending upon the existence of ldapifilepath value.   Also,
the ldapi
default setting in libglobs.c is changed to "off".

Comment 3 Noriko Hosoi 2007-03-02 21:43:16 UTC
Created attachment 149157 [details]
cvs diffs (admin/src/create_instance.c, servers/slapd/libglobs.c)

create_instance.c: if ldapifilepath is not passed, LDAPI is disabled in the
		   newly created instance.
libglobs.c: LDAPI is disabled in the initial configuration parameter setting.

Comment 4 Noriko Hosoi 2007-03-02 22:39:04 UTC
Created attachment 149160 [details]
cvs commit message

Reviewed by Rich (Thank you!)

Checked in into HEAD.

Comment 5 Noriko Hosoi 2007-03-02 22:41:10 UTC
Leave this bug opened for the Comment #1.

Comment 6 Noriko Hosoi 2007-08-03 17:29:51 UTC
Since we don't use the code, this problem does not exist any more?  Just leave
it for now...

Comment 7 Noriko Hosoi 2008-05-13 00:14:24 UTC
Created attachment 305187 [details]
cvs diff config.c

File: ldap/servers/slapd/config.c

Problem Description: If you start the server with the referral mode, e.g., like
 ns-slapd refer -D /etc/dirsrv/slapd-test -r ldap://
UNIX socket for LDAPI was not opened since LDAPI configuration parameters are
not read from dse.ldif at that moment.

Fix Description: adding the code to process nsslapd-ldapifilepath and
nsslapd-ldapilisten in slapd_bootstrap_config.

Comment 8 Noriko Hosoi 2008-05-13 00:22:13 UTC
Test case (using openLDAP client)

# ldapsearch -Y EXTERNAL -H ldapi://%2fvar%2frun%2fslapd-test.socket -b
"dc=example,dc=com" -v "(uid=*)"
ldap_initialize( ldapi://%2fvar%2frun%2fslapd-test.socket )
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Referral (10)

Comment 9 Rich Megginson 2008-05-14 16:06:20 UTC
I don't really like adding more code to the hack that is the bootstrap code in
config.c, but this looks ok.

Comment 10 Noriko Hosoi 2008-05-14 18:40:46 UTC
Created attachment 305393 [details]
cvs commit message

Reviewed by Rich (Thank you!!)

Checked in into CVS HEAD.

Comment 11 Jenny Galipeau 2009-03-11 18:22:53 UTC
Can you please add steps to setup and verify this bug with RH DS?

Comment 12 Noriko Hosoi 2009-03-11 18:41:06 UTC
(In reply to comment #11)
> Can you please add steps to setup and verify this bug with RH DS?

1. enable ldapi
nsslapd-ldaplisten: on

2. assume you have a referral server: ldap://<host>.<domain>

3. start the server with the referrel mode (note: this is another server which refer the referral server)
cd /usr/lib[64]/dirsrv/slapd-ID
./ns-slapd refer -D /etc/dirsrv/slapd-ID -r ldap://<host>.<domain>

If this server starts successfully, the bug is verified.

Comment 13 Jenny Galipeau 2009-03-11 18:53:12 UTC
Is this only a fedora bug?

/etc/dirsrv/slapd-ID/ns-slapd does not exist and the flags are not valid for start-slapd

Comment 14 Noriko Hosoi 2009-03-11 19:14:01 UTC
(In reply to comment #13)
> Is this only a fedora bug?
> /etc/dirsrv/slapd-ID/ns-slapd does not exist and the flags are not valid for
> start-slapd  

Oops, sorry! :p
/usr/sbin/ns-slapd refer -D /etc/dirsrv/slapd-ID -r ldap://<host>.<domain>

Comment 15 Jenny Galipeau 2009-03-11 19:22:41 UTC
that works! thank you
fix verified DS 8.1 RHEL 5

[root@jennyv2 slapd-jennyv2]# /usr/sbin/ns-slapd refer -D /etc/dirsrv/slapd-jennyv2/ -r ldap://

[root@jennyv2 slapd-jennyv2]# tail -f /var/log/dirsrv/slapd-jennyv2/errors
[11/Mar/2009:15:14:31 -0400] - Listening on All Interfaces port 636 for LDAPS requests
[11/Mar/2009:15:14:31 -0400] - Listening on /var/run/slapd-jennyv2.socket for LDAPI requests
[11/Mar/2009:15:25:23 -0400] - slapd shutting down - signaling operation threads
[11/Mar/2009:15:25:23 -0400] - slapd shutting down - closing down internal subsystems and plugins
[11/Mar/2009:15:25:26 -0400] - Waiting for 4 database threads to stop
[11/Mar/2009:15:25:26 -0400] - All database threads now stopped
[11/Mar/2009:15:25:26 -0400] - slapd stopped.
[11/Mar/2009:15:26:18 -0400] - Red Hat-Directory/8.1.0 B2009.050.914 starting up
[11/Mar/2009:15:26:18 -0400] - slapd started.  Listening on All Interfaces port 389 for LDAP requests
[11/Mar/2009:15:26:18 -0400] - Listening on /var/run/slapd-jennyv2.socket for LDAPI requests

Comment 16 Chandrasekar Kannan 2009-04-29 22:59:49 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

Note You need to log in before you can comment on or make changes to this bug.