Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 450941 - Does not do in-use port detection properly
Summary: Does not do in-use port detection properly
Alias: None
Product: 389
Classification: Retired
Component: Install/Uninstall
Version: 1.1.0
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Rich Megginson
QA Contact: Viktor Ashirov
Depends On:
Blocks: 442454 FDS112
TreeView+ depends on / blocked
Reported: 2008-06-11 20:17 UTC by Rob Crittenden
Modified: 2015-12-07 16:54 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2015-12-07 16:54:45 UTC

Attachments (Terms of Use)
diffs (deleted)
2008-07-14 16:41 UTC, Rich Megginson
no flags Details | Diff
cvs commit log (deleted)
2008-07-14 23:26 UTC, Rich Megginson
no flags Details

Description Rob Crittenden 2008-06-11 20:17:36 UTC
Description of problem:

The DS installer checks to see if the requested ports are in-use before
continuing the installation ( It does not set
SO_REUSEADDR so incorrectly detects as in-use ports that otherwise should be

Version-Release number of selected component (if applicable):


Steps to Reproduce:

I'm testing this in the context of the ipa project, so using those tools:

1. ipa-server-install
2. kinit admin
3. ipa-server-install --uninstall -U
4. ipa-server-install

After the uninstall there will be a number of sockets in TIME_WAIT and FIN_WAIT2.

Comment 1 Chandrasekar Kannan 2008-06-17 13:24:25 UTC
Wait for a couple of minutes after uninstall and then try install again. 

Comment 2 Rich Megginson 2008-07-08 21:13:17 UTC
***	2007-12-17 16:49:50.000000000 -0700
---	2008-07-08 15:11:15.000000000 -0600
*** 78,83 ****
--- 78,84 ----
      my $proto = getprotobyname('tcp');
      my $rc = socket(SOCK, PF_INET, SOCK_STREAM, $proto);
      if ($rc == 1) {
+         setsockopt(SOCK, SOL_SOCKET, SO_REUSEADDR, 1);
          $rc = bind(SOCK, sockaddr_in($port, INADDR_ANY));

Comment 3 Rich Megginson 2008-07-14 16:41:40 UTC
Created attachment 311729 [details]

Comment 4 Rich Megginson 2008-07-14 23:26:33 UTC
Created attachment 311787 [details]
cvs commit log

Reviewed by: nkinder (Thanks!)
Branch: HEAD
Fix Description: Set SO_REUSEADDR to make sure the port is really available.
Platforms tested: RHEL5, Fedora 8, Fedora 9
Flag Day: no
Doc impact: no

Comment 5 Michael Gregg 2009-04-16 00:18:52 UTC
It appears that this bug still exists:

Setup complete
Next steps:
Be sure to back up the CA certificate stored in /etc/dirsrv/slapd-DSDEV-SJC-REDHAT-COM/cacert.p12
The password for this file is in /etc/dirsrv/slapd-DSDEV-SJC-REDHAT-COM/pwdfile.txt

[root@localhost ~]# kinit admin
Password for admin@DSDEV.SJC.REDHAT.COM: 

[root@localhost ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin@DSDEV.SJC.REDHAT.COM
Valid starting     Expires            Service principal
04/15/09 18:20:40  04/16/09 18:20:37  krbtgt/DSDEV.SJC.REDHAT.COM@DSDEV.SJC.REDHAT.COM
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached

[root@localhost ~]# ipa-server-install --uninstall -U

[root@localhost ~]# ipa-server-install 

The log file for this installation can be found in /var/log/ipaserver-install.log
This program will setup the FreeIPA Server.

This includes:
  * Configure the Network Time Daemon (ntpd)
  * Create and configure an instance of Directory Server
  * Create and configure a Kerberos Key Distribution Center (KDC)
  * Configure Apache (httpd)
  * Configure TurboGears

To accept the default shown in brackets, press the Enter key.

IPA requires ports 389 and 636 for the Directory Server.
These are currently in use:

Comment 6 Michael Gregg 2009-04-16 00:49:24 UTC
tested against  

rpm -qa ipa-server

Comment 7 Rob Crittenden 2009-04-16 00:51:41 UTC
We had to adjust the IPA port detection routines to match the DS ones so we could detect the unavailable port early on and not fail during ds-setup. It could be that this is a false-alarm.

Comment 8 Rich Megginson 2009-09-21 19:47:45 UTC
I would like to either close this bug or move it to freeipa - ok?

Comment 9 Rob Crittenden 2009-09-23 13:35:05 UTC
The DS part should be testable using I think. Rich, correct me if I'm wrong, but I think the process would be:

- run some queries against server
- (should not fail)

I think it would be best for tracking to open a separate bug against IPA.

Comment 10 Rich Megginson 2009-09-23 14:16:26 UTC
(In reply to comment #9)
> The DS part should be testable using I think. Rich, correct me if
> I'm wrong, but I think the process would be:
> -
> - run some queries against server
> -
> - (should not fail)

> I think it would be best for tracking to open a separate bug against IPA.

Comment 11 Rich Megginson 2009-09-25 17:48:28 UTC
ok - closing - please open a separate IPA BUG

Note You need to log in before you can comment on or make changes to this bug.