Friday, December 3, 2021

[389-users] Re: Recent commits in stable 389ds branches - discussion


Just to add to the previous mail - there is another phenomenon linked apparently  to the new plugin - at each start of the server two error messages about plugins with NULL identities are displayed:
...
[03/Dec/2021:14:41:38.945576751 +0100] - INFO - main - 389-Directory/1.4.4.17 B2021.337.1333 starting up
[03/Dec/2021:14:41:38.946206385 +0100] - INFO - main - Setting the maximum file descriptor limit to: 64000
[03/Dec/2021:14:41:38.951185055 +0100] - ERR - allow_operation - Component identity is NULL
[03/Dec/2021:14:41:38.951846429 +0100] - ERR - allow_operation - Component identity is NULL
[03/Dec/2021:14:41:39.546909815 +0100] - INFO - PBKDF2_SHA256 - Based on CPU performance, chose 2048 rounds
[03/Dec/2021:14:41:39.566959933 +0100] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000
...

De: "Ivanov Andrey" <andrey.ivanov@polytechnique.fr>
À: "General discussion list for the 389 Directory server, project." <389-users@lists.fedoraproject.org>
Envoyé: Vendredi 3 Décembre 2021 12:29:31
Objet: [389-users] Recent commits in stable 389ds branches - discussion
Hi,

I'd like to discuss several recent (since a couple of months) commits in stable branches of 389ds. I will be talking about 1.4.4 https://github.com/389ds/389-ds-base/tree/389-ds-base-1.4.4 since it's the one we are using in production, but i think it's the same for 1.4.3. These commits are welcome and go in the right direction, however the changes they produce are not something one expects when the server version changes in 4th digit (ex. 1.4.4.17 -> 1.4.4.18). Here they are:

1) Some database files [presumable memory-mapped files that are ok to be lost at reboot] that were previously in /var/lib/dirsrv/slapd-instance/db/ are now moved to /dev/shm/slapd-instance/. This modification seems to work fine (and should increase performance), however there is an error message at server startup when /dev/shm is empty (for example, after each OS reboot) when the server needs to create the files:
[03/Dec/2021:12:12:14.887200364 +0100] - ERR - bdb_version_write - Could not open file "/dev/shm/slapd-model/DBVERSION" for writing Netscape Portable Runtime -5950 (File not found.)
After the next 389ds restart this ERR message does not appear, but it appears after each OS reboot (since /dev/shm is cleaned up after each reboot).

2) UNIX socket of the server was moved to /run/slapd-instance.socket, a new keyword in .inf file for dscreate ("ldapi") has appeared.
Works fine, but it had an impact on our scripts that use ldapi socket path.

3) A new default plugin requirement, the plugin being written in Rust - probably its introduction is FIPS-related (Issue 3584 - Fix PBKDF2_SHA256 hashing in FIPS mode). See my comment https://github.com/389ds/389-ds-base/issues/5008#issuecomment-983759224. Rust becomes a requirement for building the server, which is fine, but then it should be enabled by default in "./configure". Without it the server does not compile the new plugin and complains about it when starting:
[01/Dec/2021:12:54:04.460194603 +0100] - ERR - symload_report_error - Could not open library "/Local/dirsrv/lib/dirsrv/plugins/libpwdchan-plugin.so" for plugin PBKDF2
...

Thank you and keep up the good work, we use 389ds in production since 2007 and we are quite happy with it :)

Regards,
Andrey

_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)