Hi,
I'd like to discuss several recent (since a couple of months) commits in stable branches of 389ds. I will be talking about 1.4.4 https://github.com/389ds/389-ds-base/tree/389-ds-base-1.4.4 since it's the one we are using in production, but i think it's the same for 1.4.3. These commits are welcome and go in the right direction, however the changes they produce are not something one expects when the server version changes in 4th digit (ex. 1.4.4.17 -> 1.4.4.18). Here they are:
1) Some database files [presumable memory-mapped files that are ok to be lost at reboot] that were previously in /var/lib/dirsrv/slapd-instance/db/ are now moved to /dev/shm/slapd-instance/. This modification seems to work fine (and should increase performance), however there is an error message at server startup when /dev/shm is empty (for example, after each OS reboot) when the server needs to create the files:
[03/Dec/2021:12:12:14.887200364 +0100] - ERR - bdb_version_write - Could not open file "/dev/shm/slapd-model/DBVERSION" for writing Netscape Portable Runtime -5950 (File not found.)
After the next 389ds restart this ERR message does not appear, but it appears after each OS reboot (since /dev/shm is cleaned up after each reboot).
2) UNIX socket of the server was moved to /run/slapd-instance.socket, a new keyword in .inf file for dscreate ("ldapi") has appeared.
Works fine, but it had an impact on our scripts that use ldapi socket path.
3) A new default plugin requirement, the plugin being written in Rust - probably its introduction is FIPS-related (Issue 3584 - Fix PBKDF2_SHA256 hashing in FIPS mode). See my comment https://github.com/389ds/389-ds-base/issues/5008#issuecomment-983759224. Rust becomes a requirement for building the server, which is fine, but then it should be enabled by default in "./configure". Without it the server does not compile the new plugin and complains about it when starting:
[01/Dec/2021:12:54:04.460194603 +0100] - ERR - symload_report_error - Could not open library "/Local/dirsrv/lib/dirsrv/plugins/libpwdchan-plugin.so" for plugin PBKDF2
...
Thank you and keep up the good work, we use 389ds in production since 2007 and we are quite happy with it :)
2) UNIX socket of the server was moved to /run/slapd-instance.socket, a new keyword in .inf file for dscreate ("ldapi") has appeared.
Works fine, but it had an impact on our scripts that use ldapi socket path.
3) A new default plugin requirement, the plugin being written in Rust - probably its introduction is FIPS-related (Issue 3584 - Fix PBKDF2_SHA256 hashing in FIPS mode). See my comment https://github.com/389ds/389-ds-base/issues/5008#issuecomment-983759224. Rust becomes a requirement for building the server, which is fine, but then it should be enabled by default in "./configure". Without it the server does not compile the new plugin and complains about it when starting:
[01/Dec/2021:12:54:04.460194603 +0100] - ERR - symload_report_error - Could not open library "/Local/dirsrv/lib/dirsrv/plugins/libpwdchan-plugin.so" for plugin PBKDF2
...
Thank you and keep up the good work, we use 389ds in production since 2007 and we are quite happy with it :)
Regards,
Andrey
No comments:
Post a Comment