Bug 56453 – ucs_registerLDAPextension: ldap_extension.py listener sometimes fails to activate acl/schema extensions

Bug 56453 - ucs_registerLDAPextension: ldap_extension.py listener sometimes fails to activate acl/schema extensions


Summary:	ucs_registerLDAPextension: ldap_extension.py listener sometimes fails to acti...

Status:	NEW

Product:	UCS
Classification:	Unclassified
Component:	LDAP
Version:	UCS 5.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	UCS maintainers
QA Contact:	UCS maintainers

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2023-08-18 11:43 CEST by Arvid Requate
Modified:	2023-08-18 18:43 CEST (History)
CC List:	8 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?:	3: Will affect average number of installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.171
Enterprise Customer affected?:	Yes
School Customer affected?:	Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2022102421000712, 2022081521000485, 2022090221000364, 2023020921000719, 2023022821000541, 2023042721000379, 2023062821000293, 2023061221000152
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arvid Requate

2023-08-18 11:43:31 CEST

Bug #55337 has the details.

The proposal is to adjust the ldap_extension.py listener to move the activation from the postrun into the handler function. This may sound irritating, but if you run ucs_registerLDAPextension 5 times fro ma joinscript, then it will wait each time for the postrun and the slapd will get restarted 5 times anyway.

Also there's the question how to make this more reliable: currently the listener postrun code will not activate the extension if (for some reason) slapd in not running (it simply cannot, because it needs write access to the LDAP. Maybe some retry logic or persist+retry via a local file (pickle, sqlite, lmdb, whatever) could make this more robust.