Back to bug 1404443
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Scott Poore | 2016-12-13 21:29:44 UTC | Priority | unspecified | urgent |
| Severity | unspecified | urgent | ||
| Petr Spacek | 2016-12-14 07:58:09 UTC | CC | pspacek | |
| Kaleem | 2016-12-14 08:38:46 UTC | Keywords | Regression, TestBlocker | |
| thierry bordaz | 2016-12-14 10:54:56 UTC | CC | tbordaz | |
| Nathan Kinder | 2016-12-15 16:36:59 UTC | CC | nkinder, rmeggins | |
| Component | ipa | 389-ds-base | ||
| Assignee | ipa-maint | nhosoi | ||
| QA Contact | ksiddiqu | vashirov | ||
| Petr Spacek | 2016-12-16 12:30:30 UTC | CC | pspacek | |
| Petr Spacek | 2016-12-16 12:31:31 UTC | Summary | DNS on IPA server missing after newer replica installed | incompatible nsEncryptionConfig object definition prevents RHEL 7->6 schema replication |
| Noriko Hosoi | 2016-12-20 18:17:28 UTC | Target Release | --- | 7.4 |
| Component | 389-ds-base | 389-ds-base | ||
| Version | 6.9 | 7.3 | ||
| Product | Red Hat Enterprise Linux 6 | Red Hat Enterprise Linux 7 | ||
| Noriko Hosoi | 2016-12-20 18:31:03 UTC | Status | NEW | ASSIGNED |
| thierry bordaz | 2016-12-22 16:52:45 UTC | Status | ASSIGNED | POST |
| Marc Sauton | 2017-01-03 19:01:57 UTC | CC | msauton | |
| Marcel Kolaja | 2017-01-04 12:16:32 UTC | Blocks | 1410080 | |
| Marcel Kolaja | 2017-01-04 12:17:10 UTC | Keywords | ZStream | |
| Noriko Hosoi | 2017-01-05 00:56:41 UTC | Doc Text | Bug: nsEncryptionConfig schema definition diverged between RHEL-7 and RHEL-6 Schema learning mechanism does not merge definition so the schema can not be pushed from RHEL-7 to 6. This triggers schema violation errors. Fix: Defines the RHEL-6 specific attribute types nsTLS10, nsTLS11 and nsTLS12 and add them to the allowed attributes list of nsEncryptionConfig in the RHEL-7 schema. Result: The schema replication from RHEL-7 to 6 has no more problem. | |
| Doc Type | If docs needed, set a value | Bug Fix | ||
| Marc Muehlfeld | 2017-01-09 07:35:54 UTC | Docs Contact | mmuehlfe | |
| Marc Muehlfeld | 2017-01-10 15:14:44 UTC | CC | nhosoi | |
| Doc Text | Bug: nsEncryptionConfig schema definition diverged between RHEL-7 and RHEL-6 Schema learning mechanism does not merge definition so the schema can not be pushed from RHEL-7 to 6. This triggers schema violation errors. Fix: Defines the RHEL-6 specific attribute types nsTLS10, nsTLS11 and nsTLS12 and add them to the allowed attributes list of nsEncryptionConfig in the RHEL-7 schema. Result: The schema replication from RHEL-7 to 6 has no more problem. | IdM schema replications from Red Hat Enterprise Linux 7 to 6.9 fail Identity Management (IdM) in Red Hat Enterprise Linux 6.9 uses a different schema definition in the `nsEncryptionConfig` object class than IdM on Red Hat Enterprise Linux 7.3. Because the schema learning mechanism is unable to merge definitions, schema replications from Red Hat Enterprise Linux 7 to 6.9 fail, and schema violation errors are logged. In an upcoming Red Hat Enterprise Linux 7.3 update, the `nsTLS10`, `nsTLS11`, and `nsTLS12` attributes will be added to the list of allowed attributes in the `nsEncryptionConfig` object class, and as a consequence, replication will no longer fail in the described scenario. | ||
| Doc Type | Bug Fix | Known Issue | ||
| Flags | needinfo?(nhosoi) | |||
| Marc Muehlfeld | 2017-01-16 16:22:23 UTC | Doc Text | IdM schema replications from Red Hat Enterprise Linux 7 to 6.9 fail Identity Management (IdM) in Red Hat Enterprise Linux 6.9 uses a different schema definition in the `nsEncryptionConfig` object class than IdM on Red Hat Enterprise Linux 7.3. Because the schema learning mechanism is unable to merge definitions, schema replications from Red Hat Enterprise Linux 7 to 6.9 fail, and schema violation errors are logged. In an upcoming Red Hat Enterprise Linux 7.3 update, the `nsTLS10`, `nsTLS11`, and `nsTLS12` attributes will be added to the list of allowed attributes in the `nsEncryptionConfig` object class, and as a consequence, replication will no longer fail in the described scenario. | IdM schema replications from Red Hat Enterprise Linux 7 to 6.9 fail Identity Management (IdM) in Red Hat Enterprise Linux 6.9 uses a different schema definition in the `nsEncryptionConfig` object class than IdM on Red Hat Enterprise Linux 7.3. Because the schema learning mechanism is unable to merge definitions, schema replications between servers fail. As a consequence, mechanisms relying on the schema can fail. For example, schema violations and plug-in failures can occur, replication can fail, and access control instructions (ACI) can be ignored. In an upcoming Red Hat Enterprise Linux 7.3 update, the `nsTLS10`, `nsTLS11`, and `nsTLS12` attributes will be added to the list of allowed attributes in the `nsEncryptionConfig` object class, and as a consequence, mechanismsrelying on the schema no longer fails in the described scenario. |
| Flags | needinfo?(tbordaz) | |||
| thierry bordaz | 2017-01-16 16:50:36 UTC | Flags | needinfo?(nhosoi) needinfo?(tbordaz) | |
| Marc Muehlfeld | 2017-01-17 07:38:17 UTC | Doc Text | IdM schema replications from Red Hat Enterprise Linux 7 to 6.9 fail Identity Management (IdM) in Red Hat Enterprise Linux 6.9 uses a different schema definition in the `nsEncryptionConfig` object class than IdM on Red Hat Enterprise Linux 7.3. Because the schema learning mechanism is unable to merge definitions, schema replications between servers fail. As a consequence, mechanisms relying on the schema can fail. For example, schema violations and plug-in failures can occur, replication can fail, and access control instructions (ACI) can be ignored. In an upcoming Red Hat Enterprise Linux 7.3 update, the `nsTLS10`, `nsTLS11`, and `nsTLS12` attributes will be added to the list of allowed attributes in the `nsEncryptionConfig` object class, and as a consequence, mechanismsrelying on the schema no longer fails in the described scenario. | IdM schema replications from Red Hat Enterprise Linux 7 to 6.9 fail Identity Management (IdM) in Red Hat Enterprise Linux 6.9 uses a different schema definition in the `nsEncryptionConfig` object class than IdM on Red Hat Enterprise Linux 7.3. Because the schema learning mechanism is unable to merge definitions, schema replications between servers fail. As a consequence, mechanisms relying on the schema can fail. For example, schema violations and plug-in failures can occur, replication can fail, and access control instructions (ACI) can be ignored. In an upcoming Red Hat Enterprise Linux 7.3 update, the `nsTLS10`, `nsTLS11`, and `nsTLS12` attributes will be added to the list of allowed attributes in the `nsEncryptionConfig` object class, and as a consequence, mechanisms relying on the schema no longer fails in the described scenario. |
| errata-xmlrpc | 2017-03-23 16:00:05 UTC | Status | POST | MODIFIED |
| CC | mreynolds | |||
| Fixed In Version | 389-ds-base-1.3.6.1-3.el7 | |||
| Status | MODIFIED | ON_QA | ||
| Viktor Ashirov | 2017-05-19 15:02:59 UTC | Status | ON_QA | VERIFIED |
| errata-xmlrpc | 2017-08-01 21:12:24 UTC | Status | VERIFIED | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2017-08-01 17:12:24 UTC | |||
| Simon Pichugin | 2020-09-13 21:54:48 UTC | Link ID | Github 389ds/389-ds-base/issues/2133 |
Back to bug 1404443