Bug 1420228

Summary: too difficult to remove replication conflicts due to referint plugin.
Product: Red Hat Enterprise Linux 7 Reporter: German Parente <gparente>
Component: 389-ds-baseAssignee: Noriko Hosoi <nhosoi>
Status: CLOSED DUPLICATE QA Contact: Viktor Ashirov <vashirov>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 7.3CC: mkosek, mreynolds, msauton, nkinder, pvoborni, rcritten, rmeggins
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-10-19 15:14:48 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1420851    

Description German Parente 2017-02-08 09:08:01 UTC 
Description of problem:


We have very often this situation at customer configs:


- conflict on user entry:

nsuniqueid=dc5a4415-905211e6-aebbea4a-46cc96c4+uid=wcp6804,cn=users,cn=accounts,dc=psop,dc=be"

we unlink the entry (managed entries) to delete it definitively and:

ldapdelete -D "cn=directory manager" -W "nsuniqueid=dc5a4415-905211e6-aebbea4a-46cc96c4+uid=wcp6804,cn=users,cn=accounts,dc=psop,dc=be"
Enter LDAP Password: 
ldap_delete: Operations error (1)


We set internal ops log level and plugin error log to see:

[08/Feb/2017:09:42:35.033756579 +0100] referint-plugin - _update_one_value: entry cn=ipausers,cn=groups,cn=accounts,dc=psop,dc=be: deleting "member: nsuniqueid=dc5a4415-905211e6-aebbea4a-46cc96c4+uid=wcp6804,cn=users,cn=accounts,dc=psop,dc=be" failed (16)

there's no member of ipausers with the conflict. There's only the real entry.

But the entry to delete is memberof.

So, the only workaround is to disable referential integrity plugin.

The bug here is that the integrity is not there at adding the conflict. Why to check it at deleting it ?

Regards,

German
Comment 1 Petr Vobornik 2017-02-14 13:13:25 UTC 
Per IPA triage, this is a DS bug. That said IPA team team needs to find time to create a tool for automatic fixing of most common replication issues (which can be fixed automatically based on IPA context/knowledge).
Comment 4 Marc Sauton 2017-10-19 15:14:48 UTC 
closing as a dup of bz 1274430 as per ds dev meeting / bug council/review

*** This bug has been marked as a duplicate of bug 1274430 ***