Bug 1623669
| Summary: | ipa-replica-install defines nsds5replicabinddngroup before the group contains the DN of the replication manager [rhel-7.5.z] | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Jaroslav Reznik <jreznik> |
| Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> |
| Status: | CLOSED ERRATA | QA Contact: | ipa-qe <ipa-qe> |
| Severity: | urgent | Docs Contact: | Filip Hanzelka <fhanzelk> |
| Priority: | urgent | ||
| Version: | 7.5 | CC: | fhanzelk, frenaud, ipa-maint, ndehadra, pvoborni, rcritten, tscherf |
| Target Milestone: | rc | Keywords: | ZStream |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | ipa-4.5.4-10.el7_5.4.2 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | 1623112 | Environment: | |
| Last Closed: | 2018-09-25 19:07:13 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1623112 | ||
| Bug Blocks: | |||
|
Description
Jaroslav Reznik
2018-08-29 20:45:54 UTC
ipa-server: ipa-server-4.5.4-10.el7_5.4.3.x86_64 389-ds-base: 389-ds-base-1.3.7.5-27.el7_5.x86_64 Verified the bug on the basis of following observations: 1. Verified that when ipa Master and replica is installed, then "Unable to acquire replica: permission denied. The bind dn "" does not have permission to supply replication updates to the replica. Will retry later." message is received on replica server. (the count of these messages is low, twice in my case) Console: [root@auto-hv-01-guest09 tmp]# tail -1 /var/log/ipareplica-install.log 2018-09-04T08:11:21Z INFO The ipa-replica-install command was successful [root@auto-hv-01-guest09 tmp]# [root@auto-hv-01-guest09 tmp]# rpm -q ipa-server ipa-server-4.5.4-10.el7_5.4.3.x86_64 [root@auto-hv-01-guest09 tmp]# rpm -q 389-ds-base 389-ds-base-1.3.7.5-27.el7_5.x86_64 [root@auto-hv-01-guest09 tmp]# grep -rn "Unable to acquire replica: permission denied" /var/log/ipareplica-install.log [root@auto-hv-01-guest09 tmp]# grep -rn "Unable to acquire replica: permission denied" /var/log/ /var/log/messages:1495:Sep 4 03:59:28 auto-hv-01-guest09 ns-slapd: [04/Sep/2018:03:59:28.159934191 -0400] - ERR - NSMMReplicationPlugin - acquire_replica - agmt="cn=meToauto-hv-01-guest10.testrelm.test" (auto-hv-01-guest10:389): Unable to acquire replica: permission denied. The bind dn "" does not have permission to supply replication updates to the replica. Will retry later. /var/log/dirsrv/slapd-TESTRELM-TEST/errors:110:[04/Sep/2018:03:59:28.159952411 -0400] - ERR - NSMMReplicationPlugin - acquire_replica - agmt="cn=meToauto-hv-01-guest10.testrelm.test" (auto-hv-01-guest10:389): Unable to acquire replica: permission denied. The bind dn "" does not have permission to supply replication updates to the replica. Will retry later. [root@auto-hv-01-guest09 tmp]# ipactl status Directory Service: RUNNING krb5kdc Service: RUNNING kadmin Service: RUNNING named Service: RUNNING httpd Service: RUNNING ipa-custodia Service: RUNNING ntpd Service: RUNNING pki-tomcatd Service: RUNNING ipa-otpd Service: RUNNING ipa-dnskeysyncd Service: RUNNING ipa: INFO: The ipactl command was successful Thus on the basis of above observations, marking the status of bug to 'VERIFIED'. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:2760 |