Bug 1739419

Summary: Error while enumerating SASL mappings NAME not unique
Product: Red Hat Enterprise Linux 8 Reporter: Justin Cook <jhcook>
Component: 389-ds-baseAssignee: mreynolds
Status: CLOSED DUPLICATE QA Contact: RHDS QE <ds-qe-bugs>
Severity: high Docs Contact:
Priority: unspecified    
Version: 8.1CC: abokovoy, lkrispen, nkinder, rcritten, rmeggins, spichugi, tbordaz, tscherf, vashirov
Target Milestone: rc   
Target Release: 8.0   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-08-09 10:47:12 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Justin Cook 2019-08-09 09:35:14 UTC 
Description of problem:

Version-Release number of selected component (if applicable):

RHEL 8.1 Beta

How reproducible:

Every single time

Steps to Reproduce:

server.my.example.com # ipa-replica-install --unattended --mkhomedir --setup-dns --setup-ca --no-forwarders --principal justin.cook.COM --admin-password <password> --server server.my.example.com --domain my.example.com --force-join

Actual results:

  [27/40]: setting up initial replication
Starting replication, please wait until this has completed.
Update in progress, 9 seconds elapsed
Update succeeded

  [28/40]: prevent time skew after initial replication
  [29/40]: adding sasl mappings to the directory
Error while enumerating SASL mappings NAME not unique for b"( nsEncryptionConfig-oid NAME 'nsEncryptionConfig' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsCertfile $ nsKeyfile $ nsSSL2 $ nsSSL3 $ nsTLS1 $ nsTLS10 $ nsTLS11 $ nsTLS12 $ sslVersionMin $ sslVersionMax $ nsSSLSessionTimeout $ nsSSL3SessionTimeout $ nsSSLClientAuth $ nsSSL2Ciphers $ nsSSL3Ciphers $ nsSSLSupportedCiphers $ allowWeakCipher $ CACertExtractFile $ allowWeakDHParam $ nsTLSAllowClientRenegotiation ) X-ORIGIN ( 'Netscape' 'user defined' ) )"
  [error] NameNotUnique: NAME not unique for b"( nsEncryptionConfig-oid NAME 'nsEncryptionConfig' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsCertfile $ nsKeyfile $ nsSSL2 $ nsSSL3 $ nsTLS1 $ nsTLS10 $ nsTLS11 $ nsTLS12 $ sslVersionMin $ sslVersionMax $ nsSSLSessionTimeout $ nsSSL3SessionTimeout $ nsSSLClientAuth $ nsSSL2Ciphers $ nsSSL3Ciphers $ nsSSLSupportedCiphers $ allowWeakCipher $ CACertExtractFile $ allowWeakDHParam $ nsTLSAllowClientRenegotiation ) X-ORIGIN ( 'Netscape' 'user defined' ) )"
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

NAME not unique for b"( nsEncryptionConfig-oid NAME 'nsEncryptionConfig' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsCertfile $ nsKeyfile $ nsSSL2 $ nsSSL3 $ nsTLS1 $ nsTLS10 $ nsTLS11 $ nsTLS12 $ sslVersionMin $ sslVersionMax $ nsSSLSessionTimeout $ nsSSL3SessionTimeout $ nsSSLClientAuth $ nsSSL2Ciphers $ nsSSL3Ciphers $ nsSSLSupportedCiphers $ allowWeakCipher $ CACertExtractFile $ allowWeakDHParam $ nsTLSAllowClientRenegotiation ) X-ORIGIN ( 'Netscape' 'user defined' ) )"
The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information

Expected results:

Successful replica

Additional info:

Delete replication:

$ ipa-replica-manage del server.my.example.com --force --cleanup
Updating DNS system records
ipa: WARNING: Forcing removal of server.my.example.com
ipa: WARNING: Ignoring topology connectivity errors.
ipa: WARNING: Ignoring these warnings and proceeding with removal
ipa: WARNING: Failed to cleanup server.my.example.com DNS entries: no matching entry found
ipa: WARNING: You may need to manually remove them from the tree
ipa: WARNING: Server has already been deleted
--------------------------------------------------------
Deleted IPA server "server.my.example.com"
--------------------------------------------------------

Packages on failed replica:
server.my.example.com $ rpm -qa | grep ipa
ipa-server-common-4.7.1-11.module+el8+2842+7481110c.noarch
python3-libipa_hbac-2.0.0-43.el8_0.3.x86_64
python3-ipalib-4.7.1-11.module+el8+2842+7481110c.noarch
ipa-client-4.7.1-11.module+el8+2842+7481110c.x86_64
ipa-common-4.7.1-11.module+el8+2842+7481110c.noarch
redhat-logos-ipa-80.7-1.el8.noarch
python3-ipaserver-4.7.1-11.module+el8+2842+7481110c.noarch
ipa-server-dns-4.7.1-11.module+el8+2842+7481110c.noarch
libipa_hbac-2.0.0-43.el8_0.3.x86_64
sssd-ipa-2.0.0-43.el8_0.3.x86_64
python3-ipaclient-4.7.1-11.module+el8+2842+7481110c.noarch
ipa-client-common-4.7.1-11.module+el8+2842+7481110c.noarch
ipa-server-4.7.1-11.module+el8+2842+7481110c.x86_64
python3-iniparse-0.4-31.el8.noarch

Packages on master:
master.my.example.com # rpm -qa | grep ipa
python3-ipaserver-4.7.90.pre1-3.module+el8.1.0+3389+a3c612fa.noarch
sssd-ipa-2.2.0-1.el8.x86_64
ipa-client-4.7.90.pre1-3.module+el8.1.0+3389+a3c612fa.x86_64
ipa-common-4.7.90.pre1-3.module+el8.1.0+3389+a3c612fa.noarch
redhat-logos-ipa-80.8-1.el8.noarch
ipa-server-4.7.90.pre1-3.module+el8.1.0+3389+a3c612fa.x86_64
libipa_hbac-2.2.0-1.el8.x86_64
python3-ipaclient-4.7.90.pre1-3.module+el8.1.0+3389+a3c612fa.noarch
ipa-server-common-4.7.90.pre1-3.module+el8.1.0+3389+a3c612fa.noarch
ipa-server-dns-4.7.90.pre1-3.module+el8.1.0+3389+a3c612fa.noarch
ipa-client-common-4.7.90.pre1-3.module+el8.1.0+3389+a3c612fa.noarch
python3-libipa_hbac-2.2.0-1.el8.x86_64
python3-ipalib-4.7.90.pre1-3.module+el8.1.0+3389+a3c612fa.noarch
python3-iniparse-0.4-31.el8.noarch
Comment 1 Alexander Bokovoy 2019-08-09 09:57:20 UTC 
Looks like famous non-oid oid problem strikes back. Switching to dirsrv.
Comment 2 thierry bordaz 2019-08-09 10:45:16 UTC 
It is a duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=1729069.

It looks 1729069 is not yet fixed as 1.4.1.6-2 [1] still contains the string OID.

[1] https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=946642
Comment 3 thierry bordaz 2019-08-09 10:47:12 UTC 

*** This bug has been marked as a duplicate of bug 1729069 ***