Bug 1843162

Summary: Creating Replication Manager fails if uid=repman is used
Product: Red Hat Enterprise Linux 8 Reporter: mreynolds
Component: 389-ds-baseAssignee: mreynolds
Status: CLOSED ERRATA QA Contact: RHDS QE <ds-qe-bugs>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 8.1CC: atolani, ds-qe-bugs, mmuehlfe, nkinder, pasik, spichugi, tbordaz, vashirov
Target Milestone: rcFlags: pm-rhel: mirror+
Target Release: 8.0   
Hardware: All   
OS: Linux   
Whiteboard: sync-to-jira
Fixed In Version: 389-ds-1.4-8030020200605214214.618f7055 Doc Type: Bug Fix
Doc Text:
Cause: Trying to create a replication manager using the attribute "uid" as the RDN of the entry Consequence: The manager entry fails to be added. Fix: Allow uid as the RDN of the replication manager entry Result: You can use "cn" or "uid" for the replication manager entry
 Story Points: ---
Clone Of: 1654226 Environment:
Last Closed: 2020-11-04 03:08:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1654226    
Bug Blocks:    

Description mreynolds 2020-06-02 17:57:32 UTC 
+++ This bug was initially created as a clone of Bug #1654226 +++

Description of problem:
Creating Replication Manager from webui fails if uid=repman is used

While creating a replication agreement using webui, If uid=repman is choosed, It fails with error.

[28/Nov/2018:04:44:13.449798112 -0500] conn=70 op=8 ADD dn="uid=repman,cn=config"
[28/Nov/2018:04:44:13.478054359 -0500] conn=70 op=8 RESULT err=65 tag=105 nentries=0 etime=0.0028324086 - attribute "uid" not allowed

cn=repman,cn=config works correctly.

This used to work for older version & lot of customers uses uid=<name> syntax.


Version-Release number of selected component (if applicable):
cockpit-389-ds-1.4.0.19-2.module+el8+1+36e60e1d.noarch
389-ds-base-1.4.0.19-2.module+el8+1+36e60e1d.x86_64
389-ds-base-libs-1.4.0.19-2.module+el8+1+36e60e1d.x86_64


How reproducible:
100%

Steps to Reproduce:
Login to Cockpit Webui
Select Instance
Go to replication
click on Configuration
Add replication manager as uid=<name>


Actual results:
It should work

Expected results:
It fails with error=65, Adding screenshot for more clarity

Additional info:
This was legacy configuration which used to work previously Lot of existing environment uses same convention. It should work for both uid=name & cn=name.

--- Additional comment from Arpit Tolani on 2018-11-28 09:59:31 UTC ---



--- Additional comment from  on 2018-11-28 20:47:38 UTC ---

Yeah lib389 limits this to just cn for replication managers.  I know it will not be easy to change it because of how it's all laid out, but it should be possible.

--- Additional comment from  on 2020-05-26 12:46:31 UTC ---

Upstream ticket: 

https://pagure.io/389-ds-base/issue/51113
Comment 3 Viktor Ashirov 2020-08-07 11:57:20 UTC 
Build tested: 389-ds-base-1.4.3.8-5.module+el8.3.0+7569+08175a8a.x86_64

# dsconf -D "cn=Directory Manager" -w password server-rhel8 replication enable --suffix="dc=example,dc=com" --role="master" --replica-id=1 --bind-dn="uid=repman,cn=config" --bind-passwd="password"
Replication successfully enabled for "dc=example,dc=com"

# ldapsearch -xLLL -D "cn=Directory Manager" -w password -b cn=config 'uid=repman'
dn: uid=repman,cn=config
objectClass: top
objectClass: inetUser
objectClass: netscapeServer
objectClass: nsAccount
cn: repman
uid: repman
userPassword:: e1BCS0RGMl9TSEEyNTZ9QUFBSUFGSlhtaCthOTl1UXUvd0dsak5RK1ZIUjRwUkl
 ZRW51c2NyQXRKVUwza2hKOTRSL0xyUTVZWjk4ZXd6MHhVSE54amZJTytpblNlU0hIZWtWNmZ2a01S
 eFBLTjRyMFdzcGRwMlcxcWJTOUVPbUMvdDdrUVF1dTdJU1NFTFJRRGVDUkhwSkVyWFVGVG5aK1JwN
 G1UcE83eFQxUDBpSjlRR0Jwak1Sc0E3U01NdEZhekZrUjZpSUVhMmNQUEN6QUw1b3dpY01aUnZGbX
 MvV3I1dGlHRzRFNTlrcW1IZU9vSzZkVllqMnJ1TmRKOStJd3cvNlVHdGw0UmlYZ09yVCtsb3FaaHp
 TcVJaVmdGMTU0Z29COFNHQ0ZtRUR4RDBYcTdwMmcrbWdxdi9mYkgwWFZnTXdaMVliWGU5cU9oQ3ov
 TlllUGF5Si9mN2h3VEFGRWtuTXVidEZwQ05jeW9lbzg3UFB0NGh6K2N6WmNJMEs2SzJGSklsRjZQS
 ElwWS81WGNHVUtJd1cxelpkR0hLWGlYSU5ObWloY2tnR0VYUmpoQXB1UWNFK2U3K2dLVEh5


Entry is created successfully, marking as VERIFIED.
Comment 6 errata-xmlrpc 2020-11-04 03:08:03 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (389-ds:1.4 bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2020:4695