Bug 1955658

Summary: Enabling replication on supplier node using 'dsconf replication enable' command fails with "ERROR: Error: Server is unwilling to perform - Attribute nsDS5ReplicaId value (65535) is invalid, must be a number between 1 and 65534."
Product: Red Hat Directory Server Reporter: Akshay Sakure <asakure>
Component: 389-ds-baseAssignee: mreynolds
Status: CLOSED ERRATA QA Contact: RHDS QE <ds-qe-bugs>
Severity: medium Docs Contact: Marc Muehlfeld <mmuehlfe>
Priority: unspecified    
Version: 11.0CC: gkimetto, ldap-maint, mreynolds, sgouvern, tbordaz, tmihinto
Target Milestone: DS11.2Keywords: Regression, Triaged
Target Release: dirsrv-11.4   
Hardware: x86_64   
OS: Linux   
Whiteboard: sync-to-jira
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-25 06:36:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Akshay Sakure 2021-04-30 15:25:44 UTC
-  Description of problem:
Enabling replication on supplier node using 'dsconf replication enable' command fails with  "ERROR: Error: Server is unwilling to perform - Attribute nsDS5ReplicaId value (65535) is invalid, must be a number between 1 and 65534."

-  Version-Release number of selected component (if applicable):
python3-lib389-1.4.3.21-3.module+el8dsrv+10401+3d549418.noarch
cockpit-389-ds-1.4.3.21-3.module+el8dsrv+10401+3d549418.noarch
389-ds-base-libs-1.4.3.21-3.module+el8dsrv+10401+3d549418.x86_64
389-ds-base-1.4.3.21-3.module+el8dsrv+10401+3d549418.x86_64

-  How reproducible:
Always

-  Steps to Reproduce:
1. Install RHDS 11 on RHEL 8 and create an DS instance.
2. Enable replication on supplier.

-  Actual results:
Enabling replication fails with an error:
---
# dsconf -D "cn=Directory Manager" ldap://server1.example.com replication  enable --suffix="dc=example,dc=com" --role="master"  --replica-id=1
Enter password for cn=Directory Manager on ldap://server1.example.com: 
Error: Server is unwilling to perform - Attribute nsDS5ReplicaId value (65535) is invalid, must be a number between 1 and 65534.   <--- Error
---

-  Expected results:
Replication should be enabled on supplier without any error:
---
# dsconf -D "cn=Directory Manager" ldap://`hostname` replication  enable --suffix="dc=example,dc=com" --role="master"  --replica-id=1
Enter password for cn=Directory Manager on ldap://server1.example.com: 
Replication successfully enabled for "dc=example,dc=com"   <----
---


-  Additional info:
It's taking hard-coded value '65535' from replication.py file while enabling replication and thus failing.
code: /usr/lib/python3.6/site-packages/lib389/cli_conf/replication.py, line no. 157
---
def enable_replication(inst, basedn, log, args):
    repl_root = args.suffix
    role = args.role.lower()
    rid = args.replica_id  <----

    if role == "supplier" or role == "master":
        repl_type = '3'
        repl_flag = '1'
    elif role == "hub":
        repl_type = '2'
        repl_flag = '1'
    elif role == "consumer":
        repl_type = '2'
        repl_flag = '0'
    else:
        # error - unknown type
        raise ValueError("Unknown replication role ({}), you must use \"supplier\", \"hub\", or \"consumer\"".format(role))

    # Start the propeties and update them as needed
    repl_properties = {
        'cn': 'replica',
        'nsDS5ReplicaRoot': repl_root,
        'nsDS5Flags': repl_flag,
        'nsDS5ReplicaType': repl_type,
        'nsDS5ReplicaId': '65535'    <----- This should be 'rid'
        }
---

Comment 2 mreynolds 2021-04-30 17:13:26 UTC
This is a regression from:  Issue 4656 - Make replication CLI backwards compatible with role name change.

This is the fix:

$ git diff
diff --git a/src/lib389/lib389/cli_conf/replication.py b/src/lib389/lib389/cli_conf/replication.py
index a2513ee2a..04886f632 100644
--- a/src/lib389/lib389/cli_conf/replication.py
+++ b/src/lib389/lib389/cli_conf/replication.py
@@ -158,7 +158,7 @@ def enable_replication(inst, basedn, log, args):
         }
 
     # Validate supplier settings
-    if role == "supplier":
+    if role == "supplier" or role == "master":
         # Do we have a rid?
         if not args.replica_id or args.replica_id is None:


I just fixed this upstream https://github.com/389ds/389-ds-base/issues/4656

Comment 3 mreynolds 2021-04-30 17:35:39 UTC
In the meantime the easiest workaround is to use "supplier" for the role name:

    # dsconf -D "cn=Directory Manager" ldap://server1.example.com replication  enable --suffix="dc=example,dc=com" --role="supplier"  --replica-id=1

Comment 4 Akshay Sakure 2021-05-02 13:59:46 UTC
Thank you for looking into this and providing a quick 'workaround' in the meantime.

Comment 13 errata-xmlrpc 2021-10-25 06:36:13 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Low: redhat-ds:11 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:3955