Bug 2050439
| Summary: | ldif2db restores deleted values | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Rob Crittenden <rcritten> |
| Component: | 389-ds-base | Assignee: | LDAP Maintainers <idm-ds-dev-bugs> |
| Status: | CLOSED WONTFIX | QA Contact: | LDAP QA Team <idm-ds-qe-bugs> |
| Severity: | medium | Docs Contact: | |
| Priority: | high | ||
| Version: | 8.6 | CC: | idm-ds-dev-bugs, mreynolds, progier, tbordaz |
| Target Milestone: | rc | Keywords: | Triaged |
| Target Release: | 8.9 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | sync-to-jira | ||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-08-03 07:28:35 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Rob Crittenden
2022-02-03 23:43:20 UTC
FYI: I have done a test export an ldif with replication data then adding above entry (after changing its DN) in the ldif and reimporting the entry ldapsearch -Q -LLL -Y EXTERNAL -H ldapi://$S1 -b dc=example,dc=com "(cn=KDC)" dn: cn=KDC,dc=example,dc=com objectClass: nsContainer objectClass: ipaConfigObject objectClass: top cn: KDC ipaconfigstring: startOrder 10 ipaconfigstring: kdcProxyEnabled ipaconfigstring: pkinitEnabled ipaconfigstring: hiddenService entryuuid: 784dacd4-13a4-40e3-b74b-8724bdc1b74f So as expected the deleted values are not present. And as far as I know the "import" task cannot resurrect deleted value (It just restores the entry state information as is). So IMHO there is something behind the scene either in the way the import was done or because the replication reverted the change. I would suggest to: stop the other instances that could replicate towards the hidden one perform a dsconf instance backend import userRoot ldifPath and see what the ldapsearch returns restart the stopped instances wait a bit and see what the ldapsearch returns Another interresting data would be to run: ldapsearch -LLL -Y GSSAPI -b cn=KDC,cn=replica.example.test,cn=masters,cn=ipa,cn=etc,dc=example,dc=test ipaConfigString nscpEntryWSI to collect the current entry state IPA backs up and restores things a bit differently, pre-dating by far dsconf. tar is used to backup most static files and directories. The database is backed up both using db2bak and db2ldif. The ldif version is restored after stripping out the RUV data, so replication shouldn't be an issue. Still, I shut down the other server. It shouldn't matter though as the delete and add of the ipaConfigString values should be, and are, consistent between the two prior to backup. I took the time to re-confirm. I'll also add this this is behaving differently in newer versions of 389-ds. The values are not restored. https://pagure.io/freeipa/issue/9095 After evaluating this issue, there are no plans to address it further or fix it in an upcoming release. Therefore, it is being closed. If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened. |