Bug 2217641
| Summary: | dsconf replication status fails with 'Invalid credentials' while trying to reuse initial credentials. | ||
|---|---|---|---|
| Product: | Red Hat Directory Server | Reporter: | Têko Mihinto <tmihinto> |
| Component: | 389-ds-base | Assignee: | LDAP Maintainers <idm-ds-dev-bugs> |
| Status: | NEW --- | QA Contact: | LDAP QA Team <idm-ds-qe-bugs> |
| Severity: | medium | Docs Contact: | Evgenia Martynyuk <emartyny> |
| Priority: | unspecified | ||
| Version: | 11.7 | CC: | idm-ds-dev-bugs, musoni, vashirov |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | Bug | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Description of problem: dsconf replication status is failing with 'Invalid credentials' when: * Connecting as "cn=Directory Manager" ( haven't tried with a regular user yet ). and * The password of the Directory Manager is not identical on servers: $ dsconf -D "cn=Directory Manager" ldap://localhost:5389 replication status --suffix "dc=example,dc=com" Enter password for cn=Directory Manager on ldap://localhost:5389: Error: Unable to get lag time: {'msgtype': 97, 'msgid': 1, 'result': 49, 'desc': 'Invalid credentials', 'ctrls': []} $ Version-Release number of selected component (if applicable): $ cat /etc/redhat-release Red Hat Enterprise Linux release 8.8 (Ootpa) $ $ rpm -qa 389-ds* 389-ds-base-1.4.3.31-11.module+el8dsrv+17815+4f95348d.x86_64 389-ds-base-libs-1.4.3.31-11.module+el8dsrv+17815+4f95348d.x86_64 $ How reproducible: Always. Steps to Reproduce: 1. Create 2 RHDS instances 2. Do not use identical passwords for the Directory Manager 3. Enable replication and create a simple "Supplier ==> Consumer" topology 4. Run the "dsconf replication status" command Actual results: The command fails with 'Invalid credentials' errors. Expected results: Working commands Additional info: The command works fine if the Directory Manager's password is the same on both servers: $ dsconf -D "cn=Directory Manager" ldap://localhost:5389 replication status --suffix "dc=example,dc=com" Enter password for cn=Directory Manager on ldap://localhost:5389: {'agmt-name': ['test_to_alps1'], 'replica': ['XXX:1389'], 'replica-enabled': ['on'], 'update-in-progress': ['FALSE'], 'last-update-start': ['20230626185732Z'], 'last-update-end': ['20230626185732Z'], 'number-changes-sent': ['5000:7/0 '], 'number-changes-skipped': ['unavailable'], 'last-update-status': ['Error (0) Replica acquired successfully: Incremental update succeeded'], 'last-init-start': ['20230626183157Z'], 'last-init-end': ['20230626183204Z'], 'last-init-status': ['Error (0) Total update succeeded'], 'reap-active': ['0'], 'replication-status': ['In Synchronization'], 'replication-lag-time': ['00:00:00']} $