Bug 819111
Summary: | non-existent container ou=cmsusers breaks replication | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Ade Lee <alee> |
Component: | pki-core | Assignee: | Ade Lee <alee> |
Status: | CLOSED NOTABUG | QA Contact: | IDM QE LIST <seceng-idm-qe-list> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 6.3 | CC: | dpal, jgalipea, mharmsen, shaines, spoore |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
The following text was added to the problem description area of RHBA-2012:12464-01:
* The CS replication code was recently changed so that the replication user was created in the container ou=csusers, cn=config., rather than directly under cn=config. This container may not exist in older updated servers, and for those servers, the replication user would not be created, and replication would not succeed. The replication setup code has been modified to create the ou=csusers container if it does not exist. (BZ#819111)
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2012-05-14 18:34:03 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ade Lee
2012-05-04 21:15:36 UTC
Note: the effect of this bug is to break replication in IPA as described above. Patch checked into dogtag 9, 10 and rhel 6.3 rhel 6.3 checkin: commit e11f90c85738eebc1af16fc9180109df4cab9538 Author: Ade Lee <alee> Date: Tue May 8 13:38:44 2012 -0400 Resolves #819111 - non-existent container ou=csusers breaks replication Patch as below: diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java b/base/common/src/com/ index bdd0b0d..8a26ce4 100644 --- a/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java +++ b/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java @@ -1210,7 +1210,27 @@ public class DatabasePanel extends WizardPanelBase { throws LDAPException { LDAPAttributeSet attrs = null; LDAPEntry entry = null; - String dn = "cn=" + bindUser + ",cn=config"; + + // for older subsystems, the container ou=csusers, cn=config may not yet exist + String dn = "ou=csusers, cn=config"; + try { + attrs = new LDAPAttributeSet(); + attrs.add(new LDAPAttribute("objectclass", "top")); + attrs.add(new LDAPAttribute("objectclass", "organizationalUnit")); + attrs.add(new LDAPAttribute("ou", "csusers")); + entry = new LDAPEntry(dn, attrs); + conn.add(entry); + } catch (LDAPException e) { + if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) { + CMS.debug("createReplicationManager: containing ou already exists"); + } else { + CMS.debug("createReplicationManager: Failed to create containing ou. Exception: " + + e.toString()); + throw e; + } + } + + dn = "cn=" + bindUser + ",ou=csusers,cn=config"; try { attrs = new LDAPAttributeSet(); attrs.add(new LDAPAttribute("objectclass", "top")); Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: The following text was added to the problem description area of RHBA-2012:12464-01: * The CS replication code was recently changed so that the replication user was created in the container ou=csusers, cn=config., rather than directly under cn=config. This container may not exist in older updated servers, and for those servers, the replication user would not be created, and replication would not succeed. The replication setup code has been modified to create the ou=csusers container if it does not exist. (BZ#819111) Just to confirm this wasn't fixed until 5/8/2012 in pki-core-9.0.3-25.el6? This only affects RHEL IPA servers upgraded from 6.2 and earlier right? How can I see the replication user? I tried this on a couple of new IPA RHEL 6.3 servers and can't find it: ldapsearch -LLL -x -D "cn=Directory Manager" -w "$ROOTDNPWD" -b "ou=csusers, cn=config" I also tried grepping ldapsearch of all of cn=config but, didn't find anything. This fix is not needed because the ou=csusers change was not ported to the rhel branch. It only exists in dogtag 9. We will be reverting to the previous build in dogtag 9 -- pki-core-9.0.3-24 |