Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 1220788 - request to backport ticket 3578 to RHEL6. Provoking migration to 7.1 issues.
request to backport ticket 3578 to RHEL6. Provoking migration to 7.1 issues.
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ipa (Show other bugs)
6.6
Unspecified Unspecified
high Severity high
: rc
: ---
Assigned To: IPA Maintainers
Namita Soman
Tomas Capek
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-05-12 08:53 EDT by German Parente
Modified: 2015-07-22 03:39 EDT (History)
8 users (show)

See Also:
Fixed In Version: ipa-3.0.0-47.el6
Doc Type: Known Issue
Doc Text:
False-positive error messages when migrating to Red Hat Enterprise Linux 7.1 Previously, bad definition of the dc attribute in /usr/share/ipa/05rfc2247.ldif caused bogus error messages to be returned during migration. Even though the attribute has been fixed, the bug persists if the copy-schema-to-ca.py script was run on Red Hat Enterprise Linux 6.6 prior to running it on Red Hat Enterprise Linux 6.7. To work around this problem, manually copy /usr/share/ipa/schema/05rfc2247.ldif to /etc/dirsrv/slapd-PKI-IPA/schema/ and restart Identity Management.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-07-22 03:39:56 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:1462 normal SHIPPED_LIVE Moderate: ipa security and bug fix update 2015-07-21 10:14:52 EDT

  None (edit)
Description German Parente 2015-05-12 08:53:02 EDT
Description of problem:

it's explained in:

https://fedorahosted.org/freeipa/ticket/3578#comment:15

When migrating to 7.1, both instances of dirsrv are merged. 

copy-schema-to-ca.py script is copying the file:

/usr/share/ipa/05rfc2247.ldif

included in RHEL6 and the bad definition of attribute "dc" is spread into whole topology provoking these errors:

[15/Apr/2015:12:33:06 +0100] attr_syntax_create - Error: the EQUALITY
matching rule [caseIgnoreIA5Match] is not compatible with the syntax
[1.3.6.1.4.1.1466.115.121.1.15] for the attribute [dc]
[15/Apr/2015:12:33:06 +0100] attr_syntax_create - Error: the SUBSTR
matching rule [caseIgnoreIA5SubstringsMatch] is not compatible with the
syntax [1.3.6.1.4.1.1466.115.121.1.15] for the attribute [dc]


Version-Release number of selected component (if applicable): 

ipa-server-3.0.0-42.el6.x86_64

Actual results:


Expected results:


Additional info:
Comment 1 German Parente 2015-05-12 08:55:13 EDT
copy-schema-to-ca.py is including this definition in the list of files to copy. This should not be.

SCHEMA_FILENAMES = (
    "60kerberos.ldif",
    "60samba.ldif",
    "60ipaconfig.ldif",
    "60basev2.ldif",
    "60basev3.ldif",
    "60ipadns.ldif",
    "61kerberos-ipav3.ldif",
    "65ipacertstore.ldif",
    "65ipasudo.ldif",
    "70ipaotp.ldif",
    "05rfc2247.ldif",   <----- HERE

the file in the 389 rpms is right.

But the one included in ipa-server rpm still shows bad definition for rhel6.
Comment 3 Petr Vobornik 2015-05-12 09:48:39 EDT
Do I understand it correctly that the proposal is to backport [1] and nothing else? Or do you also want to backport the other patch [2] from ticket #3578?


[1] https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=e9863e3fe3cc5ca016c4e216ae3d34b750a34c73
[2] https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=d4a0fa34afd30765e5ea6f0df21976a6494f13d6
Comment 4 German Parente 2015-05-12 10:22:10 EDT
Hi Petr,

thanks for taking care of this bug.

The error I am seeing is related to [1] but I think the full fix should be backport'd.
Comment 11 errata-xmlrpc 2015-07-22 03:39:56 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-1462.html

Note You need to log in before you can comment on or make changes to this bug.