Bug 1311251 - Multiple nextRange attributes in ou=certificateRepository,ou=ca,o=ipaca
Multiple nextRange attributes in ou=certificateRepository,ou=ca,o=ipaca
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: pki-core (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: rc
: 7.4
Assigned To: Matthew Harmsen
Asha Akkiangady
Depends On:
  Show dependency treegraph
Reported: 2016-02-23 12:55 EST by German Parente
Modified: 2016-04-25 20:32 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-04-25 20:32:36 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description German Parente 2016-02-23 12:55:54 EST
Description of problem:

Customer is creating and deleting same replica several times. As a result, there's an issue to create a replica with a failure of pki instance configuration.

One of the observed issues is:

# certificateRepository, ca, ipaca
dn: ou=certificateRepository,ou=ca,o=ipaca
nextRange: 140000001
nextRange: 350000001
nextRange: 340000001

I am sorry that I don't know exactly how to reproduce this. I report this bug just to trace this behavior that is apparently not desired.

The real error is in attachment and it's related to the creation of a range that is rejected with err=68 (entry already exists).

I am attaching the debug log showing this error. And also, the full list of ranges (objectclass=pkirange)

Any help to understand why the range creation is failing is welcome.

Thanks and regards


Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

Actual results:

Expected results:

Additional info:
Comment 4 Matthew Harmsen 2016-03-07 18:52:47 EST
Upstream ticket:
Comment 5 Matthew Harmsen 2016-03-22 19:07:57 EDT
Hi Matthew,

Thanks. The customer has reinstalled from scratch. And I don't think this bug is easy to reproduce. So, no need to be back-ported. 

Thanks a lot for the fix and your help. 



On Mar 21, 2016, at 22:49, Matthew Harmsen <mharmsen@redhat.com> wrote:

> German,
> Once the following Bug has been fixed:
>     Bugzilla Bug #1311251 - Multiple nextRange attributes in ou=certificateRepository,ou=ca,o=ipaca
> Does the customer require that the solution be back-ported to RHEL 7.2.z?
> Thanks,
> -- Matt

Per CS/DS Triage Meeting of 03/22/2016:  10.4
Comment 6 Matthew Harmsen 2016-04-20 18:10:26 EDT
Per CS Bug/Ticket Triage held 04/19/2016:  RHEL 7.4

This ticket may be closed with INSUFFICIENT DATA since we can't reproduce.

Note You need to log in before you can comment on or make changes to this bug.