Description of problem:
The latest update of 389-ds-base cause failures with setup of ipa replica
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. # install ipa-server on one machine
2. # try to install replica on another machine
/usr/sbin/ipa-replica-install -U --setup-ca --setup-dns -P admin -w Secret123
[15/41]: configuring DNS plugin
[16/41]: enabling entryUSN plugin
[17/41]: configuring lockout plugin
[18/41]: configuring topology plugin
[19/41]: creating indices
[20/41]: enabling referential integrity plugin
[21/41]: configuring certmap.conf
[22/41]: configure new location for managed entries
[23/41]: configure dirsrv ccache
[24/41]: enabling SASL mapping fallback
[25/41]: restarting directory server
[26/41]: creating DS keytab
[error] NetworkError: cannot connect to 'ldaps://ibm-x3250m4-05.testrelm.test':
ipapython.admintool: ERROR cannot connect to 'ldaps://ibm-x3250m4-05.testrelm.test':
ipapython.admintool: ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
Replica installed without any problem
This appears to be a regression of:
Bug 1668457 - CVE-2019-3883 389-ds-base: DoS via hanging secured connections
Assigning to Thierry...
ipa version: ipa-server-4.6.5-8.el7.x86_64
389-ds package: 389-ds-base-220.127.116.11-6.el7.x86_64
Verified the bug on the basis of following observations:
1. Verified that replica installation is successful.
2. Verified that the FIALURES observed at comment#11 are no more observed, re-ran jobs thrice and all the three occasion replica installation is successful.
Thus on the basis of above observations , marking bug to "VERIFIED"
This BZ was detected on 18.104.22.168-5  and was decided  to revert and rework 1668457.
This BZ was then successfully tested in 22.214.171.124-6  and marked verified.
Later the reworked 1668457 patch was delivered in 126.96.36.199-10 . Do you know if the test described in this BZ was retested with 188.8.131.52-10 ?
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.