- Description of problem: Enabling replication on supplier node using 'dsconf replication enable' command fails with "ERROR: Error: Server is unwilling to perform - Attribute nsDS5ReplicaId value (65535) is invalid, must be a number between 1 and 65534." - Version-Release number of selected component (if applicable): python3-lib389-1.4.3.21-3.module+el8dsrv+10401+3d549418.noarch cockpit-389-ds-1.4.3.21-3.module+el8dsrv+10401+3d549418.noarch 389-ds-base-libs-1.4.3.21-3.module+el8dsrv+10401+3d549418.x86_64 389-ds-base-1.4.3.21-3.module+el8dsrv+10401+3d549418.x86_64 - How reproducible: Always - Steps to Reproduce: 1. Install RHDS 11 on RHEL 8 and create an DS instance. 2. Enable replication on supplier. - Actual results: Enabling replication fails with an error: --- # dsconf -D "cn=Directory Manager" ldap://server1.example.com replication enable --suffix="dc=example,dc=com" --role="master" --replica-id=1 Enter password for cn=Directory Manager on ldap://server1.example.com: Error: Server is unwilling to perform - Attribute nsDS5ReplicaId value (65535) is invalid, must be a number between 1 and 65534. <--- Error --- - Expected results: Replication should be enabled on supplier without any error: --- # dsconf -D "cn=Directory Manager" ldap://`hostname` replication enable --suffix="dc=example,dc=com" --role="master" --replica-id=1 Enter password for cn=Directory Manager on ldap://server1.example.com: Replication successfully enabled for "dc=example,dc=com" <---- --- - Additional info: It's taking hard-coded value '65535' from replication.py file while enabling replication and thus failing. code: /usr/lib/python3.6/site-packages/lib389/cli_conf/replication.py, line no. 157 --- def enable_replication(inst, basedn, log, args): repl_root = args.suffix role = args.role.lower() rid = args.replica_id <---- if role == "supplier" or role == "master": repl_type = '3' repl_flag = '1' elif role == "hub": repl_type = '2' repl_flag = '1' elif role == "consumer": repl_type = '2' repl_flag = '0' else: # error - unknown type raise ValueError("Unknown replication role ({}), you must use \"supplier\", \"hub\", or \"consumer\"".format(role)) # Start the propeties and update them as needed repl_properties = { 'cn': 'replica', 'nsDS5ReplicaRoot': repl_root, 'nsDS5Flags': repl_flag, 'nsDS5ReplicaType': repl_type, 'nsDS5ReplicaId': '65535' <----- This should be 'rid' } ---
This is a regression from: Issue 4656 - Make replication CLI backwards compatible with role name change. This is the fix: $ git diff diff --git a/src/lib389/lib389/cli_conf/replication.py b/src/lib389/lib389/cli_conf/replication.py index a2513ee2a..04886f632 100644 --- a/src/lib389/lib389/cli_conf/replication.py +++ b/src/lib389/lib389/cli_conf/replication.py @@ -158,7 +158,7 @@ def enable_replication(inst, basedn, log, args): } # Validate supplier settings - if role == "supplier": + if role == "supplier" or role == "master": # Do we have a rid? if not args.replica_id or args.replica_id is None: I just fixed this upstream https://github.com/389ds/389-ds-base/issues/4656
In the meantime the easiest workaround is to use "supplier" for the role name: # dsconf -D "cn=Directory Manager" ldap://server1.example.com replication enable --suffix="dc=example,dc=com" --role="supplier" --replica-id=1
Thank you for looking into this and providing a quick 'workaround' in the meantime.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Low: redhat-ds:11 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:3955