2217641 – dsconf replication status fails with 'Invalid credentials' while trying to reuse initial credentials.

Bug 2217641 - dsconf replication status fails with 'Invalid credentials' while trying to reuse initial credentials.

Summary: dsconf replication status fails with 'Invalid credentials' while trying to re...

Keywords:
Status:	NEW
Alias:	None
Product:	Red Hat Directory Server
Classification:	Red Hat
Component:	389-ds-base
Sub Component:
Version:	11.7
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	LDAP Maintainers
QA Contact:	LDAP QA Team
Docs Contact:	Evgenia Martynyuk
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2023-06-26 19:17 UTC by Têko Mihinto
Modified:	2023-07-28 08:27 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Têko Mihinto 2023-06-26 19:17:46 UTC

Description of problem:

dsconf replication status is failing with 'Invalid credentials' when:
* Connecting as "cn=Directory Manager" ( haven't tried with a regular user yet ).
and
* The password of the Directory Manager is not identical on servers:

$ dsconf -D "cn=Directory Manager" ldap://localhost:5389 replication status --suffix "dc=example,dc=com"
Enter password for cn=Directory Manager on ldap://localhost:5389: 
Error: Unable to get lag time: {'msgtype': 97, 'msgid': 1, 'result': 49, 'desc': 'Invalid credentials', 'ctrls': []}
$


Version-Release number of selected component (if applicable):
$ cat /etc/redhat-release 
Red Hat Enterprise Linux release 8.8 (Ootpa)
$
$ rpm -qa 389-ds*
389-ds-base-1.4.3.31-11.module+el8dsrv+17815+4f95348d.x86_64
389-ds-base-libs-1.4.3.31-11.module+el8dsrv+17815+4f95348d.x86_64
$

How reproducible:
Always.

Steps to Reproduce:
1. Create 2 RHDS instances
2. Do not use identical passwords for the Directory Manager
3. Enable replication and create a simple "Supplier ==> Consumer" topology
4. Run the "dsconf replication status" command


Actual results:
The command fails with 'Invalid credentials' errors.

Expected results:
Working commands

Additional info:
The command works fine if the Directory Manager's password is the same on both servers:

$ dsconf -D "cn=Directory Manager" ldap://localhost:5389 replication status --suffix "dc=example,dc=com"
Enter password for cn=Directory Manager on ldap://localhost:5389: 
{'agmt-name': ['test_to_alps1'], 'replica': ['XXX:1389'], 'replica-enabled': ['on'], 'update-in-progress': ['FALSE'], 'last-update-start': ['20230626185732Z'], 'last-update-end': ['20230626185732Z'], 'number-changes-sent': ['5000:7/0 '], 'number-changes-skipped': ['unavailable'], 'last-update-status': ['Error (0) Replica acquired successfully: Incremental update succeeded'], 'last-init-start': ['20230626183157Z'], 'last-init-end': ['20230626183204Z'], 'last-init-status': ['Error (0) Total update succeeded'], 'reap-active': ['0'], 'replication-status': ['In Synchronization'], 'replication-lag-time': ['00:00:00']}
$

Note You need to log in before you can comment on or make changes to this bug.