Description of problem: When the replication agreement is set up for a clone CA, we attempt to create the directory for the changelog on the master and replica servers as follows: String filter = "(objectclass=nsslapdConfig)"; String[] attrs = {"nsslapd-instancedir"}; LDAPSearchResults results = conn.search("cn=config", LDAPv3.SCOPE_SUB, filter, attrs, false); and set the changelog directory to be the value of the nsslapd-instancedir directory/changelog. In Fedora 1.1, this attribute is no longer populated. A new attribute must be used - specifically: String filter = "(objectclass=*)"; String[] attrs = {"nsslapd-directory"}; LDAPSearchResults results = conn.search("cn=config,cn=ldbm database,cn=plugins,cn=config", LDAPv3.SCOPE_SUB, filter, attrs, false); This attribute should work for Fedora DS 1.0 and RHDS/FDS 7.1 as well. Version-Release number of selected component (if applicable): Dogtag 1.0 fedora-ds-base 1.1 How reproducible: try to clone a CA. Steps to Reproduce: 1. 2. 3. Actual results: Setting up replication agreement fails. Expected results: Replication succeeds. Additional info:
Created attachment 311776 [details] patch for replication setup issue
cfu please review.
Created attachment 311881 [details] patch take 2
cfu and mharmsen - please review. Patch includes changes to make ds_removal script actually try to stop the ds for Fedora 1.1 As the code was written, this step was effectively bypassed.
attachment (id=311881) +cfu Please make sure mharmsen reviews the scripts part
The line "+if ( -d "/usr/lib/dirsrv/slapd-${instname}/stop-slapd" ) {" in both script files should be either: "+if ( -d "/usr/lib/dirsrv" ) {", OR "+if ( -x "/usr/lib/dirsrv/slapd-${instname}/stop-slapd" ) {" since "stop-slapd" is an executable. That being said, this script, for the most part, was taken verbatim from the "/usr/lib64/dirsrv/cgi-bin/ds_remove" script in "fedora-ds-admin", and is included as a subscript to be called by "remove_ds_instance". This was done for convenience in Dogtag (so users don't need to install "fedora-ds-admin-1.1.5-1.fc8"). It is possible that I have introduced a problem in my port of this executable, but I hadn't seen any problem prior to this. So, if this code is incorrect here, it may be a problem in Directory Server as well. Can you check with rmeggins, nhosoi, or nkinder?
Actually, if you exercised your code as written in these scripts, you were actually running the exact same code that was already there, since the test for a directory called '.../stop-slapd' would always yield 'false', and the "else" clause is basically the same code that was already there.
Created attachment 312295 [details] patch take 3
Patch contains spec file changes and just java changes for now. Separate patch for the perl scripts to be added later. This does in fact turn out to be a problem in FDS as well. Submitting a bug and patch for that too. (Oh, and agreed on the -x flag).
+ mharmsen attachment (id=312295)
committed [builder@goofy-vm1 src]$ svn ci --username alee --password pki4all pki -m "Fix for Bug 455331" Sending pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java Sending pki/linux/common/pki-common.spec Transmitting file data .. Committed revision 72.
Bug already MODIFIED. setting target CS8.0 and marking screened+