Hide Forgot
Description of problem: We need to either run ipa-ldap-updater on upgrades or warn that it needs to be run. Need to confirm that all services are being restarted on upgrades as well.
https://fedorahosted.org/freeipa/ticket/1087
master: ca5332951c68904b0763f79f3612209271206b2a
please add steps to reproduce this issue. Thanks!
Install an older N-V-R of IPA and run the IPA installer. Upgrade to to these bits. During rpm installation in %post it should: - shut down 389-ds - reconfigure 389-ds, there will be a new dse.ldif in the DS configuration directory named dse.ldif.ipa.[some_hex_number] - apply updates (there aren't really any yet) - restore 389-ds configuration - restart 389-ds You might try running rpm directly to install the update rather than using yum and pass in -vv to see the internals of what is going on (beware, it is truly ugly).
Installed master and slave - ipa-server-2.0.0-20.el6.x86_64. 1) added user and tested kinit on both master and slaver 2) yum update ipa-server on master 3) dse.ldif backed up -rw-------. 1 dirsrv dirsrv 86088 Apr 15 13:07 dse.ldif -rw-------. 1 dirsrv dirsrv 86088 Apr 15 13:07 dse.ldif.bak -rw-------. 1 dirsrv root 86051 Apr 15 13:00 dse.ldif.ipa.afe82889c3248a8a 4) directory server restarted [14/Apr/2011:14:07:00 -0400] - slapd shutting down - signaling operation threads [14/Apr/2011:14:07:00 -0400] - slapd shutting down - closing down internal subsystems and plugins [14/Apr/2011:14:07:00 -0400] - Waiting for 4 database threads to stop [14/Apr/2011:14:07:00 -0400] - All database threads now stopped [14/Apr/2011:14:07:00 -0400] - slapd stopped. [14/Apr/2011:14:07:02 -0400] - 389-Directory/1.2.8.0 B2011.095.1758 starting up [14/Apr/2011:14:07:02 -0400] attrcrypt - No symmetric key found for cipher AES in backend userRoot, attempting to create one... [14/Apr/2011:14:07:02 -0400] attrcrypt - Key for cipher AES successfully generated and stored 5) tested kinit as user successful 6) yum update on slave 7) dse.ldif backup -rw-------. 1 dirsrv dirsrv 85099 Apr 15 13:08 dse.ldif -rw-------. 1 dirsrv dirsrv 85099 Apr 15 13:07 dse.ldif.bak -rw-------. 1 dirsrv root 85103 Apr 15 13:04 dse.ldif.ipa.41c41cbec336f6e 8) directory server restarted [15/Apr/2011:13:04:49 -0400] - slapd shutting down - signaling operation threads [15/Apr/2011:13:04:49 -0400] - slapd shutting down - closing down internal subsystems and plugins [15/Apr/2011:13:04:49 -0400] - Waiting for 4 database threads to stop [15/Apr/2011:13:04:49 -0400] - All database threads now stopped [15/Apr/2011:13:04:49 -0400] - slapd stopped. [15/Apr/2011:13:04:53 -0400] - 389-Directory/1.2.8.1 B2011.101.1815 starting up [15/Apr/2011:13:04:53 -0400] schema-compat-plugin - warning: no entries set up under cn=ng, cn=compat, dc=testrelm [15/Apr/2011:13:04:53 -0400] schema-compat-plugin - warning: no entries set up under ou=SUDOers, dc=testrelm [15/Apr/2011:13:04:53 -0400] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=testrelm--no CoS Templates found, which should be added before the CoS Definition. [15/Apr/2011:13:04:53 -0400] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=testrelm--no CoS Templates found, which should be added before the CoS Definition. [15/Apr/2011:13:04:53 -0400] - slapd started. Listening on All Interfaces port 389 for LDAP requests [15/Apr/2011:13:04:53 -0400] - Listening on All Interfaces port 636 for LDAPS requests [15/Apr/2011:13:04:53 -0400] - Listening on /var/run/slapd-TESTRELM.socket for LDAPI requests [15/Apr/2011:13:04:59 -0400] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error -1 (Can't contact LDAP server) ((null)) [15/Apr/2011:13:04:59 -0400] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error -1 (Can't contact LDAP server) [15/Apr/2011:13:04:59 -0400] NSMMReplicationPlugin - agmt="cn=meTodhcp-100-18-88.testrelm" (dhcp-100-18-88:389): Replication bind with GSSAPI auth failed: LDAP error -1 (Can't contact LDAP server) ((null)) [15/Apr/2011:13:05:02 -0400] NSMMReplicationPlugin - agmt="cn=meTodhcp-100-18-88.testrelm" (dhcp-100-18-88:389): Replication bind with GSSAPI auth resumed [15/Apr/2011:13:08:14 -0400] managed-entries-plugin - mep_mod_post_op: Unable to find config for origin entry "uid=test,cn=users,cn=accounts,dc=testrelm". 9) tested kinit as user successful upgrade version: ipa-server-2.0.0-21.el6.x86_64
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2011-0631.html