RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 703869 - Managed Entry Configuration Not Setup when installing replica server
Summary: Managed Entry Configuration Not Setup when installing replica server
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ipa
Version: 6.1
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: rc
: ---
Assignee: Rob Crittenden
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks: 709331
TreeView+ depends on / blocked
 
Reported: 2011-05-11 13:42 UTC by Jenny Severance
Modified: 2015-01-04 23:48 UTC (History)
4 users (show)

Fixed In Version: ipa-2.1.0-1.el6
Doc Type: Bug Fix
Doc Text:
Cause: IPA replication installations were missing configuration for managed entries. Consequence: User-private groups and netgroups were not created for host groups if they were created on the replica. Fix: Add configuration for managed entries when creating a replica. Result: Creating users and host groups perform the same when creating on any IPA server.
Clone Of:
Environment:
Last Closed: 2011-12-06 18:22:04 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:1533 0 normal SHIPPED_LIVE Moderate: ipa security and bug fix update 2011-12-06 01:23:31 UTC

Description Jenny Severance 2011-05-11 13:42:55 UTC 
Description of problem:

Master config:

# ldapsearch -x -D "cn=directory manager" -w MySecret -b "cn=Managed Entries,cn=plugins,cn=config"# extended LDIF
#
# LDAPv3
# base <cn=Managed Entries,cn=plugins,cn=config> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# Managed Entries, plugins, config
dn: cn=Managed Entries,cn=plugins,cn=config
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
objectClass: nsContainer
cn: Managed Entries
nsslapd-pluginPath: libmanagedentries-plugin
nsslapd-pluginInitfunc: mep_init
nsslapd-pluginType: preoperation
nsslapd-pluginEnabled: on
nsslapd-plugin-depends-on-type: database
nsslapd-pluginId: Managed Entries
nsslapd-pluginVersion: 1.2.8.2
nsslapd-pluginVendor: 389 Project
nsslapd-pluginDescription: Managed Entries plugin

# NGP Definition, Managed Entries, plugins, config
dn: cn=NGP Definition,cn=Managed Entries,cn=plugins,cn=config
objectClass: extensibleObject
objectClass: top
cn: HGP Definition
cn: NGP Definition
originscope: cn=hostgroups,cn=accounts,dc=testrelm
originfilter: objectclass=ipahostgroup
managedbase: cn=ng,cn=alt,dc=testrelm
managedtemplate: cn=NGP HGP Template,cn=etc,dc=testrelm

# UPG Definition, Managed Entries, plugins, config
dn: cn=UPG Definition,cn=Managed Entries,cn=plugins,cn=config
objectClass: extensibleObject
objectClass: top
cn: UPG Definition
originscope: cn=users,cn=accounts,dc=testrelm
originfilter: objectclass=posixAccount
managedbase: cn=groups,cn=accounts,dc=testrelm
managedtemplate: cn=UPG Template,cn=etc,dc=testrelm

# search result
search: 2
result: 0 Success

# numResponses: 4
# numEntries: 3


Replica config:
#ldapsearch -x -D "cn=directory manager" -w Secret123 -b "cn=Managed Entries,cn=plugins,cn=config"
# extended LDIF
#
# LDAPv3
# base <cn=Managed Entries,cn=plugins,cn=config> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# Managed Entries, plugins, config
dn: cn=Managed Entries,cn=plugins,cn=config
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
objectClass: nsContainer
cn: Managed Entries
nsslapd-pluginPath: libmanagedentries-plugin
nsslapd-pluginInitfunc: mep_init
nsslapd-pluginType: preoperation
nsslapd-pluginEnabled: on
nsslapd-plugin-depends-on-type: database
nsslapd-pluginId: Managed Entries
nsslapd-pluginVersion: 1.2.8.2
nsslapd-pluginVendor: 389 Project
nsslapd-pluginDescription: Managed Entries plugin

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1




Version-Release number of selected component (if applicable):
ipa-server-2.0.0-23.el6.x86_64

How reproducible:


Steps to Reproduce:
1. install master - search configuration
2. install slave - search configuration
3.
  
Actual results:
configuration is not added

Expected results:
configuration to be added on installation

Additional info:

There is a manual workaround.  You can manually add the configuration using ldapmodify after replica install, but will need to restart the services with ipactl restart.
Comment 2 Dmitri Pal 2011-05-11 21:38:14 UTC 
https://fedorahosted.org/freeipa/ticket/1222
Comment 5 Rob Crittenden 2011-05-27 16:21:12 UTC 
Pushed a one-liner typo fix from JR as well:

master: 5a4f77ac1433ca1a0c9327dc90af58e3f225151d

ipa-2-0: 58a970f25d929e7686c696d7c4ca1d5d34c341b5

and my bigger patch:

master: 201ffc07bdb9e45ebb155a36b3b8ca77e7f9719c

ipa-2-0: 8bd26a81be7c717c8928ba04fdf3ec8e3e1d09c2
Comment 8 Jenny Severance 2011-09-21 17:21:09 UTC 
verified:

config on replica:

# Managed Entries, plugins, config
dn: cn=Managed Entries,cn=plugins,cn=config
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
objectClass: nsContainer
cn: Managed Entries
nsslapd-pluginPath: libmanagedentries-plugin
nsslapd-pluginInitfunc: mep_init
nsslapd-pluginType: preoperation
nsslapd-pluginEnabled: on
nsslapd-plugin-depends-on-type: database
nsslapd-pluginId: Managed Entries
nsslapd-pluginVersion: 1.2.9.11
nsslapd-pluginVendor: 389 Project
nsslapd-pluginDescription: Managed Entries plugin

# NGP Definition, Managed Entries, plugins, config
dn: cn=NGP Definition,cn=Managed Entries,cn=plugins,cn=config
cn: NGP Definition
objectClass: extensibleObject
objectClass: top
managedbase: cn=ng,cn=alt,dc=testrelm
originfilter: objectclass=ipahostgroup
originscope: cn=hostgroups,cn=accounts,dc=testrelm
managedtemplate: cn=NGP HGP Template,cn=etc,dc=testrelm

# UPG Definition, Managed Entries, plugins, config
dn: cn=UPG Definition,cn=Managed Entries,cn=plugins,cn=config
cn: UPG Definition
objectClass: extensibleObject
objectClass: top
managedbase: cn=groups,cn=accounts,dc=testrelm
originfilter: (&(objectclass=posixAccount)(!(description=__no_upg__)))
originscope: cn=users,cn=accounts,dc=testrelm
managedtemplate: cn=UPG Template,cn=etc,dc=testrelm


Version:

ipa-server-2.1.1-3.el6.x86_64
Comment 9 Rob Crittenden 2011-10-31 18:28:33 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause: IPA replication installations were missing configuration for managed entries.
Consequence: User-private groups and netgroups were not created for host groups if they were created on the replica.
Fix: Add configuration for managed entries when creating a replica.
Result: Creating users and host groups perform the same when creating on any IPA server.
Comment 10 errata-xmlrpc 2011-12-06 18:22:04 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2011-1533.html
Note You need to log in before you can comment on or make changes to this bug.