Bug 788741 – 389 DS DNA Plugin / Replication failing on GSSAPI

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 788741 - 389 DS DNA Plugin / Replication failing on GSSAPI

Summary:	389 DS DNA Plugin / Replication failing on GSSAPI

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	389-ds-base (Show other bugs)
Sub Component:
Version:	6.3
Hardware:	Unspecified Unspecified

Priority	unspecified Severity unspecified
Target Milestone:	rc
Target Release:	---
Assigned To:	Rich Megginson
QA Contact:	IDM QE LIST
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2012-02-08 17:37 EST by Rich Megginson
Modified:	2012-06-20 03:14 EDT (History)
CC List:	3 users (show)

See Also:
Fixed In Version:	389-ds-base-1.2.10.0-1.el6
Doc Type:	Bug Fix
Doc Text:	Cause: Using replication with DNA to auto-generate UID numbers. Consequence: Adding users fails with error messages like this: Operations error: Allocation of a new value for range cn=posix ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed Fix: DNA was using a too-short timeout value that was causing problems on networks with high latency (WANs, etc.). The fix was to use the correct timeout value specified in the replication configuration. Result: No errors adding users when using replication with DNA.
Story Points:	---
Clone Of:
Environment:
Last Closed:	2012-06-20 03:14:08 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2012:0813	normal	SHIPPED_LIVE	Low: 389-ds-base security, bug fix, and enhancement update	2012-06-19 15:29:15 EDT

Groups: None (edit)

Description Rich Megginson 2012-02-08 17:37:54 EST

This bug is created as a clone of upstream ticket:
https://fedorahosted.org/389/ticket/12

https://bugzilla.redhat.com/show_bug.cgi?id=755119

{{{
Description of problem:
There appears to be a race failing when the DNA Plugin attempts to make a uid
range replication request backed by gssapi.

Version-Release number of selected component (if applicable):
389-ds-base-libs-1.2.10-0.5.a5.fc15.x86_64
389-ds-base-1.2.10-0.5.a5.fc15.x86_64

How reproducible:
100%

Steps to Reproduce:
1. Install IPA Server (ipa-server-install)
2. Prepare Replica (ipa-replica-prepare replica-hostname)
3. Transfer resulting replica-hostname.gpg
4. Install Replica (ipa-replica-install replica-hostname.gpg)
5. kinit admin
6. Attempt to create new user (ipa user-add test)

Actual results:
ipa: ERROR: Operations error: Allocation of a new value for range cn=posix
ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed!
Unable to proceed.

Expected results:
Expected new user to be added and range to be transferred.

Additional info:
}}}

Comment 1 Jenny Galipeau 2012-02-14 10:54:07 EST

Please add steps to reproduce/verify with just RHDS

Comment 3 Rich Megginson 2012-04-16 12:40:03 EDT

(In reply to comment #1)
> Please add steps to reproduce/verify with just RHDS

Do a 2 master replication WAN test with both servers set up to do DNA and range requests - might be able to use the existing DNA test suite, just using WAN replication

Comment 4 Rich Megginson 2012-05-24 19:35:43 EDT

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause: Using replication with DNA to auto-generate UID numbers.
Consequence: Adding users fails with error messages like this:
Operations error: Allocation of a new value for range cn=posix
ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed
Fix: DNA was using a too-short timeout value that was causing problems on networks with high latency (WANs, etc.).  The fix was to use the correct timeout value specified in the replication configuration.
Result: No errors adding users when using replication with DNA.

Comment 5 Sankar Ramalingam 2012-05-30 16:18:34 EDT

Tested DNA plugin with ranges o LAN. I didn't see any error messages. Hence marking the bug as verified.

Comment 6 errata-xmlrpc 2012-06-20 03:14:08 EDT

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2012-0813.html

Note You need to log in before you can comment on or make changes to this bug.