Bug 788741 - 389 DS DNA Plugin / Replication failing on GSSAPI
Summary: 389 DS DNA Plugin / Replication failing on GSSAPI
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: 389-ds-base
Version: 6.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Rich Megginson
QA Contact: IDM QE LIST
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-02-08 22:37 UTC by Rich Megginson
Modified: 2012-06-20 07:14 UTC (History)
3 users (show)

Fixed In Version: 389-ds-base-1.2.10.0-1.el6
Doc Type: Bug Fix
Doc Text:
Cause: Using replication with DNA to auto-generate UID numbers. Consequence: Adding users fails with error messages like this: Operations error: Allocation of a new value for range cn=posix ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed Fix: DNA was using a too-short timeout value that was causing problems on networks with high latency (WANs, etc.). The fix was to use the correct timeout value specified in the replication configuration. Result: No errors adding users when using replication with DNA.
Clone Of:
Environment:
Last Closed: 2012-06-20 07:14:08 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2012:0813 normal SHIPPED_LIVE Low: 389-ds-base security, bug fix, and enhancement update 2012-06-19 19:29:15 UTC

Description Rich Megginson 2012-02-08 22:37:54 UTC
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/389/ticket/12

https://bugzilla.redhat.com/show_bug.cgi?id=755119

{{{
Description of problem:
There appears to be a race failing when the DNA Plugin attempts to make a uid
range replication request backed by gssapi.

Version-Release number of selected component (if applicable):
389-ds-base-libs-1.2.10-0.5.a5.fc15.x86_64
389-ds-base-1.2.10-0.5.a5.fc15.x86_64

How reproducible:
100%

Steps to Reproduce:
1. Install IPA Server (ipa-server-install)
2. Prepare Replica (ipa-replica-prepare replica-hostname)
3. Transfer resulting replica-hostname.gpg
4. Install Replica (ipa-replica-install replica-hostname.gpg)
5. kinit admin
6. Attempt to create new user (ipa user-add test)

Actual results:
ipa: ERROR: Operations error: Allocation of a new value for range cn=posix
ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed!
Unable to proceed.

Expected results:
Expected new user to be added and range to be transferred.

Additional info:
}}}

Comment 1 Jenny Severance 2012-02-14 15:54:07 UTC
Please add steps to reproduce/verify with just RHDS

Comment 3 Rich Megginson 2012-04-16 16:40:03 UTC
(In reply to comment #1)
> Please add steps to reproduce/verify with just RHDS

Do a 2 master replication WAN test with both servers set up to do DNA and range requests - might be able to use the existing DNA test suite, just using WAN replication

Comment 4 Rich Megginson 2012-05-24 23:35:43 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause: Using replication with DNA to auto-generate UID numbers.
Consequence: Adding users fails with error messages like this:
Operations error: Allocation of a new value for range cn=posix
ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed
Fix: DNA was using a too-short timeout value that was causing problems on networks with high latency (WANs, etc.).  The fix was to use the correct timeout value specified in the replication configuration.
Result: No errors adding users when using replication with DNA.

Comment 5 Sankar Ramalingam 2012-05-30 20:18:34 UTC
Tested DNA plugin with ranges o LAN. I didn't see any error messages. Hence marking the bug as verified.

Comment 6 errata-xmlrpc 2012-06-20 07:14:08 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2012-0813.html


Note You need to log in before you can comment on or make changes to this bug.