788741 – 389 DS DNA Plugin / Replication failing on GSSAPI

Bug 788741 - 389 DS DNA Plugin / Replication failing on GSSAPI

Summary: 389 DS DNA Plugin / Replication failing on GSSAPI

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	389-ds-base
Sub Component:
Version:	6.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Rich Megginson
QA Contact:	IDM QE LIST
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-02-08 22:37 UTC by Rich Megginson
Modified:	2012-06-20 07:14 UTC (History)
CC List:	3 users (show)
Fixed In Version:	389-ds-base-1.2.10.0-1.el6
Doc Type:	Bug Fix
Doc Text:	Cause: Using replication with DNA to auto-generate UID numbers. Consequence: Adding users fails with error messages like this: Operations error: Allocation of a new value for range cn=posix ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed Fix: DNA was using a too-short timeout value that was causing problems on networks with high latency (WANs, etc.). The fix was to use the correct timeout value specified in the replication configuration. Result: No errors adding users when using replication with DNA.
Clone Of:
Environment:
Last Closed:	2012-06-20 07:14:08 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2012:0813	normal	SHIPPED_LIVE	Low: 389-ds-base security, bug fix, and enhancement update	2012-06-19 19:29:15 UTC

Description Rich Megginson 2012-02-08 22:37:54 UTC

This bug is created as a clone of upstream ticket:
https://fedorahosted.org/389/ticket/12

https://bugzilla.redhat.com/show_bug.cgi?id=755119

{{{
Description of problem:
There appears to be a race failing when the DNA Plugin attempts to make a uid
range replication request backed by gssapi.

Version-Release number of selected component (if applicable):
389-ds-base-libs-1.2.10-0.5.a5.fc15.x86_64
389-ds-base-1.2.10-0.5.a5.fc15.x86_64

How reproducible:
100%

Steps to Reproduce:
1. Install IPA Server (ipa-server-install)
2. Prepare Replica (ipa-replica-prepare replica-hostname)
3. Transfer resulting replica-hostname.gpg
4. Install Replica (ipa-replica-install replica-hostname.gpg)
5. kinit admin
6. Attempt to create new user (ipa user-add test)

Actual results:
ipa: ERROR: Operations error: Allocation of a new value for range cn=posix
ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed!
Unable to proceed.

Expected results:
Expected new user to be added and range to be transferred.

Additional info:
}}}

Comment 1 Jenny Severance 2012-02-14 15:54:07 UTC

Please add steps to reproduce/verify with just RHDS

Comment 3 Rich Megginson 2012-04-16 16:40:03 UTC

(In reply to comment #1)
> Please add steps to reproduce/verify with just RHDS

Do a 2 master replication WAN test with both servers set up to do DNA and range requests - might be able to use the existing DNA test suite, just using WAN replication

Comment 4 Rich Megginson 2012-05-24 23:35:43 UTC

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause: Using replication with DNA to auto-generate UID numbers.
Consequence: Adding users fails with error messages like this:
Operations error: Allocation of a new value for range cn=posix
ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed
Fix: DNA was using a too-short timeout value that was causing problems on networks with high latency (WANs, etc.).  The fix was to use the correct timeout value specified in the replication configuration.
Result: No errors adding users when using replication with DNA.

Comment 5 Sankar Ramalingam 2012-05-30 20:18:34 UTC

Tested DNA plugin with ranges o LAN. I didn't see any error messages. Hence marking the bug as verified.

Comment 6 errata-xmlrpc 2012-06-20 07:14:08 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2012-0813.html

Note You need to log in before you can comment on or make changes to this bug.