Hide Forgot
This bug is created as a clone of upstream ticket: https://fedorahosted.org/389/ticket/360 https://bugzilla.redhat.com/show_bug.cgi?id=819409 (''Fedora'') {{{ Description of problem: When installing FreeIPA, ldapmodify reports Operations Error and does not write data to LDAP (privilege objects in this case). This causes subsequent issues in FreeIPA install: # ipa-server-install ... Configuring directory server: Estimated time 1 minute [1/35]: creating directory server user [2/35]: creating directory server instance [3/35]: adding default schema [4/35]: enabling memberof plugin [5/35]: enabling referential integrity plugin [6/35]: enabling winsync plugin [7/35]: configuring replication version plugin [8/35]: enabling IPA enrollment plugin [9/35]: enabling ldapi [10/35]: configuring uniqueness plugin [11/35]: configuring uuid plugin [12/35]: configuring modrdn plugin [13/35]: enabling entryUSN plugin [14/35]: configuring lockout plugin [15/35]: creating indices [16/35]: configuring ssl for ds instance [17/35]: configuring certmap.conf [18/35]: configure autobind for root [19/35]: configure new location for managed entries [20/35]: restarting directory server [21/35]: adding default layout [22/35]: adding delegation layout ipa : CRITICAL Failed to load delegation.ldif: Command '/usr/bin/ldapmodify -h vm-109.idm.lab.bos.redhat.com -v -f /tmp/tmpM7h8OS -x -D cn=Directory Manager -y /tmp/tmpW0nOK4' returned non-zero exit status 1 [23/35]: adding replication acis [24/35]: creating container for managed entries [25/35]: configuring user private groups [26/35]: configuring netgroups from hostgroups ... ipaserver-install.log excerpt: 2012-05-07T06:45:15Z DEBUG [22/35]: adding delegation layout 2012-05-07T06:45:16Z DEBUG args=/usr/bin/ldapmodify -h vm-109.idm.lab.bos.redhat.com -v -f /tmp/ tmpM7h8OS -x -D cn=Directory Manager -y /tmp/tmpW0nOK4 2012-05-07T06:45:16Z DEBUG stdout=add objectClass: top nsContainer add cn: roles adding new entry "cn=roles,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com" modify complete add objectClass: top nsContainer add cn: pbac adding new entry "cn=pbac,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com" modify complete ... add objectClass: top groupofnames nestedgroup add cn: Group Administrators add description: Group Administrators adding new entry "cn=Group Administrators,cn=privileges,cn=pbac,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com" 2012-05-07T06:45:16Z DEBUG stderr=ldap_initialize( ldap://vm-109.idm.lab.bos.redhat.com ) ldap_add: Operations error (1) 2012-05-07T06:45:16Z CRITICAL Failed to load delegation.ldif: Command '/usr/bin/ldapmodify -h vm-109. idm.lab.bos.redhat.com -v -f /tmp/tmpM7h8OS -x -D cn=Directory Manager -y /tmp/tmpW0nOK4' returned non-zero exit status 1 I found a strange error in dirsrv error log (full log attached) which may be relevant: [07/May/2012:02:45:13 -0400] - slapd stopped. [07/May/2012:02:45:14 -0400] - 389-Directory/1.2.11.3 B2012.126.1429 starting up [07/May/2012:02:45:14 -0400] attrcrypt - No symmetric key found for cipher AES in backend userRoot, attempting to create one... [07/May/2012:02:45:14 -0400] attrcrypt - Key for cipher AES successfully generated and stored [07/May/2012:02:45:14 -0400] attrcrypt - No symmetric key found for cipher 3DES in backend userRoot, attempting to create one... [07/May/2012:02:45:14 -0400] attrcrypt - Key for cipher 3DES successfully generated and stored [07/May/2012:02:45:14 -0400] ipaenrollment_start - [file ipa_enrollment.c, line 390]: Failed to get default realm?! [07/May/2012:02:45:14 -0400] - slapd started. Listening on All Interfaces port 389 for LDAP requests [07/May/2012:02:45:14 -0400] - Listening on All Interfaces port 636 for LDAPS requests [07/May/2012:02:45:14 -0400] - Listening on /var/run/slapd-IDM-LAB-BOS-REDHAT-COM.socket for LDAPI requests [07/May/2012:02:45:15 -0400] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=idm,dc=lab, dc=bos,dc=redhat,dc=com--no CoS Templates found, which should be added before the CoS Definition. [07/May/2012:02:45:15 -0400] - libdb: BDB0102 previous transaction deadlock return not resolved [07/May/2012:02:45:15 -0400] entryrdn-index - _entryrdn_put_data: Adding the self link (61) failed: Invalid argument (22) [07/May/2012:02:45:15 -0400] - add: attempt to index 61 failed Version-Release number of selected component (if applicable): 389-ds-base-1.2.11.3-1.fc17.x86_64 How reproducible: Steps to Reproduce: 1. Install freeipa on F-17 and observe installation 2. 3. Actual results: Installation reports 389-ds errors Expected results: Installation succeeds without 389-ds errors Additional info: Target VM has 1G memory, there were several related warnings in the beginning of the error log, not sure if it is connected with the error. }}}
Covered by the new test multi_plugin - the stress test testcases/DS/6.0/multi_plugin ------------------------------------------------------------------------ r6706 | rmeggins | 2012-07-07 08:24:23 -0600 (Sat, 07 Jul 2012) | 16 lines Add multi_plugin test suite This test enables and configures multiple plugins in the style of ipa. The stress version of this test will enable the TXN_TESTING in the server which will exercise the txn deadlock and retry code paths in the server. Tickets covered by this test: Ticket #345 - db deadlock return should not log error Ticket #387 - managed entry sometimes doesn't delete the managed entry Ticket #360 - ldapmodify returns Operations error Ticket #335 - transaction retries need to be cache aware Bugs covered by this test: 830336 db deadlock return should not log error 830343 managed entry sometimes doesn't delete the managed entry 833218 ldapmodify returns Operations error 833202 transaction retries need to be cache aware
Verified [2012-11-12 15:49:35] [multi_plugin][mp_01] dn: vendorversion: 389-Directory/1.2.11.15 B2012.317.946 [2012-11-12 15:49:35] [multi_plugin][mp_01] finished TestCase [mp_01] result-> [PASS] [2012-11-12 15:49:35] [multi_plugin][mp_add] - add 5 users [2012-11-12 15:49:36] [multi_plugin][mp_add] no txn retries - increase TXN_TEST_HOLD_MSEC and/or decrease TXN_TEST_LOOP_MSEC [2012-11-12 15:49:39] [multi_plugin][mp_add] group members in cn=mpusers,ou=Groups,dc=example,dc=com differ from current dn list - probable memberof failure due to busy/txn retries - allowing 1a2,5 > uid=testuser1,ou=People,dc=example,dc=com > uid=testuser1,ou=People,dc=example,dc=com > uid=testuser1,ou=People,dc=example,dc=com > uid=testuser2,ou=People,dc=example,dc=com 2a7,10 > uid=testuser2,ou=People,dc=example,dc=com > uid=testuser2,ou=People,dc=example,dc=com > uid=testuser3,ou=People,dc=example,dc=com > uid=testuser3,ou=People,dc=example,dc=com 3a12,15 > uid=testuser3,ou=People,dc=example,dc=com > uid=testuser4,ou=People,dc=example,dc=com > uid=testuser4,ou=People,dc=example,dc=com > uid=testuser4,ou=People,dc=example,dc=com 5a18,20 > uid=testuser5,ou=People,dc=example,dc=com > uid=testuser5,ou=People,dc=example,dc=com > uid=testuser5,ou=People,dc=example,dc=com [2012-11-12 15:49:39] [multi_plugin][mp_add] finished TestCase [mp_add] result-> [PASS] [2012-11-12 15:49:39] [multi_plugin][mp_mod] - modify users [2012-11-12 15:49:39] [multi_plugin][mp_mod] no txn retries - increase TXN_TEST_HOLD_MSEC and/or decrease TXN_TEST_LOOP_MSEC [2012-11-12 15:49:41] [multi_plugin][mp_mod] finished TestCase [mp_mod] result-> [PASS] [2012-11-12 15:49:41] [multi_plugin][mp_rename] - rename users [2012-11-12 15:49:41] [multi_plugin][mp_rename] no txn retries - increase TXN_TEST_HOLD_MSEC and/or decrease TXN_TEST_LOOP_MSEC [2012-11-12 15:49:43] [multi_plugin][mp_rename] finished TestCase [mp_rename] result-> [PASS] [2012-11-12 15:49:43] [multi_plugin][mp_subtreerename] - rename subtree [2012-11-12 15:49:45] [multi_plugin][mp_subtreerename] finished TestCase [mp_subtreerename] result-> [PASS] [2012-11-12 15:49:45] [multi_plugin][mp_delete] delete users in /home/sramling/RHEL64/testcases/DS/6.0/tet_tmp_dir//multi_plugin/dnlist [2012-11-12 15:49:46] [multi_plugin][mp_delete] no txn retries - increase TXN_TEST_HOLD_MSEC and/or decrease TXN_TEST_LOOP_MSEC [2012-11-12 15:49:48] [multi_plugin][mp_delete] finished TestCase [mp_delete] result-> [PASS] version 389-ds-base-1.2.11.15-3.el6
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0503.html