Bug 970225 - DNA plugin failed to fetch replication agreement
Summary: DNA plugin failed to fetch replication agreement
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: 389-ds-base
Version: 18
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Rich Megginson
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 971111
TreeView+ depends on / blocked
 
Reported: 2013-06-03 18:44 UTC by Scott Poore
Modified: 2020-09-13 20:34 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 971111 (view as bug list)
Environment:
Last Closed: 2013-11-05 16:19:57 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github 389ds 389-ds-base issues 716 0 None None None 2020-09-13 20:34:53 UTC

Description Scott Poore 2013-06-03 18:44:05 UTC
Description of problem:

In an IPA environment, I'm seeing the DNA plugin fail to fetch a replication agreement.  The DNA plugin is trying a replica where there is no replication agreement.  This is causing ipa user-add to fail.

[root@ipaqa64vmd tmp.izaYf564ZD]# ipa user-add test --first=f --last=l
ipa: ERROR: Operations error: Allocation of a new value for range cn=posix ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed! Unable to proceed.

[root@ipaqa64vmd tmp.izaYf564ZD]# ldapsearch -xLLL -D "$ROOTDN" -w "$ROOTDNPWD" -b "cn=posix ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config"
dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
objectClass: top
objectClass: extensibleObject
cn: Posix IDs
dnaType: uidNumber
dnaType: gidNumber
dnaNextValue: 1101
dnaMaxValue: 1100
dnaMagicRegen: -1
dnaFilter: (|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ip
 aIDobject))
dnaScope: dc=testrelm,dc=com
dnaThreshold: 500
dnaSharedCfgDN: cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=testrelm,dc=com

So, looking in the logs at the time of the failure:

[29/May/2013:10:03:14 -0400] dna-plugin - dna_get_replica_bind_creds: Failed to fetch replication agreement for range cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=testrelm,dc=com, server ipaqa64vmf.testrelm.com, port 389
[29/May/2013:10:03:14 -0400] dna-plugin - dna_request_range: Unable to retrieve replica bind credentials.
...
[29/May/2013:10:03:14 -0400] dna-plugin - dna_get_replica_bind_creds: Failed to fetch replication agreement for range cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=testrelm,dc=com, server cloud-qe-15.testrelm.com, port 389
[29/May/2013:10:03:14 -0400] dna-plugin - dna_request_range: Unable to retrieve replica bind credentials.
[29/May/2013:10:03:14 -0400] dna-plugin - dna_pre_op: no more values available!!

After some help from Dev, it was pointed out that my IPA replica is running the dna-plugin.  The plugin fails to get the range from the master because it doesn't actually have a replication agreement with that master.

Topology is:

R1 - M - R2 - R3 - R4

Failure is occurring on R3.  dna-plugin on R3 is attempting to contact M but, there is not replication agreement.  M="master" and was the first IPA server setup in the environment.  


Version-Release number of selected component (if applicable):
389-ds-base-1.3.0.6-1.fc18.x86_64

How reproducible:
very

Steps to Reproduce:
1.  Setup IPA environment with similar topology.  
2.  On R3 or R4, ipa user-add

Actual results:
failure like above.

Expected results:
dna-plugin accurately looks up the range.  

Additional info:

Comment 1 Nathan Kinder 2013-06-03 19:01:54 UTC
Upstream ticket:
https://fedorahosted.org/389/ticket/47379

Comment 2 Rich Megginson 2013-09-27 21:43:21 UTC
This is fixed in F19 (389-ds-base-1.3.1.x).  Is a fix required in F18 (389-ds-base-1.3.0.x)?

Comment 3 Nathan Kinder 2013-11-05 16:19:57 UTC
This is fixed in F19, and we have no plans to fix it in F18.  Closing this as WONTFIX.


Note You need to log in before you can comment on or make changes to this bug.