Hide Forgot
Description of problem: Re-initializing a winsync connection exits with an unexpected error. It seems to work fine functionally by updating data from the AD, but exits with an error. [root@dhcp207-140 ipa-winsync]# date ; ipa-replica-manage -v re-initialize --from squab.adrelm.com ; date Wed Aug 7 18:15:45 IST 2013 Update in progress, 47 seconds elapsed Update succeeded unexpected error: [Errno -2] Name or service not known Wed Aug 7 18:16:36 IST 2013 Version-Release number of selected component (if applicable): 389-ds-base-1.3.1.5-1.el7.x86_64 ipa-server-3.2.2-1.el7.x86_64 How reproducible: Always Steps to Reproduce: 1. Setup AD and IPA servers 2. Create winsync agreement between the 2 3. Add a new user in AD 4. Re-initialize the winsync connection with AD Actual results: New user gets synced, but command exits with following error unexpected error: [Errno -2] Name or service not known Expected results: Command should complete successfully without error Additional info: Attached logs generated while re-initializing
Created attachment 784307 [details] logs generated while re-initializing
I don't see anything that looks like a failure in the DS errors log, and sync is apparently working. The error you are receiving comes from ipa-replica-manage. I think that this needs to be investigated on the IPA side. Adjusting the component to ipa.
I looked at the code for ipa-replica-manage a bit, and it looks like the actual replica initialization portion of the re_initialze() call is working. The error must occur when we try to add a memberOf task at the very end of re_initialize(). Does the DS access log show an ADD operation for a memberOf task entry when you attempt to reinit the sync agreement? The entry will be named something like "cn=IPA install <timestamp>, cn=memberof task, cn=tasks, cn=config". If you do see this ADD, what is the result of the operation? The error message you are receiving makes me think that this is a failure on the ipa-replica-manage side of things to get the correct hostname.
Correct. I investigated the failure and found out that ipa-replica-manage tries to do an LDAP modify with an unitialized server FQDN. ipa-replica-manage: ... ds = dsinstance.DsInstance(realm_name = realm, dm_password = dirman_passwd) ds.init_memberof() ... ds.init_memberof() needs self.fqdn to operate. I will create an upstream ticket to fix it.
Upstream ticket: https://fedorahosted.org/freeipa/ticket/3854
Fixed upstream: master: dfa135e6069f9cb7f158d4540b530b137887932f Winsync re-initialize should not run memberOf fixup task 524a1a856739dd695e701ac33b67c8e758ac42c4 Use consistent realm name in cainstance and dsinstance ipa-3-3: 233d07d030500be4a593c22fef9cd841b7e7a12d Winsync re-initialize should not run memberOf fixup task b73adb72a410fc5669eee25e3670dd7abeeeeb6f Use consistent realm name in cainstance and dsinstance
Verified using ipa-server-3.3.3-5.el7.x86_64 Automated test result: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: ipa_winsync_bz994980: Using option re-initialize bz994980 bz1016042 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 10:29:11 ] :: https://bugzilla.redhat.com/show_bug.cgi?id=994980 :: [ 10:29:11 ] :: https://bugzilla.redhat.com/show_bug.cgi?id=1016042 :: [ PASS ] :: Creating error log ldif file (Expected 0, got 0) modifying entry "cn=config" :: [ PASS ] :: Setting the error log level (Expected 0, got 0) :: [ PASS ] :: aduser2 does not exist in IPA (Expected 2, got 2) ipa: ERROR: aduser2: user not found :: [ PASS ] :: Sleeping 60 seconds to make sure previous sync is done (Expected 0, got 0) :: [ PASS ] :: File '/tmp/tmp.J3C2YukU34/tmpout.ipa_winsync_bz994980.out' should contain 'ipa: ERROR: aduser2: user not found' :: [ PASS ] :: Generate ldif file to add user aduser2 (Expected 0, got 0) adding new entry "CN=aduser2 ads,CN=Users,DC=adrelm,DC=com" :: [ PASS ] :: Adding aduser2 in AD to test re-initialize option (Expected 0, got 0) :: [ PASS ] :: Wait for last sync interval 35 seconds (Expected 0, got 0) :: [ PASS ] :: User not synced (Expected 2, got 2) ipa: ERROR: aduser2: user not found :: [ PASS ] :: File '/tmp/tmp.J3C2YukU34/tmpout.ipa_winsync_bz994980.out' should contain 'ipa: ERROR: aduser2: user not found' :: [ 10:30:50 ] :: Using re-initiatize option of ipa-replica-manage :: [ 10:30:50 ] :: ipa-replica-manage re-initialize --from squab.adrelm.com > /tmp/tmp.J3C2YukU34/tmpout.ipa_winsync_bz994980.out 2>&1 :: [ PASS ] :: Using re-initialize option (Expected 0, got 0) Update in progress, 1 seconds elapsed Update in progress, 2 seconds elapsed Update in progress, 3 seconds elapsed Update in progress, 4 seconds elapsed Update in progress, 5 seconds elapsed Update in progress, 6 seconds elapsed Update in progress, 7 seconds elapsed Update in progress, 8 seconds elapsed Update in progress, 9 seconds elapsed Update in progress, 10 seconds elapsed Update in progress, 11 seconds elapsed Update in progress, 12 seconds elapsed Update in progress, 13 seconds elapsed Update in progress, 14 seconds elapsed Update in progress, 15 seconds elapsed Update in progress, 16 seconds elapsed Update in progress, 17 seconds elapsed Update in progress, 18 seconds elapsed Update in progress, 19 seconds elapsed Update in progress, 20 seconds elapsed Update in progress, 21 seconds elapsed Update in progress, 22 seconds elapsed Update in progress, 23 seconds elapsed Update in progress, 24 seconds elapsed Update in progress, 25 seconds elapsed Update in progress, 26 seconds elapsed Update in progress, 27 seconds elapsed Update in progress, 28 seconds elapsed Update in progress, 29 seconds elapsed Update in progress, 30 seconds elapsed Update in progress, 31 seconds elapsed Update in progress, 32 seconds elapsed Update in progress, 33 seconds elapsed Update in progress, 34 seconds elapsed Update in progress, 35 seconds elapsed Update in progress, 36 seconds elapsed Update succeeded :: [ PASS ] :: File '/tmp/tmp.J3C2YukU34/tmpout.ipa_winsync_bz994980.out' should contain 'Update in progress' :: [ PASS ] :: File '/tmp/tmp.J3C2YukU34/tmpout.ipa_winsync_bz994980.out' should contain 'Update succeeded' :: [ PASS ] :: File '/tmp/tmp.J3C2YukU34/tmpout.ipa_winsync_bz994980.out' should not contain 'Can't contact LDAP server' :: [ PASS ] :: File '/tmp/tmp.J3C2YukU34/tmpout.ipa_winsync_bz994980.out' should not contain 'unexpected error: [Errno -2] Name or service not known' :: [ PASS ] :: aduser2 added in AD, synced to IPA with reinitialize option (Expected 0, got 0) User login: aduser2 First name: aduser2 Last name: ads Home directory: /home/aduser2 Login shell: /bin/sh UID: 1474600010 GID: 1474600010 Account disabled: False Password: False Kerberos keys available: False :: [ PASS ] :: File '/tmp/tmp.J3C2YukU34/tmpout.ipa_winsync_bz994980.out' should contain 'Account disabled: False' :: [ PASS ] :: Running 'grep "Running Dirsync" /var/log/dirsrv/slapd-TESTRELM-COM/errors | tail -n2 > /tmp/tmp.J3C2YukU34/tmpout.ipa_winsync_bz994980.out 2>&1' (Expected 0, got 0) [26/Nov/2013:10:27:58 -0500] NSMMReplicationPlugin - Running Dirsync [26/Nov/2013:10:31:30 -0500] NSMMReplicationPlugin - Running Dirsync '2396e4f5-4896-4dd3-b6ad-6ea3a850aaa9' ipa-winsync-bz994980 result: PASS
This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request.