389-ds-base

Clone
Source Code
GIT

#48320 nsEncryptionConfig object class is incorrect after 389 upgrade
Closed: wontfix 6 years ago Opened 8 years ago by nhosoi.

Closed: wontfix
Reopen Issue 
Description of problem:
named.run shows the following errors:

04-May-2015 13:56:29.131 connection to the LDAP server was lost
04-May-2015 13:56:29.196 successfully reconnected to LDAP server
04-May-2015 13:56:29.196 LDAP instance 'ipa' is being synchronized, please
ignore message 'all zones loaded'
04-May-2015 13:56:29.196 LDAP error: Critical extension is unavailable: unable
to start SyncRepl session: is RFC 4533 supported by LDAP server?
04-May-2015 13:56:29.197 ldap_syncrepl will reconnect in 60 seconds

As a result, no IPA dns zones are being loaded / presented.

From 389 I can see:

[04/May/2015:13:59:28 +091800] conn=30 op=3 SRCH base="(null)" scope=2 filter="
(|(objectClass=idnsConfigObject)(objectClass=idnsZone)(objectClass=idnsForwardZ
one)(objectClass=idnsRecord))", failed to decode LDAP controls
[04/May/2015:13:59:28 +091800] conn=30 op=3 RESULT err=12 tag=101 nentries=0
etime=0

Here are the relevant versions of packages.

Reinstalling:
 389-ds-base                        x86_64                   1.3.3.1-16.el7_1
updates                   1.6 M
 389-ds-base-libs                   x86_64                   1.3.3.1-16.el7_1
updates                   599 k
 bind                               x86_64
32:9.9.4-18.el7_1.1                      updates                   1.8 M
 bind-dyndb-ldap                    x86_64                   6.0-2.el7
base                      100 k
 bind-libs                          x86_64
32:9.9.4-18.el7_1.1                      updates                   1.0 M
 bind-libs-lite                     x86_64
32:9.9.4-18.el7_1.1                      updates                   712 k
 bind-license                       noarch
32:9.9.4-18.el7_1.1                      updates                    80 k
 bind-utils                         x86_64
32:9.9.4-18.el7_1.1                      updates                   199 k

Happy to provide any other info needed. This only occurs after update from rhel
7.0 to 7.1.

I don't think that this will occur in the wild. It may be as a result of my specific environment setup.

First, my IPA domain started on Fedora. I believe it was on F20 / F21 at the time. I then moved it to EL7.0 when it came out, but this was a "minor version" downgrade of ipa version. I believe 3.3 to 3.1. Given my F21 likely had newer schema, this is probably how I ended up with nsEncryptionConfig in 99user.ldif.

Then, I have gone to upgrade 7.0 -> 7.1, and that's when I hit the issue.

So, I think it's a low likely hood people will hit this in the wild, but maybe we need some way of handling when system schema is put into 99user.ldif, and is then changed during an upgrade.

Metadata Update from @firstyear:
- Issue set to the milestone: 1.3.6.0
7 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/1651

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: invalid)
3 years ago

Login to comment on this ticket.

Metadata
None
None
None
None
normal
None
Community
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.