#49074 incompatible nsEncryptionConfig object definition prevents RHEL 7->6 schema replication
Closed: wontfix 3 years ago Opened 3 years ago by nhosoi.

Description of problem:

After doing an ipa-replica-install on a RHEL7 host, I can no longer see DNS
entries in IPA from my RHEL6 IPA Master.

After what appears to be a successful ipa-replica-install, I see this:
# ipa dnsrecord-find testrelm.test
Number of entries returned 0

But, on the RHEL7 Replica, I see:

# ipa dnsrecord-find testrelm.test
  Record name: @
  NS record: rhel7-1.testrelm.test., rhel6-1.testrelm.test.

  Record name: _kerberos


Number of entries returned 13

The patch was tested RHEL7.3 replica / RHEL6.9 master.
It was also tested RHEL7.3 replica / RHEL6.8.z

The schema was pushed RHEL7 to RHEL6 with the same defintion on both side:

objectclasses: ( nsEncryptionConfig-oid NAME 'nsEncryptionConfig' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsCertfile $ nsKeyfile $ nsSSL2 $ nsSSL3 $ nsTLS1 $ nsTLS10 $ nsTLS11 $ nsTLS12 $ sslVersionMin $ sslVersionMax $ nsSSLSessionTimeout $ nsSSL3SessionTimeout $ nsSSLClientAuth $ nsSSL2Ciphers $ nsSSL3Ciphers $ nsSSLSupportedCiphers $ allowWeakCipher $ CACertExtractFile $ allowWeakDHParam ) X-ORIGIN ( 'Netscape' 'user defined' ) )


And also same nsschemaCSN

Thank you for the thorough testing, Thierry!
You have my ack, too.

'''git push origin master'''
Counting objects: 5, done.
Delta compression using up to 8 threads.
Compressing objects: 100% (5/5), done.
Writing objects: 100% (5/5), 844 bytes | 0 bytes/s, done.
Total 5 (delta 4), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
896c6db..64a425e master -> master
[tbordaz@pctbordaz ds]$ git log p -1
fatal: ambiguous argument 'p': unknown revision or path not in the working tree.
Use '--' to separate paths from revisions, like this:
'git <command> [<revision>...] -- [<file>...]'

commit 64a425e
Author: Thierry Bordaz tbordaz@redhat.com
Date: Wed Dec 21 16:31:48 2016 +0100

Not closing the ticket as it may be required to backport it in 1.3.5

Pushed to 389-ds-base-1.3.5 branch:

0929992..238d3c7 389-ds-base-1.3.5 -> 389-ds-base-1.3.5
commit 238d3c7

Metadata Update from @tbordaz:
- Issue assigned to tbordaz
- Issue set to the milestone:

3 years ago

Metadata Update from @tbordaz:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

3 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/2133

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: fixed)

2 months ago

Login to comment on this ticket.