#50399 dsconf replica create-manager incorrectly changes replicabinddn
Closed: fixed 6 months ago by mreynolds. Opened 9 months ago by firstyear.

Issue Description

During dsconf instance replication create-manager the command incorrectly modifies all existing outbound agreements to use the new dn.

This is a mistake.

-- It is a surprise behaviour - the command only says it is creating a manager, not changing configuration. It should only do that one thing.

-- The manager we are creating is for replicas to authenticate to this server, not for this server to provide outbound replications. Changing the outbound agreements to use the DN of the user on this server is incorrect

-- We are potentially trampling existing intent and configuration. Imagine I have server A and B. on A I have "incoming manager B" and on B I have "incoming manager A". These agreements were manually configured and existing.

I now run the create-manager command to standardise my process on the new method. I do this on A. This would have "replication manager", but would change my agreement incorrectly to connect to "replication manager",when it should remain as "incoming manager B".

As a result, the nsds5ReplicaBindDN attribute should not be altered in the repication manager creation process. It is up to the admin to alter their replication agreements to configure this value if required.

keep in mind - due to dsrc, args.suffix is ALWAYS populated if it exists in your dsrc, meaning this will always corrupt the agreements if you create-manager while you have a dsrc in your env.

Metadata Update from @firstyear:
- Custom field origin adjusted to None
- Custom field reviewstatus adjusted to None

9 months ago

@mreynolds has a different idea on solving this, so the PR as mentioned is not relevant.

Metadata Update from @mreynolds:
- Issue set to the milestone: 1.4.0

9 months ago

Metadata Update from @mreynolds:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

6 months ago

Login to comment on this ticket.