Latest patch set added new range plugin for ID range management, but it did not add necessary upgrade procedures:
ipaIDObject objectclass is not added during upgrades:
ipaIDObject
+objectClasses: (2.16.840.1.113730.3.8.12.14 NAME 'ipaIDobject' SUP top AUXILIARY MAY ( uidNumber $ gidNumber $ ipaNTSecurityIdentifier ) X-ORIGIN 'IPA v3' )
cn=ranges,cn=etc,$SUFFIX default entry is not right and thus it is not created during upgrade:
cn=ranges,cn=etc,$SUFFIX
+dn: cn=ranges,cn=etc,$SUFFIX +default: obectClass: top +default: objectClass: nsContainer +default: cn: ranges
Default range which is added during new IPA installation is not added during upgrades:
+dn: cn=$REALM_id_range,cn=ranges,cn=etc,$SUFFIX +changetype: add +objectClass: top +objectClass: ipaIDrange +objectClass: ipaDomainIDRange +cn: $REALM_id_range +ipaBaseID: $IDSTART +ipaIDRangeSize: $IDRANGE_SIZE
(minor) I saw some misformated error after the upgrade:
Range name: foo First Posix ID of the range: 10000 Number of IDs in the range: 500 First RID of the corresponding RID range: 40000 ipa: ERROR: invalid Gettext('Range setup', domain='ipa', localedir=None): Ranges for local domain must have a secondary RID base
cn=IPA Range-Check,cn=plugins,cn=config plugin configuration is not added after upgrade
cn=IPA Range-Check,cn=plugins,cn=config
These issues leads to the following issues when running ipa-adtrust-install after the upgrade:
ipa-adtrust-install
# ipa-adtrust-install The log file for this installation can be found in /var/log/ipaserver-install.log ============================================================================== This program will setup components needed to establish trust to AD domains for the FreeIPA Server. This includes: * Configure Samba * Add trust related objects to FreeIPA LDAP server To accept the default shown in brackets, press the Enter key. IPA generated smb.conf detected. Overwrite smb.conf? [no]: y The following operations may take some minutes to complete. Please wait until the prompt is returned. Enter the NetBIOS name for the IPA domain. Only up to 15 uppercase ASCII letters and digits are allowed. Example: EXAMPLE. NetBIOS domain name [IDM]: Directory Manager password: Directory Manager password: LDAP error: NO_SUCH_OBJECT Traceback (most recent call last): File "/sbin/ipa-adtrust-install", line 254, in <module> operation_name='ipa-adtrust-install') File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 724, in run_script handle_error(error, log_file_name) File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 761, in handle_error print >> sys.stderr, error.args[0]['info'] KeyError: 'info'
As agreed on IRC, Martin will work on schema addition during upgrade. Default range is not needed until ipa-adtrust-install is run at which point it will be created properly.
Gettext messages will disappear once we rebase our .po files, this is "feature" of Python gettext integration, lazy evaluation is performed for translations.
attachment freeipa-mkosek-282-create-default-range-entry-after-upgrade.patch
Patch freeipa-mkosek-282-create-default-range-entry-after-upgrade.patch sent for review
This is a Beta 1 regression.
master: d5fe029
Metadata Update from @mkosek: - Issue assigned to mkosek - Issue set to the milestone: FreeIPA 3.0 Beta 1
Login to comment on this ticket.