freeipa

Clone
Source Code
GIT

#3143 Master server is able to create replication agreement with itself
Closed: fixed 5 years ago Opened 11 years ago by tbabej.

Closed: fixed
Reopen Issue

A server that had at least one replica at some point in its history is able to create replication agreement with itself.

Steps to reproduce:
1. Set up IPA Master
2. ipa-replica-prepare $replica #on master
3. ipa-replica-install $master #on replica
4. (optional) ipa-replica-manage del $replica #on master
5. ipa-replica-manage connect $master #on master

Expected output: Failure to create replication agreement with itself.
Current output: Success.

The steps 2-4 are necessary only to ensure that there was at least one replica at some point. When testing on a master that has/had some replicas, you may skip them. In case there have not been any replicas the step 5 failes with the following error:

ipa: INFO: Getting ldap service principals for conversion: (krbprincipalname=ldap/vm-073.idm.lab.bos.redhat.com@IDM.LAB.BOS.REDHAT.COM) and (krbprincipalname=ldap/vm-073.idm.lab.bos.redhat.com@IDM.LAB.BOS.REDHAT.COM)
unexpected error: {'info': 'Range Check error', 'desc': 'No such object'}




[tbabej@vm-063 ~]$ ipa-replica-manage list
vm-063.idm.lab.bos.redhat.com: master
[tbabej@vm-063 ~]$ ipa-replica-manage list vm-063.idm.lab.bos.redhat.com
[tbabej@vm-063 ~]$ ipa-replica-manage connect vm-063.idm.lab.bos.redhat.com
ipa: INFO: Getting ldap service principals for conversion: (krbprincipalname=ldap/vm-063.idm.lab.bos.redhat.com@IDM.LAB.BOS.REDHAT.COM) and (krbprincipalname=ldap/vm-063.idm.lab.bos.redhat.com@IDM.LAB.BOS.REDHAT.COM)
Connected 'vm-063.idm.lab.bos.redhat.com' to 'vm-063.idm.lab.bos.redhat.com'
[tbabej@vm-063 ~]$ ipa-replica-manage list
vm-063.idm.lab.bos.redhat.com: master
[tbabej@vm-063 ~]$ ipa-replica-manage list vm-063.idm.lab.bos.redhat.com
vm-063.idm.lab.bos.redhat.com: replica

Version:

[tbabej@vm-063 ~]$ rpm -qa | grep ipa
freeipa-debuginfo-3.0.0GIT63c7f61-0.fc17.x86_64
freeipa-client-3.0.0GIT63c7f61-0.fc17.x86_64
freeipa-server-3.0.0GIT63c7f61-0.fc17.x86_64
freeipa-server-selinux-3.0.0GIT63c7f61-0.fc17.x86_64
libipa_hbac-1.9.1-0.20120926T2039Zgit1ea72a4.fc17.x86_64
libipa_hbac-python-1.9.1-0.20120926T2039Zgit1ea72a4.fc17.x86_64
freeipa-server-trust-ad-3.0.0GIT63c7f61-0.fc17.x86_64
freeipa-python-3.0.0GIT63c7f61-0.fc17.x86_64
python-iniparse-0.4-6.fc17.noarch
freeipa-admintools-3.0.0GIT63c7f61-0.fc17.x86_64

389 dirsrv error log is attached.

attachment
errors

Metadata Update from @tbabej:
- Issue assigned to someone
- Issue set to the milestone: Ticket Backlog
7 years ago

It's no longer possible to create a replication agreement with own server.

# ipa-replica-manage connect $(hostname)
Creation of IPA replication agreement is deprecated with managed IPA replication topology. Please use `ipa topologysegment-*` commands to manage the topology.
# ipa topologysegment-add domain --left $(hostname) --right $(hostname)
Segment name [master.ipa.example-to-master.ipa.example]: 
ipa: ERROR: invalid 'leftnode': left node and right node must not be the same

Metadata Update from @cheimes:
- Issue close_status updated to: fixed
5 years ago

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
defect
None
None
IPA
None
0
None
None
None
None
todo
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.