#3854 Re-initializing a winsync connection exits with "unexpected error"
Closed: Fixed None Opened 5 years ago by mkosek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 994980

Description of problem:
Re-initializing a winsync connection exits with an unexpected error. It seems
to work fine functionally by updating data from the AD, but exits with an
error.

[root@dhcp207-140 ipa-winsync]# date ; ipa-replica-manage -v re-initialize
--from squab.adrelm.com ; date
Wed Aug  7 18:15:45 IST 2013
Update in progress, 47 seconds elapsed
Update succeeded

unexpected error: [Errno -2] Name or service not known
Wed Aug  7 18:16:36 IST 2013


Version-Release number of selected component (if applicable):
389-ds-base-1.3.1.5-1.el7.x86_64
ipa-server-3.2.2-1.el7.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Setup AD and IPA servers
2. Create winsync agreement between the 2
3. Add a new user in AD
4. Re-initialize the winsync connection with AD

Actual results:
New user gets synced, but command exits with following error

unexpected error: [Errno -2] Name or service not known

Expected results:
Command should complete successfully without error

Additional info:
Attached logs generated while re-initializing

I already put instructions to fix this issue to the original Bugzilla.


Check with Rob or DS team of re-initialize really makes sense for winsync agreements and based on the reply either fix the error or disable this action for winsync agreements altogether.

Moving to next month milestone.

Moving to next month iteration.

See https://bugzilla.redhat.com/show_bug.cgi?id=1016042#c7 for more info. I think we should just disable this section

    # If the agreement doesn't have nsDS5ReplicatedAttributeListTotal it means
    # we did not replicate memberOf, do so now.
    if not agreement.getValue('nsDS5ReplicatedAttributeListTotal'):
        ds = dsinstance.DsInstance(realm_name = realm, dm_password = dirman_passwd)
        ds.init_memberof()

... in re-initialize for all winsync agreements. As we sync users only, we do not need to care about memberOf anyway.

We just need to verify that if we have an existing user with a membership added in IPA, re-initialize won't get it to inconsistent state of member/memberOf pairs.

I crafted a patch when investigating this issue, I can send it.

Patch freeipa-mkosek-426-winsync-re-initialize-should-not-run-memberof-fixup-.patch sent for review

master:[[BR]]
dfa135e Winsync re-initialize should not run memberOf fixup task[[BR]]
524a1a8 Use consistent realm name in cainstance and dsinstance[[BR]]

ipa-3-3:[[BR]]
233d07d Winsync re-initialize should not run memberOf fixup task[[BR]]
b73adb7 Use consistent realm name in cainstance and dsinstance[[BR]]

Metadata Update from @mkosek:
- Issue assigned to mkosek
- Issue set to the milestone: FreeIPA 3.3.x - 2013/10 (bug fixing)

2 years ago

Login to comment on this ticket.

Metadata