Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1108199
Description of problem: Attempting to install an RHEL 7 replica in an existing RHEL 6.5 realm, ipa-replica-install fails with the error: Unexpected error - see /var/log/ipareplica-install.log for details: ValueError: nsDS5ReplicaId has 2 values, one expected The relevant section of that log appears to be: 2014-06-11T13:50:09Z DEBUG flushing ldap://ipa3.opentlc.com:389 from SchemaCache 2014-06-11T13:50:09Z DEBUG retrieving schema for SchemaCache url=ldap://ipa3.opentlc.com:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x40e0908> 2014-06-11T13:50:09Z DEBUG File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 638, in run_script return_value = main_function() File "/sbin/ipa-replica-install", line 664, in main ds = install_replica_ds(config) File "/sbin/ipa-replica-install", line 189, in install_replica_ds ca_file=config.dir + "/ca.crt", File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 360, in create_replica self.start_creation(runtime=60) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 364, in start_creation method() File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 373, in __setup_replica r_bindpw=self.dm_password) File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line 932, in setup_replication l_id = self._get_replica_id(self.conn, r_conn) File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line 240, in _get_replica_id if replica.single_value('nsDS5ReplicaId', None) is None: File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 803, in single_value '%s has %s values, one expected' % (name, len(values))) 2014-06-11T13:50:09Z DEBUG The ipa-replica-install command failed, exception: ValueError: nsDS5ReplicaId has 2 values, one expected Version-Release number of selected component (if applicable): ipa-server-3.3.3-28.el7.x86_64 How reproducible: always Steps to Reproduce: 1. Run ipa-replica-prepare on an existing RHEL 6.5 IPA master, for new RHEL 7 host 2. Copy replica info file to new RHEL 7 system 3. Run ipa-replica-install on new RHEL 7 system Actual results: ipa-replica-install fails with "ValueError: nsDS5ReplicaId has 2 values, one expected" Expected results: ipa-replica-install adds a new RHEL 7 master to the realm Additional info:
nsDS5ReplicaId is single-value, so I doubt we're actually getting two values from LDAP.
nsDS5ReplicaId
Right. Also the ldapsearch attached to the Bugzilla indicate that there is just one value in the attribute.
What does @@nsDS5ReplicaId: 5 in the ldapsearch output mean? I do not see the two @@s when doing ldapsearch on my testing replica.
@@nsDS5ReplicaId: 5
@@
Replying to [comment:3 mkosek]:
Right. Also the ldapsearch attached to the Bugzilla indicate that there is just one value in the attribute. What does @@nsDS5ReplicaId: 5 in the ldapsearch output mean? I do not see the two @@s when doing ldapsearch on my testing replica.
The "@@" is left over from a Red Hat pastebin where I posted that ldapsearch output originally. In that pastebin, the double @ symbol highlights the line. "@@" was not present in the actual output from ldapsearch, I was just highlighting the lines of output where the nsDS5ReplicaId attribute showed up.
Turns out nsDS5ReplicaId is not single-value in this schema, and it really had two values.
Replying to [comment:5 pviktori]:
We determined this with the following LDAP searches:
ldapsearch -Y GSSAPI -H ldap://${ipaserver} -b cn=replication,cn=etc,${SUFFIX} -s sub ldapsearch -Y GSSAPI -H ldap://${ipaserver} -b cn=schema attributetypes | egrep -i -A2 nsDS5ReplicaId
Found it! Dupe of #3394
Actually, since there are installs with multiple nsds5replicaid, cn=replication,cn=etc, we'll need to handle this case in replica-install
master:
Metadata Update from @pviktori: - Issue assigned to pviktori - Issue set to the milestone: FreeIPA 4.0 GA
Login to comment on this ticket.