Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1181010
Description of problem: ipa-replica-manage list does not list synced domain Version-Release number of selected component (if applicable): ipa-server-4.1.0-13.el7.x86_64 389-ds-base-1.3.3.1-11.el7.x86_64 How reproducible: Steps to Reproduce: 1. Install IPA 2. Configure winsync with an AD 3. Run "ipa-replica-manage list" Actual results: ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: : :: [ LOG ] :: ipa_winsync_0010: ipa-replica-manage list ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: : :: [ BEGIN ] :: List replicas :: actually running 'ipa-replica-manage list > /tmp/tmp.5gHhAtn2MF/tmpout.ipa_winsync_0010.out 2>&1' :: [ PASS ] :: List replicas (Expected 0, got 0) vm-idm-039.sync2008r2.test: master :: [ FAIL ] :: File '/tmp/tmp.5gHhAtn2MF/tmpout.ipa_winsync_0010.out' should contain 'squab.adrelm.com: winsync' :: [ PASS ] :: File '/tmp/tmp.5gHhAtn2MF/tmpout.ipa_winsync_0010.out' should contain 'vm-idm-039.sync2008r2.test: master' :: [ BEGIN ] :: List replicas for IPA Server :: actually running 'ipa-replica-manage list vm-idm-039.sync2008r2.test > /tmp/tmp.5gHhAtn2MF/tmpout.ipa_winsync_0010.out 2>&1' :: [ PASS ] :: List replicas for IPA Server (Expected 0, got 0) squab.adrelm.com: replica :: [ PASS ] :: File '/tmp/tmp.5gHhAtn2MF/tmpout.ipa_winsync_0010.out' should contain 'squab.adrelm.com: replica' Expected results: vm-idm-039.sync2008r2.test: master squab.adrelm.com: winsync Additional info:
attachment freeipa-mkosek-489-allow-replication-administrators-to-manipulate-winsy.patch
Patch freeipa-mkosek-489-allow-replication-administrators-to-manipulate-winsy.patch sent for review
This is a regression and needs to addressed in 4.0.x.
Testing Instructions
With attached patch set, "admin" user or "Replication Administrators" privilege members should be able to create a winsync connection and PassSync user, e.g.:
[root@ipa ~]# ipa-replica-manage connect --winsync --cacert=/home/mkosek/mkad2012.crt --binddn='cn=Administrator,cn=users,dc=mkad2012,dc=test' --bindpw=Secret123 mkdc2012.mkad2012.test --passsync Secret123 -v ... The user for the Windows PassSync service is uid=passsync,cn=sysaccounts,cn=etc,dc=mkosek-f21,dc=test Adding Windows PassSync system account ... Connected 'ipa.mkosek-f21.test' to 'mkdc2012.mkad2012.test'
This should just complete and not crash. admin user should then also able to list the winsync replica with
# ipa-replica-manage list mkdc2012.mkad2012.test: winsync ipa.mkosek-f21.test: master
Moving to 4.0 - patch conflicts in 4.0 and is not critical enough to be adding this branch, given 4.1 is officially supported.
master:
ipa-4-1:
Metadata Update from @mkosek: - Issue assigned to mkosek - Issue set to the milestone: FreeIPA 4.1.3
Login to comment on this ticket.