Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1212713
Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.
Description of problem: In 7.1 we have the two backends in the same instance ( dc=<main suffix> and o=ipaca ). For dc=<main suffix> we have all cli operations needed to ruv management but for backend o=ipaca we don't have that and most of the operations have to be done manually. I am proposing to add these commands to ipa-csreplica-manage or if not, as the command is quite similar, add a sort of option --ca to ipa-replica-manage and then, all the commands related to ruv management will use as suffix "o=ipaca" instead of "dc=<main suffix>". In this case, the change is minimal. Version-Release number of selected component (if applicable): ipa-server-4.1 How reproducible: this is a sort of rfe. It's always reproducible. Actual results: I have this RUV that I cannot manage: [root@idm-master ~]# ldapsearch -xLLL -D "cn=directory manager" -W -b "o=ipaca" '(&(nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff)(objectclass=nstombstone))' Enter LDAP Password: dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config objectClass: top objectClass: nsDS5Replica objectClass: extensibleobject nsDS5ReplicaRoot: o=ipaca nsDS5ReplicaType: 3 nsDS5ReplicaBindDN: cn=Replication Manager masterAgreement1-idm-replica.exampl e.org-pki-tomcat,ou=csusers,cn=config cn: replica nsDS5ReplicaId: 96 nsDS5Flags: 1 nsState:: YAAAAAAAAACptjBVAAAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAAAAAA== nsDS5ReplicaName: 493b2e05-d86111e4-966cbf09-b69875c6 nsds50ruv: {replicageneration} 551bd4cd000000600000 nsds50ruv: {replica 96 ldap://idm-master.example.org:389} 551bd4d6000000600000 5530b6aa000000600000 nsds50ruv: {replica 97 ldap://idm-replica.example.org:389} 551bd4f500000061000 0 551d2648000000610000 nsds5agmtmaxcsn: o=ipaca;masterAgreement1-idm-replica.example.org-pki-tomcat;i dm-replica.example.org;389;97;5530b6aa000000600000 nsruvReplicaLastModified: {replica 96 ldap://idm-master.example.org:389} 5530b 6a9 nsruvReplicaLastModified: {replica 97 ldap://idm-replica.example.org:389} 0000 0000 nsds5ReplicaChangeCount: 1623 nsds5replicareapactive: 0 [root@idm-master ~]# Expected results: To be able to manage this ruv. Additional info: I don't think it's a priority bug. But it will be nice to be coherent and be able to apply same sort of operations in all the replicated backends.
Proposing for 4.3 release.
see also #5411
This bug should be revisited when #5411(or alternative) is implemented. One of the reasons is that ipa-csreplica-manage won't be extended in a future so this might be a waste of time.
See long term plan draft
ticket #5411 implemented clean-dangling-ruvs, therefore we no longer need clean-ruv command in ipa-csreplica-manage.
But list-ruv and abort-clean-ruv commands of ipa-replica-manage should be extended to use o=ipaca suffix.
See design page
ipa-4-3:
master:
Metadata Update from @pvoborni: - Issue assigned to stlaz - Issue set to the milestone: FreeIPA 4.3.2
Login to comment on this ticket.