While investigating failing cleanallruv tasks, there also was the error about failing cleanup detected:
# ipa-replica-manage del vm-162.idm.lab.eng.brq.redhat.com .. Failed to cleanup vm-162.idm.lab.eng.brq.redhat.com entries: Not allowed on non-leaf entry
in the access log we see
[06/May/2015:14:19:11 +0200]conn=30 op=17 SRCH base="cn=vm-162.idm.lab.eng.brq.redhat.com,cn=masters,cn=ipa,cn=etc,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com" scope=2 filter="(objectClass=*)" attrs=ALL [06/May/2015:14:19:11 +0200] conn=30 op=17 RESULT err=0 tag=101 nentries=6 etime=0 notes=U [06/May/2015:14:19:11 +0200] conn=30 op=18 DEL dn="cn=vm-162.idm.lab.eng.brq.redhat.com,cn=masters,cn=ipa,cn=etc,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com" [06/May/2015:14:19:11 +0200] conn=30 op=18 RESULT err=66 tag=107 nentries=0 etime=0
which means that there was an attempt to remove the host before the services
in replica_cleanup we have:
# delete master entry with all active services try: dn = DN(('cn', replica), ('cn', 'masters'), ('cn', 'ipa'),('cn', 'etc'), self.suffix) entries = self.conn.get_entries(dn, ldap.SCOPE_SUBTREE) if entries: entries.sort(key=len, reverse=True) for entry in entries: self.conn.delete_entry(entry)
this intends to delete children befor the parent, as the dns of children are longer, but get_entries does return a list of entries, not DNs, and so the sorting does not work
master:
ipa-4-1:
this bug seems to be fixed in ipa-server-4.2.0-15.el7_2.3.x86_64.
Could we have the bz linked to this ?
Thanks.
German.
Metadata Update from @lkrispen: - Issue assigned to tbabej - Issue set to the milestone: FreeIPA 4.1.5
Login to comment on this ticket.