Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1457876
Description of problem: When ipa-backup is called for the first time, the LDAP database is exported to /var/lib/dirsrv/slapd-<instance>/ldif/<instance>-userRoot.ldif. db2ldif is called for this. The tool runs under the dirsrv user context. When you call ipa-restore, the same ldif file is mangled by RemoveRUVParser(). Since the tool runs under root, also the mangled ldif file is now owned by root. When you now call ipa-backup the next time, the db2ldif fails, because the tool does not have permissions to write to the ldif file which is owned by root (instead of dirsrv). I think this is the problematic code in ldif2db(): ipautil.backup_file(ldiffile) with open(ldiffile, 'wb') as out_file: ldif_writer = ldif.LDIFWriter(out_file) with open(srcldiffile, 'rb') as in_file: ldif_parser = RemoveRUVParser(in_file, ldif_writer, self.log) ldif_parser.parse() Another problem is, that ipa-backup returns with "The ipa-backup command was successful" although the db2ldif failed. Version-Release number of selected component (if applicable): ipa-4.4 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Metadata Update from @pvoborni: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1457876
master:
Metadata Update from @mbasti: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
ipa-4-5:
Metadata Update from @frenaud: - Issue set to the milestone: FreeIPA 4.5.5 (was: FreeIPA 4.6)
Moving milestone to FreeIPA 4.5.5 as there was a backport to ipa-4-5 branch
ipa-4-6:
ipa-4-7:
Login to comment on this ticket.