389-ds will integrate changelog into main database: https://pagure.io/389-ds-base/issue/49562 http://www.port389.org/docs/389ds/design/integrate-changelog-database-and-backend-database.html
It also changes the location of the configuration from a single entry cn=changelog5,cn=config to an entry for each backend in cn=changelog,<backend>,cn=ldbm database,cn=plugins,cn=config
cn=changelog5,cn=config
cn=changelog,<backend>,cn=ldbm database,cn=plugins,cn=config
With PR#51181 the entry cn=changelog5,cn=config no longer exists, its creation fails with UNWILLING_TO_PERFORM.
This breaks IPA in a few places, in particular:
setup_changelog() Here the expected failure is err=68, it would be trivial to add err=53. A better way would be to reuse lib389 for setting up changelog, not sure how much refactoring that would involve.
setup_changelog()
update_unhashed_password() Since the entry no longer exists, log message would be affected.
update_unhashed_password()
update scripts nsslapd-changelogmaxage now needs to be set for each backend.
nsslapd-changelogmaxage
There are possibly other places, but this is what came up first by searching for changelog5.
changelog5
I have a potential fix for these issues, will submit a PR.
PR: https://github.com/freeipa/freeipa/pull/4908
Created a new PR to handle both replication changelog locations:
https://github.com/freeipa/freeipa/pull/4969
master:
ipa-4-8:
Metadata Update from @abbra: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.