Issue #8982: Nightly test failure (389ds copr) in ipa-replica-install - freeipa

freeipa

#8982 Nightly test failure (389ds copr) in ipa-replica-install

Closed: fixed 2 years ago by frenaud. Opened 2 years ago by frenaud.

Issue

ipa-replica-install is failing when using the copr repo https://copr.fedorainfracloud.org/coprs/g/389ds/389-ds-base-nightly/
See PR #1152 with for instance the test 389ds-fedora/simple_replication (logs, report.

Package Version and Platform:
- Platform: Fedora 34
- Package and version: 389-ds-base-2.1.0-20210906gitd54862122.fc34.x86_64

Steps to Reproduce
Steps to reproduce the behavior:
1. enable the copr repo with dnf copr enable @389ds/389-ds-base-nightly
2. update the packages: dnf update -y
3. install freeipa packages: dnf install -y freeipa-server
4. install the replica with ipa client-install --domain ipa.test --realm IPA.TEST --principal admin --password Secret123; kinit admin; ipa-replica-install -U

Expected results
replica installation should succeed

ipa-replica-install fails with the following output:

[...]
Configuring directory server (dirsrv)
  [1/3]: configuring TLS for DS instance
  [error] NetworkError: cannot connect to 'ldapi://%2Frun%2Fslapd-IPA-TEST.socket': Connection refused
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

cannot connect to 'ldapi://%2Frun%2Fslapd-IPA-TEST.socket': Connection refused
The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information

replica's dirsrv error log contains:

[06/Sep/2021:11:42:55.948181876 -0400] - ERR - dse_read_one_file - The entry cn=schema in file /etc/dirsrv/slapd-IPA-TEST/schema/99user.ldif (lineno: 1) is invalid, error code 21 (Invalid syntax) - attribute type ( 2.16.840.1.113730.3.8.11.61 NAME 'ipaWrappingKey' DESC 'PKCS 115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ): Failed to parse attribute, error(2 - Unexpected token) at ( v4.1' 'user defined' ) ))
[06/Sep/2021:11:42:55.953446331 -0400] - ERR - setup_internal_backends - Please edit the file to correct the reported problems and then restart the server.

Extract of 99user.ldif:

attributeTypes: ( 2.16.840.1.113730.3.8.11.61 NAME 'ipaWrappingKey' DESC 'PKCS
 #11 URI of the wrapping key' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.
 115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) )

It looks like the # is considered as a comment and part of the definition is not taken into account. See the error log which is missing "#11 ...".

Companion issue on 389ds side: https://github.com/389ds/389-ds-base/issues/4903

frenaud commented 2 years ago

Fixed on 389-ds-side with commit 9a6a0c3, tests are now green:
test_simple_replication: report.

Metadata Update from @frenaud:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

2 years ago

Metadata

Assignee

None

Tags

Blocking

None

Depending on

None

Priority

None

Milestone

None

affects_doc

None

source

None

knownissue

None

type

None

blockedby

None

test_case

None

component

None

blocking

None

on_review

None

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

None

tester

None

changelog

None

design

None

freeipa

Source Code

#8982 Nightly test failure (389ds copr) in ipa-replica-install Closed: fixed 2 years ago by frenaud. Opened 2 years ago by frenaud.

Issue

Metadata

tracker test-failure

#8982 Nightly test failure (389ds copr) in ipa-replica-install

Closed: fixed 2 years ago by frenaud. Opened 2 years ago by frenaud.