I sporadically run into this error when running ipa-backup --data --online:
ipa-backup --data --online
2024-04-30T08:46:46Z DEBUG Start of dirsrv@IPA-TEST.service complete 2024-04-30T08:46:47Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Frun%2Fslapd-IPA-TEST.socket conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7fa2b3ef4b60> 2024-04-30T08:46:47Z INFO Local roles match globally used roles, proceeding. 2024-04-30T08:46:47Z INFO Backing up ipaca in IPA-TEST to LDIF 2024-04-30T08:46:47Z INFO Waiting for LDIF to finish 2024-04-30T08:46:47Z INFO Backing up userRoot in IPA-TEST to LDIF 2024-04-30T08:46:47Z DEBUG File "/usr/lib/python3.12/site-packages/ipapython/admintool.py", line 180, in execute return_value = self.run() ^^^^^^^^^^ File "/usr/lib/python3.12/site-packages/ipaserver/install/ipa_backup.py", line 343, in run self.db2ldif(instance, 'userRoot', online=options.online) File "/usr/lib/python3.12/site-packages/ipaserver/install/ipa_backup.py", line 525, in db2ldif raise admintool.ScriptError( 2024-04-30T08:46:47Z DEBUG The ipa-backup command failed, exception: ScriptError: Unable to add LDIF task: This entry already exists 2024-04-30T08:46:47Z ERROR Unable to add LDIF task: This entry already exists
This is what I run:
systemctl start ipa.service ipa-backup --data --online
Comments from ab:
I think this is because there are two tasks being added within the same second under each other and they don't have name difference. One for CA backend and one for the main tree. the fix would be to add a backend name into the 'cn' -- e.g. change line 504 to cn = time.strftime(f'{backend}_export_%Y_%m_%d_%H_%M_%S') es, I think it is a bug: if os.path.exists(paths.VAR_LIB_SLAPD_INSTANCE_DIR_TEMPLATE % instance): # Check existence of ipaca backend dbpath = (paths.SLAPD_INSTANCE_DB_DIR_TEMPLATE % (instance, "")) output = run_dbscan(['-L', dbpath]) if 'ipaca/' in output: self.db2ldif(instance, 'ipaca', online=options.online) self.db2ldif(instance, 'userRoot', online=options.online) self.db2bak(instance, online=options.online) see there are two self.db2ldif() calls each after other and since strftime() use includes only second level resolution, that's not enough
Metadata Update from @rcritten: - Issue assigned to rcritten
PR https://github.com/freeipa/freeipa/pull/7378
master:
ipa-4-12:
Metadata Update from @rcritten: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.