Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 994980
Description of problem: Re-initializing a winsync connection exits with an unexpected error. It seems to work fine functionally by updating data from the AD, but exits with an error. [root@dhcp207-140 ipa-winsync]# date ; ipa-replica-manage -v re-initialize --from squab.adrelm.com ; date Wed Aug 7 18:15:45 IST 2013 Update in progress, 47 seconds elapsed Update succeeded unexpected error: [Errno -2] Name or service not known Wed Aug 7 18:16:36 IST 2013 Version-Release number of selected component (if applicable): 389-ds-base-1.3.1.5-1.el7.x86_64 ipa-server-3.2.2-1.el7.x86_64 How reproducible: Always Steps to Reproduce: 1. Setup AD and IPA servers 2. Create winsync agreement between the 2 3. Add a new user in AD 4. Re-initialize the winsync connection with AD Actual results: New user gets synced, but command exits with following error unexpected error: [Errno -2] Name or service not known Expected results: Command should complete successfully without error Additional info: Attached logs generated while re-initializing
I already put instructions to fix this issue to the original Bugzilla.
Check with Rob or DS team of re-initialize really makes sense for winsync agreements and based on the reply either fix the error or disable this action for winsync agreements altogether.
Moving to next month milestone.
Moving to next month iteration.
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1016042 (Red Hat Enterprise Linux 6)
See https://bugzilla.redhat.com/show_bug.cgi?id=1016042#c7 for more info. I think we should just disable this section
# If the agreement doesn't have nsDS5ReplicatedAttributeListTotal it means # we did not replicate memberOf, do so now. if not agreement.getValue('nsDS5ReplicatedAttributeListTotal'): ds = dsinstance.DsInstance(realm_name = realm, dm_password = dirman_passwd) ds.init_memberof()
... in re-initialize for all winsync agreements. As we sync users only, we do not need to care about memberOf anyway.
memberOf
We just need to verify that if we have an existing user with a membership added in IPA, re-initialize won't get it to inconsistent state of member/memberOf pairs.
I crafted a patch when investigating this issue, I can send it.
attachment freeipa-mkosek-426-winsync-re-initialize-should-not-run-memberof-fixup-.patch
Patch freeipa-mkosek-426-winsync-re-initialize-should-not-run-memberof-fixup-.patch sent for review
master:[[BR]] dfa135e Winsync re-initialize should not run memberOf fixup task[[BR]] 524a1a8 Use consistent realm name in cainstance and dsinstance[[BR]]
ipa-3-3:[[BR]] 233d07d Winsync re-initialize should not run memberOf fixup task[[BR]] b73adb7 Use consistent realm name in cainstance and dsinstance[[BR]]
Metadata Update from @mkosek: - Issue assigned to mkosek - Issue set to the milestone: FreeIPA 3.3.x - 2013/10 (bug fixing)
Login to comment on this ticket.