#4836 ipa-replica-manage list does not list synced domain
Closed: Fixed None Opened 9 years ago by mkosek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1181010

Description of problem:
ipa-replica-manage list does not list synced domain

Version-Release number of selected component (if applicable):
ipa-server-4.1.0-13.el7.x86_64
389-ds-base-1.3.3.1-11.el7.x86_64

How reproducible:


Steps to Reproduce:
1. Install IPA
2. Configure winsync with an AD
3. Run "ipa-replica-manage list"

Actual results:
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:
:: [   LOG    ] :: ipa_winsync_0010: ipa-replica-manage list
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:

:: [  BEGIN   ] :: List replicas :: actually running 'ipa-replica-manage list >
/tmp/tmp.5gHhAtn2MF/tmpout.ipa_winsync_0010.out 2>&1'
:: [   PASS   ] :: List replicas (Expected 0, got 0)
vm-idm-039.sync2008r2.test: master
:: [   FAIL   ] :: File '/tmp/tmp.5gHhAtn2MF/tmpout.ipa_winsync_0010.out'
should contain 'squab.adrelm.com: winsync'
:: [   PASS   ] :: File '/tmp/tmp.5gHhAtn2MF/tmpout.ipa_winsync_0010.out'
should contain 'vm-idm-039.sync2008r2.test: master'
:: [  BEGIN   ] :: List replicas for IPA Server :: actually running
'ipa-replica-manage list vm-idm-039.sync2008r2.test >
/tmp/tmp.5gHhAtn2MF/tmpout.ipa_winsync_0010.out 2>&1'
:: [   PASS   ] :: List replicas for IPA Server (Expected 0, got 0)
squab.adrelm.com: replica
:: [   PASS   ] :: File '/tmp/tmp.5gHhAtn2MF/tmpout.ipa_winsync_0010.out'
should contain 'squab.adrelm.com: replica'

Expected results:
vm-idm-039.sync2008r2.test: master
squab.adrelm.com: winsync

Additional info:

Patch freeipa-mkosek-489-allow-replication-administrators-to-manipulate-winsy.patch sent for review

This is a regression and needs to addressed in 4.0.x.

Testing Instructions

With attached patch set, "admin" user or "Replication Administrators" privilege
members should be able to create a winsync connection and PassSync user, e.g.:

[root@ipa ~]# ipa-replica-manage connect --winsync
--cacert=/home/mkosek/mkad2012.crt
--binddn='cn=Administrator,cn=users,dc=mkad2012,dc=test' --bindpw=Secret123
mkdc2012.mkad2012.test --passsync Secret123 -v
...
The user for the Windows PassSync service is
uid=passsync,cn=sysaccounts,cn=etc,dc=mkosek-f21,dc=test
Adding Windows PassSync system account
...
Connected 'ipa.mkosek-f21.test' to 'mkdc2012.mkad2012.test'

This should just complete and not crash. admin user should then also able to
list the winsync replica with

# ipa-replica-manage list
mkdc2012.mkad2012.test: winsync
ipa.mkosek-f21.test: master

Moving to 4.0 - patch conflicts in 4.0 and is not critical enough to be adding this branch, given 4.1 is officially supported.

master:

  • 1537ac8 Allow Replication Administrators manipulate Winsync Agreements

ipa-4-1:

  • 794c9e6 Allow Replication Administrators manipulate Winsync Agreements

Metadata Update from @mkosek:
- Issue assigned to mkosek
- Issue set to the milestone: FreeIPA 4.1.3

7 years ago

Login to comment on this ticket.

Metadata