Issue #5880: Second call to ldapmodify in ipatests.test_integration.tasks.enable_replication_debugging fails - freeipa

freeipa

#5880 Second call to ldapmodify in ipatests.test_integration.tasks.enable_replication_debugging fails

Closed: fixed 5 years ago by rcritten. Opened 7 years ago by ofayans.

In the cases when we call enable_replication_debugging more than once during the same testrun, the second call fails with the following error:

ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

Adding explicitly ldapserver's hostname fixes the issue

mbasti commented 7 years ago

Try 'ldapsearch -h hostname -ZZ', if this does not work you have certificate error again

ofayans commented 7 years ago

Yep, this ldapsearch shows exactly the same error:

$ ldapsearch -h `hostname` -ZZ
ldap_start_tls: Can't contact LDAP server (-1)

dkupka commented 7 years ago

I've encountered this exact issue with one of my development VMs (vm-244). I installed and uninstalled IPA on that VM as a server and client (of vm-073) a couple of times and promoted the client and then uninstalled the server a few times. Then /etc/openldap/ldap.conf looked like this:

TLS_CACERTDIR /etc/openldap/certs

# Turning this off breaks GSSAPI used with krb5 when rdns = false
SASL_NOCANON    on

#URI ldaps://vm-073.example.com # modified by IPA
#URI ldaps://vm-073.example.com # modified by IPA
#URI ldaps://vm-073.example.com # modified by IPA
#URI ldaps://vm-073.example.com # modified by IPA
#URI ldaps://vm-073.example.com # modified by IPA
#URI ldaps://vm-073.example.com # modified by IPA
#URI ldaps://vm-244.example.com # modified by IPA
URI ldaps://vm-073.example.com
#BASE dc=dom-073,dc=example,dc=com # modified by IPA
#BASE dc=dom-073,dc=example,dc=com # modified by IPA
#BASE dc=dom-073,dc=example,dc=com # modified by IPA
#BASE dc=dom-073,dc=example,dc=com # modified by IPA
#BASE dc=dom-073,dc=example,dc=com # modified by IPA
#BASE dc=dom-073,dc=example,dc=com # modified by IPA
#BASE dc=dom-244,dc=example,dc=com # modified by IPA
BASE dc=dom-073,dc=example,dc=com
#TLS_CACERT /etc/ipa/ca.crt # modified by IPA
#TLS_CACERT /etc/ipa/ca.crt # modified by IPA
#TLS_CACERT /etc/ipa/ca.crt # modified by IPA
#TLS_CACERT /etc/ipa/ca.crt # modified by IPA
#TLS_CACERT /etc/ipa/ca.crt # modified by IPA
#TLS_CACERT /etc/ipa/ca.crt # modified by IPA
#TLS_CACERT /etc/ipa/ca.crt # modified by IPA
TLS_CACERT /etc/ipa/ca.crt

I suspect that the problem is in restoring the file while uninstalling IPA client and/or server.

ofayans commented 7 years ago

Once the issue is resolved, please revert bbac233 to enable test coverage

Metadata Update from @ofayans:
- Issue assigned to ofayans
- Issue set to the milestone: FreeIPA 4.5 backlog

7 years ago

rcritten commented 5 years ago

master:

fd4b84d tests: Don't provide explicit hostname to ldapmodify

Metadata Update from @rcritten:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

5 years ago

rcritten commented 5 years ago

ipa-4-7:

034d201 tests: Don't provide explicit hostname to ldapmodify

Metadata

Assignee

ofayans

Tags

None

Blocking

None

Depending on

None

Priority

low

Milestone

FreeIPA 4.5 backlog

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

ipatests/test_integration/test_caless.py

component

IPA

blocking

None

on_review

keywords

test

test_coverage

yes

reviewer

None

external_tracker

None

rhbz

tester

ofayans

changelog

None

design

None

freeipa

Source Code

#5880 Second call to ldapmodify in ipatests.test_integration.tasks.enable_replication_debugging fails Closed: fixed 5 years ago by rcritten. Opened 7 years ago by ofayans.

Metadata

#5880 Second call to ldapmodify in ipatests.test_integration.tasks.enable_replication_debugging fails

Closed: fixed 5 years ago by rcritten. Opened 7 years ago by ofayans.