On Mon, 20 Dec 2010 22:40:50 +0100
Jakub Hrozek <jhro...@redhat.com> wrote:

> >> The rest of the code looks OK, but I'm currently not able to test
> >> as the deletion fails with "Insufficient access". In my setup,
> >> vm-061 is the master and vm-038 is the replica:
> >>
> >> [r...@vm-061 ~]# ipa-replica-manage list
> >> vm-061.idm.lab.bos.redhat.com vm-038.idm.lab.bos.redhat.com
> >> [r...@vm-061 ~]# ipa-replica-manage del
> >> vm-038.idm.lab.bos.redhat.com Unable to remove agreement on
> >> vm-038.idm.lab.bos.redhat.com: Insufficient access:
> >
> > Do you have a ticket as admin when you try this ?
> >
> > Simo.
> >
> 
> I do. The traceback looks like this (I inserted and extra 
> traceback.print_exc() call to get it):
> 
> ----
> Traceback (most recent call last):
>    File "/usr/sbin/ipa-replica-manage", line 269, in del_master
>      other_replman.delete_agreement(replman.conn.host)
>    File 
> "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", 
> line 408, in delete_agreement
>      return self.conn.deleteEntry(dn)
>    File "/usr/lib/python2.7/site-packages/ipaserver/ipaldap.py", line 
> 563, in deleteEntry
>      self.__handle_errors(e, **kw)
>    File "/usr/lib/python2.7/site-packages/ipaserver/ipaldap.py", line 
> 316, in __handle_errors
>      raise errors.ACIError(info=info)
> ACIError: Insufficient access:
> ----
> 
> So this seems to be an ACI problem. I have your 4 patches applied on
> top of the current origin/master and was calling "ipa-replica-manage
> del <slave-fqdn>".
> 

I guess it work properly if you kdestroy and use the DM password ?

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to