Re: [Freeipa-users] Freeipa-users Digest, Vol 30, Issue 8
On Thu, 20 Jan 2011 11:03:12 +0530 Aravind GV aravind...@gmail.com wrote: Hi Simo, Great repossess from you but still issue is not solved completely. After applying your patch iam getting below mention error [root@dirsrv ~]# ipa-replica-manage connect --winsync --binddn CN=agv,OU=Users,DC=bgkerb,DC=test02,DC=com --cacert /root/bgkerb.cer 10.0.65.28 --passsync asd312ASD --bindpw asd312ASD -v Added CA certificate /root/bgkerb.cer to certificate database for dirsrv.agv.com *unexpected error: basic_replication_setup() takes exactly 5 arguments (3 given)* I am sorry Aravind, but at the moment I do not have a test environment that lets me test winsync replication. Hopefully this new patch should fix the remaining regressions. Simo. -- Simo Sorce * Red Hat, Inc * New York From 5c9952b5e166dde222bc8c5433ca97480432a980 Mon Sep 17 00:00:00 2001 From: Simo Sorce sso...@redhat.com Date: Wed, 19 Jan 2011 09:53:59 -0500 Subject: [PATCH] Fix ipa-replica-manage regressions with winsync Avoids ipa-replica-manage to throw up errors. Fixes: https://fedorahosted.org/freeipa/ticket/807 --- install/tools/ipa-replica-manage |7 ++- ipaserver/install/dsinstance.py |1 + ipaserver/install/replication.py |8 +--- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage index 80974545761399cec46032c8ae2b6689aa4ff7fd..20eb93c26748c71e097a38f40cb58c0215a643e1 100755 --- a/install/tools/ipa-replica-manage +++ b/install/tools/ipa-replica-manage @@ -26,7 +26,7 @@ from ipapython import ipautil from ipaserver.install import replication, dsinstance, installutils from ipaserver import ipaldap from ipapython import version -from ipalib import errors, util +from ipalib import api, errors, util CACERT = /etc/ipa/ca.crt @@ -355,6 +355,11 @@ def force_sync(realm, thishost, fromhost, dirman_passwd): def main(): options, args = parse_options() +# Just initialize the environment. This is so the installer can have +# access to the plugin environment +api.bootstrap(in_server=True) +api.finalize() + dirman_passwd = None realm = krbV.default_context().default_realm diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 378e0123405ed1222129d899573974fba9089a55..5da9d17d4417031920495254ff566ee235234bfb 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -180,6 +180,7 @@ class DsInstance(service.Service): self.dercert = None self.idstart = None self.idmax = None +self.subject_base = None if realm_name: self.suffix = util.realm_to_suffix(self.realm_name) self.__setup_sub_dict() diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index 21e6bcc4970f5d534df882f98327ace9119db983..756bb5595226d49e31edf5ce5afd12d26ac26758 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -625,7 +625,8 @@ class ReplicationManager: # there is no other side to get a replica ID from # So we generate one locally replica_id = self._get_replica_id(self.conn, self.conn) -self.basic_replication_setup(self.conn, replica_id) +self.basic_replication_setup(self.conn, replica_id, + self.repl_man_dn, self.repl_man_passwd) #now add a passync user allowed to access the AD server self.add_passsync_user(self.conn, passsync_pw) @@ -638,8 +639,9 @@ class ReplicationManager: logging.info(Agreement is ready, starting replication . . .) #Finally start replication -return self.start_replication(self.conn, ad_conn, - self.repl_man_dn, self.repl_man_passwd) +ret = self.start_replication(ad_conn) +if ret != 0: +raise RuntimeError(Failed to start replication) def convert_to_gssapi_replication(self, r_hostname, r_binddn, r_bindpw): r_conn = ipaldap.IPAdmin(r_hostname, port=PORT, cacert=CACERT) -- 1.7.3.4 ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Freeipa-users Digest, Vol 30, Issue 8
Hi Simon Iam traveling this week will test and let u know in a weeks time. Sent from my iPhone On Jan 20, 2011, at 7:28 PM, Simo Sorce sso...@redhat.com wrote: On Thu, 20 Jan 2011 11:03:12 +0530 Aravind GV aravind...@gmail.com wrote: Hi Simo, Great repossess from you but still issue is not solved completely. After applying your patch iam getting below mention error [root@dirsrv ~]# ipa-replica-manage connect --winsync --binddn CN=agv,OU=Users,DC=bgkerb,DC=test02,DC=com --cacert /root/bgkerb.cer 10.0.65.28 --passsync asd312ASD --bindpw asd312ASD -v Added CA certificate /root/bgkerb.cer to certificate database for dirsrv.agv.com *unexpected error: basic_replication_setup() takes exactly 5 arguments (3 given)* I am sorry Aravind, but at the moment I do not have a test environment that lets me test winsync replication. Hopefully this new patch should fix the remaining regressions. Simo. -- Simo Sorce * Red Hat, Inc * New York freeipa-simo-0062-2-Fix-ipa-replica-manage-regressions-with-winsync.patch ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Freeipa-users Digest, Vol 30, Issue 8
On Wed, 19 Jan 2011 12:52:54 +0530 Aravind GV aravind...@gmail.com wrote: Hi All Please help me in adding a synchronization agreement. I followed ( http://freeipa.org/docs/2.0.0/Installation_Deployment_Guide/en-US/html/) but the example given in 4.4. Creating Synchronization Agreements is not correct. There is no more option add in ipa-replica-manage command. After googling they suggested me to use connect instead of add. This command worked but it stopped directory server and thorws following errors. Jakub Hrozek suggested me to get logs from /var/log/ipareplica-install.log. But this file is not at all created only ipaclient-install.log ipaserver-install.log are the two files in that there is no reference to ipa-replica-mange command. I have installed ipa v2 from http://jdennis.fedorapeople.org repo. [root@dirsrv ~]# ipa-replica-manage connect --winsync --binddn CN=agv,OU=Users,DC=bgkerb,DC=test02,DC=com --bindpw asd312ASD --cacert /root/bgkerb.cer 10.0.65.28 -v --passsync asd312ASD INFO:root:args=/sbin/service dirsrv stop INFO:root:stdout=Shutting down dirsrv: AGV-COM...[ OK ] PKI-IPA...[ OK ] INFO:root:stderr= unexpected error: DsInstance instance has no attribute 'subject_base' I have opened ticket 807[1] to track this. Would you be available to test a patch ? Simo. [1] https://fedorahosted.org/freeipa/ticket/807 -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Freeipa-users Digest, Vol 30, Issue 8
On Wed, 19 Jan 2011 09:28:45 -0500 Simo Sorce sso...@redhat.com wrote: On Wed, 19 Jan 2011 12:52:54 +0530 Aravind GV aravind...@gmail.com wrote: Hi All Please help me in adding a synchronization agreement. I followed ( http://freeipa.org/docs/2.0.0/Installation_Deployment_Guide/en-US/html/) but the example given in 4.4. Creating Synchronization Agreements is not correct. There is no more option add in ipa-replica-manage command. After googling they suggested me to use connect instead of add. This command worked but it stopped directory server and thorws following errors. Jakub Hrozek suggested me to get logs from /var/log/ipareplica-install.log. But this file is not at all created only ipaclient-install.log ipaserver-install.log are the two files in that there is no reference to ipa-replica-mange command. I have installed ipa v2 from http://jdennis.fedorapeople.org repo. [root@dirsrv ~]# ipa-replica-manage connect --winsync --binddn CN=agv,OU=Users,DC=bgkerb,DC=test02,DC=com --bindpw asd312ASD --cacert /root/bgkerb.cer 10.0.65.28 -v --passsync asd312ASD INFO:root:args=/sbin/service dirsrv stop INFO:root:stdout=Shutting down dirsrv: AGV-COM...[ OK ] PKI-IPA...[ OK ] INFO:root:stderr= unexpected error: DsInstance instance has no attribute 'subject_base' I have opened ticket 807[1] to track this. Would you be available to test a patch ? Simo. [1] https://fedorahosted.org/freeipa/ticket/807 Can you test this patch and see if it solves your issue completely ? You should be able to manually fix it without having to redo the whole install by simplky editing the dsinstance.py file and adding the line you see in the patch. Simo. -- Simo Sorce * Red Hat, Inc * New York From a6128d4f7fc21d284ce2d8e154e4f8cdc7d9964d Mon Sep 17 00:00:00 2001 From: Simo Sorce sso...@redhat.com Date: Wed, 19 Jan 2011 09:53:59 -0500 Subject: [PATCH] Initialize subject_base by default. Avoids ipa-replica-manage to throw up errors. Fixes: https://fedorahosted.org/freeipa/ticket/807 --- ipaserver/install/dsinstance.py |1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 859d5c8ff737dad3ba96b162e90c7d1bae4e0d11..4fd7a00279c73c5b41e2d7ad5999c1af91eefbf8 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -180,6 +180,7 @@ class DsInstance(service.Service): self.dercert = None self.idstart = None self.idmax = None +self.subject_base = None if realm_name: self.suffix = util.realm_to_suffix(self.realm_name) self.__setup_sub_dict() -- 1.7.3.4 ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Freeipa-users Digest, Vol 30, Issue 8
On Wed, 19 Jan 2011 22:22:45 +0530 Aravind GV aravind...@gmail.com wrote: Hi Simo, Thanks for responding to my email. I updated /usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py with the patch ie added extra line self.subject_base = None Now i am getting different error [root@dirsrv ~]# ipa-replica-manage connect --winsync --binddn CN=agv,OU=Users,DC=bgkerb,DC=test02,DC=com --cacert /root/bgkerb.cer bgkerb.test02.com --passsync asd312ASD --bindpw asd312ASD -v Directory Manager password: INFO:root:args=/sbin/service dirsrv stop INFO:root:stdout=Shutting down dirsrv: AGV-COM...[ OK ] PKI-IPA...[ OK ] *INFO:root:stderr=* *unexpected error: 'Env' object has no attribute 'ra_plugin'* Regards, AGV On Wed, Jan 19, 2011 at 8:29 PM, Simo Sorce sso...@redhat.com wrote: On Wed, 19 Jan 2011 09:28:45 -0500 Simo Sorce sso...@redhat.com wrote: On Wed, 19 Jan 2011 12:52:54 +0530 Aravind GV aravind...@gmail.com wrote: Hi All Please help me in adding a synchronization agreement. I followed ( http://freeipa.org/docs/2.0.0/Installation_Deployment_Guide/en-US/html/) but the example given in 4.4. Creating Synchronization Agreements is not correct. There is no more option add in ipa-replica-manage command. After googling they suggested me to use connect instead of add. This command worked but it stopped directory server and thorws following errors. Jakub Hrozek suggested me to get logs from /var/log/ipareplica-install.log. But this file is not at all created only ipaclient-install.log ipaserver-install.log are the two files in that there is no reference to ipa-replica-mange command. I have installed ipa v2 from http://jdennis.fedorapeople.org repo. [root@dirsrv ~]# ipa-replica-manage connect --winsync --binddn CN=agv,OU=Users,DC=bgkerb,DC=test02,DC=com --bindpw asd312ASD --cacert /root/bgkerb.cer 10.0.65.28 -v --passsync asd312ASD INFO:root:args=/sbin/service dirsrv stop INFO:root:stdout=Shutting down dirsrv: AGV-COM...[ OK ] PKI-IPA...[ OK ] INFO:root:stderr= unexpected error: DsInstance instance has no attribute 'subject_base' I have opened ticket 807[1] to track this. Would you be available to test a patch ? Simo. [1] https://fedorahosted.org/freeipa/ticket/807 Can you test this patch and see if it solves your issue completely ? You should be able to manually fix it without having to redo the whole install by simplky editing the dsinstance.py file and adding the line you see in the patch. Simo. -- Simo Sorce * Red Hat, Inc * New York Attached a corrected patch that should fix this second problem too. Simo. -- Simo Sorce * Red Hat, Inc * New York From e61bc661f49470b6be509b6187313f70edfa09f9 Mon Sep 17 00:00:00 2001 From: Simo Sorce sso...@redhat.com Date: Wed, 19 Jan 2011 09:53:59 -0500 Subject: [PATCH] Fix ipa-replica-manage regressions with winsync Avoids ipa-replica-manage to throw up errors. Fixes: https://fedorahosted.org/freeipa/ticket/807 --- install/tools/ipa-replica-manage |7 ++- ipaserver/install/dsinstance.py |1 + 2 files changed, 7 insertions(+), 1 deletions(-) diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage index 80974545761399cec46032c8ae2b6689aa4ff7fd..20eb93c26748c71e097a38f40cb58c0215a643e1 100755 --- a/install/tools/ipa-replica-manage +++ b/install/tools/ipa-replica-manage @@ -26,7 +26,7 @@ from ipapython import ipautil from ipaserver.install import replication, dsinstance, installutils from ipaserver import ipaldap from ipapython import version -from ipalib import errors, util +from ipalib import api, errors, util CACERT = /etc/ipa/ca.crt @@ -355,6 +355,11 @@ def force_sync(realm, thishost, fromhost, dirman_passwd): def main(): options, args = parse_options() +# Just initialize the environment. This is so the installer can have +# access to the plugin environment +api.bootstrap(in_server=True) +api.finalize() + dirman_passwd = None realm = krbV.default_context().default_realm diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 859d5c8ff737dad3ba96b162e90c7d1bae4e0d11..4fd7a00279c73c5b41e2d7ad5999c1af91eefbf8 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -180,6 +180,7 @@ class DsInstance(service.Service): self.dercert = None self.idstart = None self.idmax = None +self.subject_base = None if realm_name: self.suffix = util.realm_to_suffix(self.realm_name) self.__setup_sub_dict() -- 1.7.3.4 ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Freeipa-users Digest, Vol 30, Issue 8
Hi Simo, Great repossess from you but still issue is not solved completely. After applying your patch iam getting below mention error [root@dirsrv ~]# ipa-replica-manage connect --winsync --binddn CN=agv,OU=Users,DC=bgkerb,DC=test02,DC=com --cacert /root/bgkerb.cer 10.0.65.28 --passsync asd312ASD --bindpw asd312ASD -v Added CA certificate /root/bgkerb.cer to certificate database for dirsrv.agv.com *unexpected error: basic_replication_setup() takes exactly 5 arguments (3 given)* Regards, AGV On Thu, Jan 20, 2011 at 1:34 AM, Simo Sorce sso...@redhat.com wrote: On Wed, 19 Jan 2011 22:22:45 +0530 Aravind GV aravind...@gmail.com wrote: Hi Simo, Thanks for responding to my email. I updated /usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py with the patch ie added extra line self.subject_base = None Now i am getting different error [root@dirsrv ~]# ipa-replica-manage connect --winsync --binddn CN=agv,OU=Users,DC=bgkerb,DC=test02,DC=com --cacert /root/bgkerb.cer bgkerb.test02.com --passsync asd312ASD --bindpw asd312ASD -v Directory Manager password: INFO:root:args=/sbin/service dirsrv stop INFO:root:stdout=Shutting down dirsrv: AGV-COM...[ OK ] PKI-IPA...[ OK ] *INFO:root:stderr=* *unexpected error: 'Env' object has no attribute 'ra_plugin'* Regards, AGV On Wed, Jan 19, 2011 at 8:29 PM, Simo Sorce sso...@redhat.com wrote: On Wed, 19 Jan 2011 09:28:45 -0500 Simo Sorce sso...@redhat.com wrote: On Wed, 19 Jan 2011 12:52:54 +0530 Aravind GV aravind...@gmail.com wrote: Hi All Please help me in adding a synchronization agreement. I followed ( http://freeipa.org/docs/2.0.0/Installation_Deployment_Guide/en-US/html/) but the example given in 4.4. Creating Synchronization Agreements is not correct. There is no more option add in ipa-replica-manage command. After googling they suggested me to use connect instead of add. This command worked but it stopped directory server and thorws following errors. Jakub Hrozek suggested me to get logs from /var/log/ipareplica-install.log. But this file is not at all created only ipaclient-install.log ipaserver-install.log are the two files in that there is no reference to ipa-replica-mange command. I have installed ipa v2 from http://jdennis.fedorapeople.org repo. [root@dirsrv ~]# ipa-replica-manage connect --winsync --binddn CN=agv,OU=Users,DC=bgkerb,DC=test02,DC=com --bindpw asd312ASD --cacert /root/bgkerb.cer 10.0.65.28 -v --passsync asd312ASD INFO:root:args=/sbin/service dirsrv stop INFO:root:stdout=Shutting down dirsrv: AGV-COM...[ OK ] PKI-IPA...[ OK ] INFO:root:stderr= unexpected error: DsInstance instance has no attribute 'subject_base' I have opened ticket 807[1] to track this. Would you be available to test a patch ? Simo. [1] https://fedorahosted.org/freeipa/ticket/807 Can you test this patch and see if it solves your issue completely ? You should be able to manually fix it without having to redo the whole install by simplky editing the dsinstance.py file and adding the line you see in the patch. Simo. -- Simo Sorce * Red Hat, Inc * New York Attached a corrected patch that should fix this second problem too. Simo. -- Simo Sorce * Red Hat, Inc * New York -- With Best Regards Aravind G V Ph-9880346065 I want it all, That's why I strive for it, I know that it's coming - Drake from Successful ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users