New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
entryuuid fixup tasks fails in replicated topology #5158
Comments
I made a bash script as a workaround: |
@tbordaz - we have a CI test that verifies the fixup task works. Is this a different scenario? |
@mreynolds389 - I had a specific problem. I'm using Rocky Linux 8.5, I guess entryUUID plugin was included there in 389-ds-base-1.4.3.16-19, entries created after that update, automatically have an entryUUID attribute, entries created before that update, doesn't. When I run the entryUUID fixup task, it fails. I don't know if the root cause is the attribute being immutable, but making a script that makes it mutable, generates and add it to entries where it's missing, then restoring mutability, was my workaround to the problem. As I said, new entries doesn't have the problem, and I can confirm the fixup task doesn't fail if it have no entries to fix. Can this be the cause CI tests not failing? |
@mreynolds389 , you are right a testcase verify this and doing my own tests (disable entryuuid, create an entry, enable entryuuid, fixup) it works without problem. So there is something specific with @edvalley deployement. |
I can confirm my exact same problem occurs in two more independent deployments, one being Centos 8, the other Rocky Linux 8. All three systems are currently running 389-ds-base-1.4.3.23-12. The following can be read from /var/log/dirsrv/slapd-instance/errors:
|
@edvalley The NO-USER-MODIFICATION only prevents user-facing changes I think. I wonder if it's something like you are creating invalid entryUUID attributes in entries then fixup is running into them and that creates the issue somehow? But this is tested with the fixup/disable/enable etc .... If you can turn on plugin logging I think that allows the entryuuid plugin to show us more information about what's going on in this situation. |
I know, you are right about that. Enabling attribute mutability was just my workaround to solve the issue, I'm not saying it's the root cause of the problem, I don't know that.
If I use the "filter" argument of the fix-up task, to only target a specific entry without entryUUID, the task fails the same way, and the error log is exactly the same I posted above. |
Some context here: I faced the issue in January, when I tried to use FreeIPA in Rocky Linux 8 as the user repository for a system that requires entries to have an entryUUID attribute. Hopefully, around last November, 389-ds-base was updated to 1.4.3.16-19, including the entryUUID plugin. After some troubleshooting and research, I noted that users (entries), created after the November update, already had an entryUUID attribute, but users that was created before the update didn't have such attribute. Then, it was supposed the fix-up task to solve that problem by adding the attribute to entries missing it, but the task fails to run using the command |
@edvalley, the script completely rewrites 99user.ldif before the fixup and restore 99user.ldif after that. Could you provide, the 99user.ldif file before running the fixup and during the fixup ? |
@tbordaz - I can say for sure that the only difference in 99user.ldif during the fix-up, is the attribute entryUUID not having NO-USER-MODIFICATION. I even worried to perfectly preserve the ldif wrapping. That said, I can post the file if you think it can give some light in solving the issue. |
@edvalley, there is something not clear to me with the script. IIUC it does not run entryUUID fixup task but instead fixes entries, that have no entryUUID, with a MOD_ADD generated UUID. Instead of fixing the entries, the script should run fixup task. And it should succeeds |
Your understanding of the script is absolutely correct.
I needed to do it that way because the fix-up task always fails on my three independent systems. I don't know the reason why, but it always fails with the error I mentioned before. |
From a clean install, what are the commands to reproduce? |
I guess that to reproduce, I'll need to try to force installation of the version of FreeIPA that comes with 389-ds-base-1.4.3.16-16, create some users, check they doesn't have an entryUUID, then upgrade, then create more users, check they have an entryUUID, then manually run the fixup task by creating it using |
That sounds like the correct way to proceed, yes. |
Was able to reproduce the problem both on 1.43 and main branches: Search for entryuuid in entries and there is nothing. ==> IMHO there are two problems: |
Issue Description
During a entryuuid fixup task, if an entry is updated the updates fails because entryUUID attribute is NO-USER-MODIFICATION
Package Version and Platform:
since 1.4.3
Steps to Reproduce
create entries without entryuuid, run fixup task
Expected results
Should fix all entries
The text was updated successfully, but these errors were encountered: