2251260 – dsconf replication status fails with 'Invalid credentials' while trying to reuse initial credentials. [12.3.0z]

Bug 2251260 - dsconf replication status fails with 'Invalid credentials' while trying to reuse initial credentials. [12.3.0z]

Summary: dsconf replication status fails with 'Invalid credentials' while trying to re...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Directory Server
Classification:	Red Hat
Component:	389-ds-base
Sub Component:
Version:	12.3
Hardware:	x86_64
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	dirsrv-12.3
Assignee:	LDAP Maintainers
QA Contact:	LDAP QA Team
Docs Contact:	Evgenia Martynyuk
URL:
Whiteboard:	sync-to-jira
Depends On:	2217641
Blocks:
TreeView+	depends on / blocked

Reported:	2023-11-23 17:15 UTC by thierry bordaz
Modified:	2024-01-23 17:24 UTC (History)
CC List:	8 users (show)
Fixed In Version:	389-ds-base-2.3.6-7.module+el9dsrv+20809+3c18e0b0
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:	2217641
Environment:
Last Closed:	2024-01-23 17:24:37 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	389ds 389-ds-base issues 5971	None	closed	CLI - When password prompt is requested for repl status, it uses it for all servers	2023-11-23 17:15:16 UTC
Red Hat Issue Tracker	IDMDS-3905	None	None	None	2023-11-23 17:16:03 UTC
Red Hat Issue Tracker	IDMDS-4046	None	None	None	2024-01-08 14:02:46 UTC
Red Hat Product Errata	RHBA-2024:0380	None	None	None	2024-01-23 17:24:39 UTC

Comment 3 Viktor Ashirov 2024-01-16 11:37:23 UTC

Build tested: 389-ds-base-2.3.6-8.module+el9dsrv+20821+6bc979c1.x86_64
dsconf now asks for a Bind DN and password instead of assuming the same credentials:

# dsconf -D "cn=Directory Manager" ldap://localhost:1389 replication status --suffix dc=example,dc=com
Enter password for cn=Directory Manager on ldap://localhost:1389:
Enter bind DN for the replicated suffix (dc=example,dc=com) on localhost:2389 : cn=Directory Manager
Enter password for (cn=Directory Manager) to the replicated suffix (dc=example,dc=com) on localhost:2389 :
{'agmt-name': ['M1toM2'], 'replica': ['localhost:2389'], 'replica-enabled': ['on'], 'update-in-progress': ['FALSE'], 'last-update-start': ['19700101000000Z'], 'last-update-end': ['19700101000000Z'], 'number-changes-sent': ['0'], 'number-changes-skipped': ['unavailable'], 'last-update-status': ["Error (-1) Problem connecting to replica - LDAP error: Can't contact LDAP server (connection error)"], 'last-init-start': ['20240116113339Z'], 'last-init-end': ['19700101000000Z'], 'last-init-status': ["Error (-1) - LDAP error: Can't contact LDAP server - no response received"], 'reap-active': ['0'], 'replication-status': ['Not in Synchronization: supplier (Unknown) consumer (Unknown) State (red) Reason (Consumer can not be contacted)'], 'replication-lag-time': ['unavailable']}

# dsconf -D "cn=Directory Manager" ldap://localhost:1389 repl-agmt status --suffix "dc=example,dc=com" M1toM2
Enter password for cn=Directory Manager on ldap://localhost:1389:
Enter bind DN for the replicated suffix (dc=example,dc=com) on localhost:2389 : cn=Directory Manager
Enter password for (cn=Directory Manager) to the replicated suffix (dc=example,dc=com) on localhost:2389 :
Status For Agreement: "M1toM2" (localhost:2389)
Replica Enabled: on
Update In Progress: FALSE
Last Update Start: 19700101000000Z
Last Update End: 19700101000000Z
Number Of Changes Sent: 0
Number Of Changes Skipped: None
Last Update Status: Error (-1) Problem connecting to replica - LDAP error: Can't contact LDAP server (connection error)
Last Init Start: 20240116113339Z
Last Init End: 19700101000000Z
Last Init Status: Error (-1) - LDAP error: Can't contact LDAP server - no response received
Reap Active: 0
Replication Status: Not in Synchronization: supplier (Unknown) consumer (Unknown) State (red) Reason (Consumer can not be contacted)
Replication Lag Time: unavailable

Marking as VERIFIED.

Comment 5 errata-xmlrpc 2024-01-23 17:24:37 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (redhat-ds:12 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2024:0380

Note You need to log in before you can comment on or make changes to this bug.