[Freeipa-devel] [PATCH] 0032 Cleanup when deleting a replica
Simo Sorce
ssorce at redhat.com
Mon Dec 20 22:05:20 UTC 2010
On Mon, 20 Dec 2010 22:40:50 +0100
Jakub Hrozek <jhrozek at redhat.com> wrote:
> >> The rest of the code looks OK, but I'm currently not able to test
> >> as the deletion fails with "Insufficient access". In my setup,
> >> vm-061 is the master and vm-038 is the replica:
> >>
> >> [root at vm-061 ~]# ipa-replica-manage list
> >> vm-061.idm.lab.bos.redhat.com vm-038.idm.lab.bos.redhat.com
> >> [root at vm-061 ~]# ipa-replica-manage del
> >> vm-038.idm.lab.bos.redhat.com Unable to remove agreement on
> >> vm-038.idm.lab.bos.redhat.com: Insufficient access:
> >
> > Do you have a ticket as admin when you try this ?
> >
> > Simo.
> >
>
> I do. The traceback looks like this (I inserted and extra
> traceback.print_exc() call to get it):
>
> ----
> Traceback (most recent call last):
> File "/usr/sbin/ipa-replica-manage", line 269, in del_master
> other_replman.delete_agreement(replman.conn.host)
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py",
> line 408, in delete_agreement
> return self.conn.deleteEntry(dn)
> File "/usr/lib/python2.7/site-packages/ipaserver/ipaldap.py", line
> 563, in deleteEntry
> self.__handle_errors(e, **kw)
> File "/usr/lib/python2.7/site-packages/ipaserver/ipaldap.py", line
> 316, in __handle_errors
> raise errors.ACIError(info=info)
> ACIError: Insufficient access:
> ----
>
> So this seems to be an ACI problem. I have your 4 patches applied on
> top of the current origin/master and was calling "ipa-replica-manage
> del <slave-fqdn>".
>
I guess it work properly if you kdestroy and use the DM password ?
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list