[Freeipa-devel] ipa-replica-manage del fails to delete host entry

[Ludwig Krispenz]

Hi,
in recent posts about corrupted ruvs, there also was the error about 
failing cleanup, like:

ipa-replica-manage del vm-162.idm.lab.eng.brq.redhat.com

..
Failed to cleanup vm-162.idm.lab.eng.brq.redhat.com entries: Not allowed 
on non-leaf entry

in the access log we see

[06/May/2015:14:19:11 +0200]conn=30 op=17 SRCH 
base="cn=vm-162.idm.lab.eng.brq.redhat.com,cn=masters,cn=ipa,cn=etc,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com" 
scope=2 filter="(objectClass=*)" attrs=ALL

[06/May/2015:14:19:11 +0200] conn=30 op=17 RESULT err=0 tag=101 
nentries=6 etime=0 notes=U
[06/May/2015:14:19:11 +0200] conn=30 op=18 DEL 
dn="cn=vm-162.idm.lab.eng.brq.redhat.com,cn=masters,cn=ipa,cn=etc,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com"
[06/May/2015:14:19:11 +0200] conn=30 op=18 RESULT err=66 tag=107 
nentries=0 etime=0

which means that there was an attempt to remove the host before the services

in replica_cleanup we have:

# delete master entry with all active services

try:
     dn = DN(('cn', replica), ('cn', 'masters'), ('cn', 'ipa'),('cn', 
'etc'), self.suffix)
     entries = self.conn.get_entries(dn, ldap.SCOPE_SUBTREE)
     if entries:
         entries.sort(key=len, reverse=True)
         for entry in entries:
             self.conn.delete_entry(entry)

this intends to delete children befor the parent, as teh dns of children 
are longer, but get_entries does return a list of entries, not DNs, and 
so the sorting does not work as can be seen in this example:

 >>> list = [('123456','A'),('123','B'),('12345678','C')]

 >>> list.sort(key=len,reverse=True)

 >>> for l in list:

...     print l

...

('123456', 'A')

('123', 'B')

('12345678', 'C')

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150506/9675f3b3/attachment.htm>