After upgrading from 7.3 to 7.4, ipa-server-upgrade script fails with the error: "This entry already exists"

Solution Verified - Updated -

Issue

After upgrading from 7.3 to 7.4 ipa-server-upgrade script fails with the error: "This entry already exists"

We see the following errors in /var/log/ipaupgrade.log

2017-08-07T05:57:36Z ERROR Upgrade failed with This entry already exists
2017-08-07T05:57:36Z DEBUG Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py", line 220, in __upgrade
    self.modified = (ld.update(self.files) or self.modified)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py", line 911, in update
    self._run_updates(all_updates)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py", line 883, in _run_updates
    self._run_update_plugin(update['plugin'])
  File "/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py", line 859, in _run_update_plugin
    restart_ds, updates = self.api.Updater[plugin_name]()
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 1470, in __call__
    return self.execute(**options)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/plugins/upload_cacrt.py", line 84, in execute
    ldap.update_entry(entry)
  File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1553, in update_entry
    self.conn.modify_s(str(entry.dn), modlist)
  File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__
    self.gen.throw(type, value, traceback)
  File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 973, in error_handler
    raise errors.DuplicateEntry()
DuplicateEntry: This entry already exists

We also see the following in error logs


[09/Aug/2017:08:47:46.749628463 +0300] conn=5 op=354 ADD dn="cn=UNIX.LOCAL IPA CA,cn=certificates,cn=ipa,cn=etc,dc=unix,dc=local"
[09/Aug/2017:08:47:46.752797302 +0300] conn=5 op=354 RESULT err=19 tag=105 nentries=0 etime=0

[09/Aug/2017:08:47:46.753397923 +0300] conn=5 op=355 MOD dn="cn=UNIX.LOCAL IPA CA,cn=certificates,cn=ipa,cn=etc,dc=unix,dc=local"
[09/Aug/2017:08:47:46.753732945 +0300] conn=5 op=355 RESULT err=19 tag=103 nentries=0 etime=0

LDAP Error code 19 : LDAP_CONSTRAINT_VIOLATION

Environment

  • ipa-server-4.5.0-21.el7.x86_64

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content