After upgrading from 7.3 to 7.4, ipa-server-upgrade script fails with the error: "This entry already exists"
Issue
After upgrading from 7.3 to 7.4 ipa-server-upgrade script fails with the error: "This entry already exists"
We see the following errors in /var/log/ipaupgrade.log
2017-08-07T05:57:36Z ERROR Upgrade failed with This entry already exists
2017-08-07T05:57:36Z DEBUG Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py", line 220, in __upgrade
self.modified = (ld.update(self.files) or self.modified)
File "/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py", line 911, in update
self._run_updates(all_updates)
File "/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py", line 883, in _run_updates
self._run_update_plugin(update['plugin'])
File "/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py", line 859, in _run_update_plugin
restart_ds, updates = self.api.Updater[plugin_name]()
File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 1470, in __call__
return self.execute(**options)
File "/usr/lib/python2.7/site-packages/ipaserver/install/plugins/upload_cacrt.py", line 84, in execute
ldap.update_entry(entry)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1553, in update_entry
self.conn.modify_s(str(entry.dn), modlist)
File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__
self.gen.throw(type, value, traceback)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 973, in error_handler
raise errors.DuplicateEntry()
DuplicateEntry: This entry already exists
We also see the following in error logs
[09/Aug/2017:08:47:46.749628463 +0300] conn=5 op=354 ADD dn="cn=UNIX.LOCAL IPA CA,cn=certificates,cn=ipa,cn=etc,dc=unix,dc=local"
[09/Aug/2017:08:47:46.752797302 +0300] conn=5 op=354 RESULT err=19 tag=105 nentries=0 etime=0
[09/Aug/2017:08:47:46.753397923 +0300] conn=5 op=355 MOD dn="cn=UNIX.LOCAL IPA CA,cn=certificates,cn=ipa,cn=etc,dc=unix,dc=local"
[09/Aug/2017:08:47:46.753732945 +0300] conn=5 op=355 RESULT err=19 tag=103 nentries=0 etime=0
LDAP Error code 19 : LDAP_CONSTRAINT_VIOLATION
Environment
- ipa-server-4.5.0-21.el7.x86_64
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
