URL: https://github.com/freeipa/freeipa/pull/2051 Author: tiran Title: #2051: Fix replication races in Dogtag admin code Action: opened PR body: """ DogtagInstance.setup_admin and related methods have multiple LDAP replication race conditions. The bugs can cause parallel ipa-replica-install to fail. The code from __add_admin_to_group() has been changed to use MOD_ADD ather than search + MOD_REPLACE. The MOD_REPLACE approach can lead to data loss, when more than one writer changes a group. setup_admin() now waits until both admin user and group membership have been replicated to the master peer. Fixes: https://pagure.io/freeipa/issue/7593 Signed-off-by: Christian Heimes <cheimes(a)redhat.com&gt; """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2051/head:pr2051 git checkout pr2051