Back to bug 1009102
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Rob Crittenden | 2013-09-17 17:47:05 UTC | CC | xdong | |
| Flags | needinfo?(xdong) | |||
| Xiyang Dong | 2013-09-17 18:07:52 UTC | Flags | needinfo?(xdong) | |
| Martin Kosek | 2013-09-18 07:34:53 UTC | CC | pvoborni | |
| Flags | needinfo?(xdong) | |||
| Xiyang Dong | 2013-09-19 12:14:55 UTC | Flags | needinfo?(xdong) | |
| Martin Kosek | 2013-09-24 08:53:07 UTC | Doc Text | Cause: When an IdM server installed in RHEL-6.2 is updated to RHEL-6.4 or RHEL-6.5 version, new PBAC permission "Write DNS Configuration" is created without all required object classes. Consequence: The permission may not show up in IdM Web UI permission page or when "--sizelimit" parameter is used for CLI "permission-find" command. Permission is still accessible in CLI when the --sizelimit option is not used. Workaround (if any): Run the following command on the server to trigger the DNS permission update process again and fix the list of permission objectclasses: # ipa-ldap-updater --ldapi /usr/share/ipa/updates/40-dns.update The issue will also disappear when a RHEL-6.4 or RHEL-6.5 replica is installed or when a IdM server is reinstalled or upgraded. Result: Permission is listed in Web UI and is accessible in CLI even when using the --sizelimit option. | |
| Doc Type | Bug Fix | Known Issue | ||
| Martin Kosek | 2013-09-24 08:54:54 UTC | Status | NEW | ASSIGNED |
| Dmitri Pal | 2013-09-24 13:33:32 UTC | Status | ASSIGNED | CLOSED |
| CC | dpal | |||
| Resolution | --- | WONTFIX | ||
| Last Closed | 2013-09-24 09:33:32 UTC | |||
| Eliska Slobodova | 2013-10-18 12:25:19 UTC | Doc Text | Cause: When an IdM server installed in RHEL-6.2 is updated to RHEL-6.4 or RHEL-6.5 version, new PBAC permission "Write DNS Configuration" is created without all required object classes. Consequence: The permission may not show up in IdM Web UI permission page or when "--sizelimit" parameter is used for CLI "permission-find" command. Permission is still accessible in CLI when the --sizelimit option is not used. Workaround (if any): Run the following command on the server to trigger the DNS permission update process again and fix the list of permission objectclasses: # ipa-ldap-updater --ldapi /usr/share/ipa/updates/40-dns.update The issue will also disappear when a RHEL-6.4 or RHEL-6.5 replica is installed or when a IdM server is reinstalled or upgraded. Result: Permission is listed in Web UI and is accessible in CLI even when using the --sizelimit option. | When an Identity Management server installed on Red Hat Enterprise Linux 6.2 is updated to the version provided by Red Hat Enterprise Linux 6.4 or 6.5, the new pbac permission "Write DNS Configuration" is created without any of the required object classes. Consequently, the permission may not show up on the Identity Management Web UI permission page or when the --sizelimit parameter is used for the CLI permission-find command. The permission is still accessible using the command line when the --sizelimit option is not specified. To work around this problem, run the following command on the server to trigger the DNS permission update process again and fix the list of permission object classes: ]# ipa-ldap-updater --ldapi /usr/share/ipa/updates/40-dns.update This problem can also be avoided when a Red Hat Enterprise Linux 6.4 or 6.5 replica is installed or when an Identity Management server is reinstalled or upgraded. |
Back to bug 1009102