Back to bug 1305533

Who When What Removed Added
Silvio Wanka 2016-02-08 14:29:41 UTC Summary ipa trust-add succeded but after that ipa trust-find returns "mothing found" ipa trust-add succeded but after that ipa trust-find returns "0 trusts matched"
Petr Vobornik 2016-02-09 13:02:13 UTC CC Silvio.Wanka
Flags needinfo?(Silvio.Wanka)
Silvio Wanka 2016-02-09 13:35:59 UTC Flags needinfo?(Silvio.Wanka)
Petr Vobornik 2016-02-11 13:03:48 UTC CC tbabej
Flags needinfo?(tbabej)
Petr Vobornik 2016-02-15 20:32:15 UTC CC abokovoy
Flags needinfo?(abokovoy)
Alexander Bokovoy 2016-02-15 20:46:38 UTC Flags needinfo?(tbabej) needinfo?(abokovoy)
Sumit Bose 2016-02-16 11:15:58 UTC CC sbose
Petr Vobornik 2016-02-16 16:16:09 UTC Status NEW ASSIGNED
Petr Vobornik 2016-02-16 16:27:57 UTC CC ekeck
Flags needinfo?(ekeck)
Siddharth Nagar 2016-02-17 15:35:11 UTC Priority unspecified high
Kaleem 2016-02-17 15:49:39 UTC CC ksiddiqu
Eugene Keck 2016-02-17 15:50:45 UTC Priority high urgent
Hardware Unspecified All
Flags needinfo?(ekeck)
OS Unspecified Linux
Severity high urgent
Martin Bašti 2016-02-23 17:14:31 UTC Status ASSIGNED POST
CC mbasti
Jan Kurik 2016-02-24 10:25:23 UTC Blocks 1311470
Jan Kurik 2016-02-24 10:26:03 UTC Keywords ZStream
Jan Cholasta 2016-02-24 11:59:38 UTC Status POST MODIFIED
Fixed In Version ipa-4.2.0-16.el7
Martin Bašti 2016-03-01 16:21:45 UTC Status MODIFIED ASSIGNED
Petr Vobornik 2016-03-02 09:45:06 UTC Status ASSIGNED POST
Jan Cholasta 2016-03-02 14:51:40 UTC Status POST MODIFIED
CC jcholast
Jan Cholasta 2016-03-14 09:35:13 UTC Flags needinfo?(mbasti)
Martin Bašti 2016-03-14 09:49:37 UTC Doc Text Cause:
IPA sidgen and exdom plugins coniguration contained improper value of basedn (literally "$SUFFIX") instead of basedn of the IPA LDAP tree. (affected versions: IPA 4.2+)

Consequence:
SIDs were not generated properly that caused the new AD trusts created on affected version of IPA did not work.

Fix:
Configuration of plugins have been fixed. Trusts must be re-created manually (by 'ipa trust-add' command). User warnings have been added to inform user that trusts must be recreated.

Result:
After recreating the broken AD trusts, the AD trusts should work as expected.
Flags needinfo?(mbasti)
Martin Bašti 2016-03-14 09:50:07 UTC Doc Text Cause:
IPA sidgen and exdom plugins coniguration contained improper value of basedn (literally "$SUFFIX") instead of basedn of the IPA LDAP tree. (affected versions: IPA 4.2+)

Consequence:
SIDs were not generated properly that caused the new AD trusts created on affected version of IPA did not work.

Fix:
Configuration of plugins have been fixed. Trusts must be re-created manually (by 'ipa trust-add' command). User warnings have been added to inform user that trusts must be recreated.

Result:
After recreating the broken AD trusts, the AD trusts should work as expected.
Cause:
IPA sidgen and exdom plugins configuration contained improper value of basedn (literally "$SUFFIX") instead of basedn of the IPA LDAP tree. (affected versions: IPA 4.2+)

Consequence:
SIDs were not generated properly that caused the new AD trusts created on affected version of IPA did not work.

Fix:
Configuration of plugins have been fixed. Trusts must be re-created manually (by 'ipa trust-add' command). User warnings have been added to inform user that trusts must be recreated.

Result:
After recreating the broken AD trusts, the AD trusts should work as expected.
Alexander Bokovoy 2016-03-14 10:00:28 UTC Doc Text Cause:
IPA sidgen and exdom plugins configuration contained improper value of basedn (literally "$SUFFIX") instead of basedn of the IPA LDAP tree. (affected versions: IPA 4.2+)

Consequence:
SIDs were not generated properly that caused the new AD trusts created on affected version of IPA did not work.

Fix:
Configuration of plugins have been fixed. Trusts must be re-created manually (by 'ipa trust-add' command). User warnings have been added to inform user that trusts must be recreated.

Result:
After recreating the broken AD trusts, the AD trusts should work as expected.
Cause:
When upgrading from IPA version prior to 4.2 or installing 4.2 version from scratch, new IPA sidgen and exdom plugins' configuration contained improper value of basedn (literally "$SUFFIX") instead of basedn of the IPA LDAP tree.

Consequence:
Security Identifiers (SIDs) for IPA users and objects were not generated properly due to misconfigured sidgen plugin. As result, all AD trusts created on affected version of IPA did not work while advertising that the trust was established correctly.

Fix:
Configuration of the sidgen and extdom plugins have been fixed as part of the server upgrade to this version. Trusts to AD forests must be re-created manually (by 'ipa trust-add' command). User warnings have been added to inform user that a trust to AD must be recreated.

Result:
After recreating the broken AD trusts, the AD trusts should work as expected.
Petr Vobornik 2016-03-15 15:06:23 UTC CC mvarun
Petr Vobornik 2016-03-15 15:08:05 UTC Status MODIFIED ASSIGNED
Petr Vobornik 2016-03-16 16:31:20 UTC Status ASSIGNED POST
Jan Cholasta 2016-03-17 09:09:31 UTC Status POST MODIFIED
John Skeoch 2016-05-05 04:37:09 UTC CC tbabej mkosek
errata-xmlrpc 2016-05-20 05:58:28 UTC Status MODIFIED ON_QA
Varun Mylaraiah 2016-07-21 15:29:07 UTC Status ON_QA VERIFIED
errata-xmlrpc 2016-11-02 15:14:18 UTC Status VERIFIED RELEASE_PENDING
errata-xmlrpc 2016-11-04 05:51:07 UTC Status RELEASE_PENDING CLOSED
Resolution --- ERRATA
Last Closed 2016-11-04 01:51:07 UTC

Back to bug 1305533