| Summary: | automember rebuild membership not working as expected | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Nathan Kinder <nkinder> |
| Component: | 389-ds-base | Assignee: | Rich Megginson <rmeggins> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Sankar Ramalingam <sramling> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.0 | CC: | jgalipea, mreynolds, nhosoi, nsoman, sramling |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | 389-ds-base-1.3.1.6-4.el7 | Doc Type: | Bug Fix |
| Doc Text: |
Cause: Misconfiguration of the "basedn" value in the automember rebuild task. E.g. the base dn is the parent of the configuration scope DN.
Consequence: If the base DN specified is not under the automember plugin scope, then it fails to rebuild any entry.
Fix: Regardless of what the base dn, still follow the automember configuration scope.
Result: The automember rebuild task works as expected.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-06-13 11:05:37 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
|
Description
Nathan Kinder
2013-09-10 20:14:11 UTC
moving all ON_QA bugs to MODIFIED in order to add them to the errata (can't add bugs in the ON_QA state to an errata). When the errata is created, the bugs should be automatically moved back to ON_QA. [root@rhel7ui ~]# ipa hostgroup-add --desc="Web Servers" webservers ---------------------------- Added hostgroup "webservers" ---------------------------- Host-group: webservers Description: Web Servers [root@rhel7ui ~]# ipa host-add web1.example.com --force ----------------------------- Added host "web1.example.com" ----------------------------- Host name: web1.example.com Principal name: host/web1.example.com Password: False Keytab: False Managed by: web1.example.com [root@rhel7ui ~]# ipa automember-add --type=hostgroup webservers ---------------------------------- Added automember rule "webservers" ---------------------------------- Automember Rule: webservers [root@rhel7ui ~]# ipa automember-add-condition --key=fqdn --type=hostgroup --inclusive-regex=^web[1-9]+\.example\.com webservers ---------------------------------- Added condition(s) to "webservers" ---------------------------------- Automember Rule: webservers Inclusive Regex: fqdn=^web[1-9]+.example.com ---------------------------- Number of conditions added 1 ---------------------------- [root@rhel7ui ~]# ipa host-add web2.example.com --force ----------------------------- Added host "web2.example.com" ----------------------------- Host name: web2.example.com Principal name: host/web2.example.com Password: False Member of host-groups: webservers Indirect Member of netgroup: webservers Keytab: False Managed by: web2.example.com [root@rhel7ui ~]# ipa hostgroup-show webservers Host-group: webservers Description: Web Servers Member hosts: web2.example.com [root@rhel7ui ~]# cat rebuild.ldif dn: cn=rt,cn=automember rebuild membership,cn=tasks,cn=config changetype: add objectClass: top objectClass: extensibleObject cn: rt basedn: dc=rhel7ui,dc=testrelm,dc=com filter: (fqdn=*) scope: sub [root@rhel7ui ~]# hostname rhel7ui.testrelm.com [root@rhel7ui ~]# ldapmodify -x -D 'cn=directory manager' -w Secret123 -f rebuild.ldif adding new entry "cn=rt,cn=automember rebuild membership,cn=tasks,cn=config" [root@rhel7ui ~]# ipa hostgroup-show webservers Host-group: webservers Description: Web Servers Member hosts: web2.example.com Rebuilding of membership is expected to add host "web1.example.com" as a member of hostgroup webservers, but its not. Build tested: [root@rhel7ui ~]# rpm -qa |grep -i 389-ds-base 389-ds-base-libs-1.3.1.6-14.el7.x86_64 389-ds-base-1.3.1.6-14.el7.x86_64 [root@rhel7ui ~]# rpm -qa |grep -i ipa-server ipa-server-3.3.3-12.el7.x86_64 (In reply to Sankar Ramalingam from comment #3) > [root@rhel7ui ~]# ipa hostgroup-add --desc="Web Servers" webservers > ---------------------------- > Added hostgroup "webservers" > ---------------------------- > Host-group: webservers > Description: Web Servers > [root@rhel7ui ~]# ipa host-add web1.example.com --force > ----------------------------- > Added host "web1.example.com" > ----------------------------- > Host name: web1.example.com > Principal name: host/web1.example.com > Password: False > Keytab: False > Managed by: web1.example.com > [root@rhel7ui ~]# ipa automember-add --type=hostgroup webservers > ---------------------------------- > Added automember rule "webservers" > ---------------------------------- > Automember Rule: webservers > [root@rhel7ui ~]# ipa automember-add-condition --key=fqdn --type=hostgroup > --inclusive-regex=^web[1-9]+\.example\.com webservers > ---------------------------------- > Added condition(s) to "webservers" > ---------------------------------- > Automember Rule: webservers > Inclusive Regex: fqdn=^web[1-9]+.example.com > ---------------------------- > Number of conditions added 1 > ---------------------------- > [root@rhel7ui ~]# ipa host-add web2.example.com --force > ----------------------------- > Added host "web2.example.com" > ----------------------------- > Host name: web2.example.com > Principal name: host/web2.example.com > Password: False > Member of host-groups: webservers > Indirect Member of netgroup: webservers > Keytab: False > Managed by: web2.example.com > [root@rhel7ui ~]# ipa hostgroup-show webservers > Host-group: webservers > Description: Web Servers > Member hosts: web2.example.com > > [root@rhel7ui ~]# cat rebuild.ldif > dn: cn=rt,cn=automember rebuild membership,cn=tasks,cn=config > changetype: add > objectClass: top > objectClass: extensibleObject > cn: rt > basedn: dc=rhel7ui,dc=testrelm,dc=com > filter: (fqdn=*) > scope: sub > [root@rhel7ui ~]# hostname > rhel7ui.testrelm.com > > [root@rhel7ui ~]# ldapmodify -x -D 'cn=directory manager' -w Secret123 -f > rebuild.ldif > adding new entry "cn=rt,cn=automember rebuild membership,cn=tasks,cn=config" > > [root@rhel7ui ~]# ipa hostgroup-show webservers > Host-group: webservers > Description: Web Servers > Member hosts: web2.example.com > > > Rebuilding of membership is expected to add host "web1.example.com" as a > member of hostgroup webservers, but its not. > > > Build tested: > > [root@rhel7ui ~]# rpm -qa |grep -i 389-ds-base > 389-ds-base-libs-1.3.1.6-14.el7.x86_64 > 389-ds-base-1.3.1.6-14.el7.x86_64 > [root@rhel7ui ~]# rpm -qa |grep -i ipa-server > ipa-server-3.3.3-12.el7.x86_64 It looks like you might be testing this backwards, but I can not say for sure. Can you please provide the automember plugin configuration? And the actual DN's of the groups and hostgroups? Or can you provide the machine info so I can take a look? So the bug should be reproduced like this: automember scope: ou=people,dc=example,dc=com But if you run a task using a basedn (dc=example,dc=com), it will not work, as it expects (ou=people,dc=example,dc=com) - even though "dc=example,dc=com" should cover "ou=people,dc=example,dc=com". So with this fix, using "dc=example,dc=com" in the task now works - even though the plugin config is at a lower branch. Verified using ipa-server-3.3.3-18.el7.x86_64, 389-ds-base-1.3.1.6-18.el7.x86_64 Steps taken: 3. Add a hostgroup: # ipa hostgroup-add --desc="Web Servers" webservers ---------------------------- Added hostgroup "webservers" ---------------------------- Host-group: webservers Description: Web Servers 4. Add a host: # ipa host-add web1.testrelm.test --force ------------------------------- Added host "web1.testrelm.test" ------------------------------- Host name: web1.testrelm.test Principal name: host/web1.testrelm.test Password: False Keytab: False Managed by: web1.testrelm.test 5. Add an automember rule: # ipa automember-add --type=hostgroup webservers ---------------------------------- Added automember rule "webservers" ---------------------------------- Automember Rule: webservers # ipa automember-add-condition --key=fqdn --type=hostgroup --inclusive-regex=^web[1-9]+\.testrelm\.test webservers ---------------------------------- Added condition(s) to "webservers" ---------------------------------- Automember Rule: webservers Inclusive Regex: fqdn=^web[1-9]+.testrelm.test ---------------------------- Number of conditions added 1 ---------------------------- 6. Verify that automember rule works by adding a new host: # ipa host-add web2.testrelm.test --force ------------------------------- Added host "web2.testrelm.test" ------------------------------- Host name: web2.testrelm.test Principal name: host/web2.testrelm.test Password: False Member of host-groups: webservers Indirect Member of netgroup: webservers Keytab: False Managed by: web2.testrelm.test # ipa hostgroup-show webservers Host-group: webservers Description: Web Servers Member hosts: web2.testrelm.test 7. Try to rebuild membership: # cat rebuild.ldif dn: cn=rt,cn=automember rebuild membership,cn=tasks,cn=config changetype: add objectClass: top objectClass: extensibleObject cn: rt basedn: dc=testrelm,dc=test filter: (fqdn=*) scope: sub # ldapmodify -x -D 'cn=directory manager' -w Secret123 -f rebuild.ldif adding new entry "cn=rt,cn=automember rebuild membership,cn=tasks,cn=config" 8. Host web1.testrelm.test is a member of hostgroup webservers: # ipa hostgroup-show webservers Host-group: webservers Description: Web Servers Member hosts: web2.testrelm.test, web1.testrelm.test This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |