Bug 1108213
| Summary: | Installers should explicitly specify auth mechanism when calling ldapmodify | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Martin Kosek <mkosek> | |
| Component: | ipa | Assignee: | Martin Kosek <mkosek> | |
| Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> | |
| Severity: | unspecified | Docs Contact: | ||
| Priority: | medium | |||
| Version: | 7.1 | CC: | mkosek, rcritten, sgoveas, spoore | |
| Target Milestone: | rc | |||
| Target Release: | --- | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | ipa-4.0.3-1.el7 | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1108661 (view as bug list) | Environment: | ||
| Last Closed: | 2015-03-05 10:11:38 UTC | Type: | --- | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1108661 | |||
|
Description
Martin Kosek
2014-06-11 14:49:12 UTC
This request is already fixed in upstream FreeIPA project. Please refer to the linked ticket for additional details and related commits. Please add steps to test this bug See reproduction and discussion in the cloned bug: https://bugzilla.redhat.com/show_bug.cgi?id=1108661#c1 Verified Sanity Only like the cloned bug.
Version ::
Results ::
[root@vm8 ~]# cat .ldaprc
SASL_MECH GSSAPI
relevant history:
103 ipa-server-install --setup-dns --forwarder=192.168.122.1 --hostname=vm8.ipa2.example.com --ip-address=192.168.122.208 -n ipa2.example.com -r IPA2.EXAMPLE.COM -a Secret123 -p Secret123 -U
104 yum -y install samba-client samba-winbind-clients *ipa-server-trust-ad telnet
105 cat ~/.ldaprc
106 ipa-adtrust-install --enable-compat --netbios-name=IPA2 --add-sids -a Secret123 -U
ipaserver-install.log:
2015-01-28T00:55:06Z DEBUG [13/22]: activating extdom plugin
2015-01-28T00:55:06Z DEBUG Starting external process
2015-01-28T00:55:06Z DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpun5VXp' '-H' 'ldapi://%2fvar%2frun%2fslapd-IPA2-EXAMPLE-COM.socket' '-Y' 'EXTERNAL'
2015-01-28T00:55:06Z DEBUG Process finished, return code=0
2015-01-28T00:55:06Z DEBUG stdout=add objectclass:
top
nsSlapdPlugin
extensibleObject
add cn:
ipa_extdom_extop
add nsslapd-pluginpath:
libipa_extdom_extop
add nsslapd-plugininitfunc:
ipa_extdom_init
add nsslapd-plugintype:
extendedop
add nsslapd-pluginenabled:
on
add nsslapd-pluginid:
ipa_extdom_extop
add nsslapd-pluginversion:
1.0
add nsslapd-pluginvendor:
RedHat
add nsslapd-plugindescription:
Support resolving IDs in trusted domains to names and back
add nsslapd-plugin-depends-on-type:
database
add nsslapd-basedn:
dc=ipa2,dc=example,dc=com
adding new entry "cn=ipa_extdom_extop,cn=plugins,cn=config"
modify complete
2015-01-28T00:55:06Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-IPA2-EXAMPLE-COM.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
2015-01-28T00:55:06Z DEBUG duration: 0 seconds
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-0442.html |