Bug 1184149

Summary: DUA profile not available anonymously
Product: Red Hat Enterprise Linux 7 Reporter: Martin Kosek <mkosek>
Component: ipaAssignee: IPA Maintainers <ipa-maint>
Status: CLOSED ERRATA QA Contact: Namita Soman <nsoman>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 7.0CC: drieden, jcholast, rcritten, spoore
Target Milestone: rcKeywords: Regression
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-4.1.0-16.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-05 10:19:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Martin Kosek 2015-01-20 16:43:10 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/4850

The DUA project used to configure Solaris and HP/ux clients is not available anonymously. This is a regression from 3.x.

The URI is cn=default,ou=profile,$SUFFIX.

Tested using freeipa-server-4.1.2-1 on F-21
{{{
$  ldapsearch -LLL -x -b cn=default,ou=profile,dc=example,dc=com
}}}
In 3.x:
{{{
$ ldapsearch -LLL -x -b cn=default,ou=profile,dc=example,dc=com
dn: cn=default,ou=profile,dc=example,dc=com
defaultServerList: grindle.example.com
defaultSearchBase: dc=example,dc=com
objectClass: top
objectClass: DUAConfigProfile
serviceSearchDescriptor: passwd:cn=users,cn=accounts,dc=example,dc=com
serviceSearchDescriptor: group:cn=groups,cn=compat,dc=example,dc=com
searchTimeLimit: 15
followReferrals: TRUE
objectclassMap: shadow:shadowAccount=posixAccount
bindTimeLimit: 5
authenticationMethod: none
cn: default
}}}
Comment 2 Jan Cholasta 2015-01-21 07:48:42 UTC 
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/0a7a8d66040f7a5f0e55da4b01e614dd9b569a00
ipa-4-1:
https://fedorahosted.org/freeipa/changeset/b54b740f7903a0722930cc281ccb5a2bece45aef
Comment 4 Scott Poore 2015-01-24 20:29:18 UTC 
reproduced:

[root@rhel7-3 ~]# ldapsearch -LLL -x -b cn=default,ou=profile,dc=example,dc=com
[root@rhel7-3 ~]# rpm -q ipa-server
ipa-server-4.1.0-10.el7.x86_64
Comment 5 Scott Poore 2015-01-24 20:30:15 UTC 
verified.

Version ::

ipa-server-4.1.0-16.el7.x86_64


Results ::

[root@rhel7-2 ~]# ldapsearch -LLL -x -b cn=default,ou=profile,dc=example,dc=com
dn: cn=default,ou=profile,dc=example,dc=com
defaultServerList: rhel7-2.example.com
defaultSearchBase: dc=example,dc=com
objectClass: top
objectClass: DUAConfigProfile
serviceSearchDescriptor: passwd:cn=users,cn=accounts,dc=example,dc=com
serviceSearchDescriptor: group:cn=groups,cn=compat,dc=example,dc=com
searchTimeLimit: 15
followReferrals: TRUE
objectclassMap: shadow:shadowAccount=posixAccount
bindTimeLimit: 5
authenticationMethod: none
cn: default
Comment 7 errata-xmlrpc 2015-03-05 10:19:28 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0442.html