Bug 1205264

Summary: Migration UI Does Not Work When Anonymous Bind is Disabled
Product: Red Hat Enterprise Linux 7 Reporter: Petr Vobornik <pvoborni>
Component: ipaAssignee: IPA Maintainers <ipa-maint>
Status: CLOSED ERRATA QA Contact: Namita Soman <nsoman>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 7.1CC: akasurde, rcritten
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-4.2.0-3.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-11-19 12:03:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
cmd_log none

Description Petr Vobornik 2015-03-24 14:47:36 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/4953

I have migrated users from an old/broken FreeIPA server using Martin Kosek's recommendations here: http://news.gmane.org/find-root.php?message_id=550810EF.2030705%40redhat.com

My servers are on the public internet, so for obvious reasons I immediately disabled anonymous bind.

Now, everything is working except that the migration UI (at https://server/ipa/migration/) does not work when anonymous bind is disabled.  I get the following message in HTTPD's error_log:

  [Tue Mar 17 11:57:13.169949 2015] [:error] [pid 13589] ipa: ERROR: migration unable to get base dn
  
  [Tue Mar 17 11:57:30.729802 2015] [:error] [pid 13588] ipa: ERROR: migration context search failed: Insufficient access: Inappropriate authentication: Anonymous access is not allowed.

FreeIPA version is ipa-server-4.1.0-18.el7.centos.x86_64
Comment 1 Petr Vobornik 2015-07-17 11:43:47 UTC 
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/e5d179b5b96bba5048a05135693acc5507d38163
ipa-4-2:
https://fedorahosted.org/freeipa/changeset/65877820b821884ac3b539e7f64e12c2cb3dd34f
ipa-4-1:
https://fedorahosted.org/freeipa/changeset/e40a6bc0824020af6ae9d95f444c69a09457cb24
Comment 3 Abhijeet Kasurde 2015-09-30 10:01:40 UTC 
Created attachment 1078578 [details]
cmd_log
Comment 4 Abhijeet Kasurde 2015-09-30 10:02:16 UTC 
Verified.

IPA version ::

ipa-server-4.2.0-12.el7.x86_64
Comment 5 errata-xmlrpc 2015-11-19 12:03:11 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2362.html