Bug 1246141
| Summary: | DNS Administrators cannot search in zones | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Jan Cholasta <jcholast> |
| Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> |
| Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | medium | ||
| Version: | 7.2 | CC: | ksiddiqu, mkosek, rcritten |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | ipa-4.2.0-3.el7 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-11-19 12:04:39 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Jan Cholasta
2015-07-23 14:21:31 UTC
Fixed upstream master: https://fedorahosted.org/freeipa/changeset/5ea41abe9836c94579115f9b220a8205b15d520d/ ipa-4-2: https://fedorahosted.org/freeipa/changeset/bb6498547e1d638a064e4af259e195b7b95288b3/ Verified. [root@dhcp207-229 ~]# rpm -q ipa-server ipa-server-4.2.0-9.el7.x86_64 [root@dhcp207-229 ~]# [root@dhcp207-229 ~]# ipa user-add testuser1 --password First name: test Last name: user1 Password: Enter Password again to verify: ---------------------- Added user "testuser1" ---------------------- User login: testuser1 First name: test Last name: user1 Full name: test user1 Display name: test user1 Initials: tu Home directory: /home/testuser1 GECOS: test user1 Login shell: /bin/sh Kerberos principal: testuser1 Email address: testuser1 UID: 1222400001 GID: 1222400001 Password: True Member of groups: ipausers Kerberos keys available: True [root@dhcp207-229 ~]# kinit testuser1 Password for testuser1: Password expired. You must change it now. Enter new password: Enter it again: Password mismatch. Please try again. Enter new password: Enter it again: [root@dhcp207-229 ~]# klist Ticket cache: KEYRING:persistent:0:krb_ccache_4NPLM47 Default principal: testuser1 Valid starting Expires Service principal 09/09/2015 18:34:33 09/10/2015 18:34:33 krbtgt/TESTRELM.TEST [root@dhcp207-229 ~]# ipa dnszone-find ---------------------------- Number of entries returned 0 ---------------------------- [root@dhcp207-229 ~]# echo xxxxxxxx|kinit admin Password for admin: [root@dhcp207-229 ~]# ipa dnszone-find Zone name: 207.65.10.in-addr.arpa. Active zone: TRUE Authoritative nameserver: dhcp207-229.testrelm.test. Administrator e-mail address: hostmaster.testrelm.test. SOA serial: 1441801445 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Allow query: any; Allow transfer: none; Zone name: testrelm.test. Active zone: TRUE Authoritative nameserver: dhcp207-229.testrelm.test. Administrator e-mail address: hostmaster.testrelm.test. SOA serial: 1441801472 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Allow query: any; Allow transfer: none; ---------------------------- Number of entries returned 2 ---------------------------- [root@dhcp207-229 ~]# ipa role-add dns_admin --desc="DNS Admin" ---------------------- Added role "dns_admin" ---------------------- Role name: dns_admin Description: DNS Admin [root@dhcp207-229 ~]# ipa role-add-privilege dns_admin --privileges="DNS Administrators" Role name: dns_admin Description: DNS Admin Privileges: DNS Administrators ---------------------------- Number of privileges added 1 ---------------------------- [root@dhcp207-229 ~]# ipa role-show dns_admin Role name: dns_admin Description: DNS Admin Privileges: DNS Administrators [root@dhcp207-229 ~]# [root@dhcp207-229 ~]# echo xxxxxxxx|kinit testuser1 Password for testuser1: [root@dhcp207-229 ~]# ipa dnszone-find ---------------------------- Number of entries returned 0 ---------------------------- [root@dhcp207-229 ~]# echo xxxxxxxx|kinit admin Password for admin: [root@dhcp207-229 ~]# ipa role-add-member dns_admin --users=testuser1 Role name: dns_admin Description: DNS Admin Member users: testuser1 Privileges: DNS Administrators ------------------------- Number of members added 1 ------------------------- [root@dhcp207-229 ~]# ipa role-show dns_admin Role name: dns_admin Description: DNS Admin Member users: testuser1 Privileges: DNS Administrators [root@dhcp207-229 ~]# echo xxxxxxxx|kinit testuser1 Password for testuser1: [root@dhcp207-229 ~]# klist Ticket cache: KEYRING:persistent:0:krb_ccache_4NPLM47 Default principal: testuser1 Valid starting Expires Service principal 09/09/2015 18:40:41 09/10/2015 18:40:41 krbtgt/TESTRELM.TEST [root@dhcp207-229 ~]# ipa dnszone-find Zone name: 207.65.10.in-addr.arpa. Active zone: TRUE Authoritative nameserver: dhcp207-229.testrelm.test. Administrator e-mail address: hostmaster.testrelm.test. SOA serial: 1441801445 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Allow query: any; Allow transfer: none; Zone name: testrelm.test. Active zone: TRUE Authoritative nameserver: dhcp207-229.testrelm.test. Administrator e-mail address: hostmaster.testrelm.test. SOA serial: 1441801472 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Allow query: any; Allow transfer: none; ---------------------------- Number of entries returned 2 ---------------------------- [root@dhcp207-229 ~]# Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-2362.html |