Bug 1248396

Summary: Internal error in DomainValidator.__search_in_dc
Product: Red Hat Enterprise Linux 7 Reporter: Petr Vobornik <pvoborni>
Component: ipaAssignee: IPA Maintainers <ipa-maint>
Status: CLOSED ERRATA QA Contact: Namita Soman <nsoman>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.2CC: jcholast, ksiddiqu, rcritten, sumenon, tbabej
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-4.2.0-4.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-11-19 12:04:44 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Petr Vobornik 2015-07-30 08:32:04 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/5157

The error manifests itself as part of idoverrideuser/group commands when invoked with AD users as arguments.

It's a regression from 4.1, present in 4.2.
Comment 1 Petr Vobornik 2015-07-30 08:34:44 UTC 
Fixed upstream

  master: cf59981cc2c6bb13c286188aa27cb10a49ff4a5e
  ipa-4-2: fe3fa23e5f34219fda7cba182de50b5bd8074fb7
Comment 3 Sudhir Menon 2015-09-30 11:34:30 UTC 
Jan,
What i understand from the bug is that there is an error displayed when trusted ADusers are used as argument to ipa idoverrideuser/group command.
But is there a specific command from the one listed below with which this was seen or can you please provide me the steps? 

idoverridegroup-del 	
idoverridegroup-find 	
idoverridegroup-mod 	
idoverridegroup-show 	
idoverrideuser-add 	
idoverrideuser-del 	
idoverrideuser-find 	
idoverrideuser-mod 	
idoverrideuser-show
Comment 4 Tomas Babej 2015-09-30 11:50:48 UTC 
Any of those commands would suffice, if invoked with AD trusted users. A good example is:

$ ipa idoverrideuser-add 'Default Trust View' Administrator --uid 500
Comment 5 Sudhir Menon 2015-09-30 13:24:38 UTC 
Verified using RHEL7.2 and Windows 2012 R2

ipa-server-trust-ad-4.2.0-12.el7.x86_64
ipa-server-4.2.0-12.el7.x86_64
ipa-server-dns-4.2.0-12.el7.x86_64
sssd-1.13.0-35.el7.x86_64

Observations: Internal error in DomainValidator.__search_in_dc is not seen on the console when ad users are used as parameter to the idoverride user/group command.

1. [root@ipa01 ~]# ipa idoverrideuser-add 'Default Trust View' test11 --uid 500
---------------------------------------
Added User ID override "test11"
---------------------------------------
  Anchor to override: test11
  UID: 500

2. [root@ipa01 ~]# ipa idoverrideuser-find 'Default Trust View' test11 --uid 500
--------------------------
1 User ID override matched
--------------------------
  Anchor to override: test11
  UID: 500
----------------------------
Number of entries returned 1
----------------------------

3. [root@ipa01 ~]# ipa idoverrideuser-del 'Default Trust View' test11
-----------------------------------------
Deleted User ID override "test11"
-----------------------------------------

4. [root@ipa01 ~]# ipa idoverrideuser-show 'Default Trust View' test11
  Anchor to override: test11
  UID: 500


5. [root@ipa01 ~]# ipa idoverrideuser-mod 'Default Trust View' test11 --uid=1555
---------------------------------------------
Modified an User ID override "test11"
---------------------------------------------
  Anchor to override: test11
  UID: 1555

6. [root@ipa01 ~]# ipa idoverridegroup-del 'Default Trust View' biggroup 
--------------------------------------------
Deleted Group ID override "biggroup"
--------------------------------------------

7. [root@ipa01 ~]# ipa idoverridegroup-add 'Default Trust View' biggroup 
------------------------------------------
Added Group ID override "biggroup"
------------------------------------------
  Anchor to override: biggroup

8. [root@ipa01 ~]# ipa idoverridegroup-mod 'Default Trust View' biggroup --gid=5343
------------------------------------------------
Modified an Group ID override "biggroup"
------------------------------------------------
  Anchor to override: biggroup
  GID: 5343

9. [root@ipa01 ~]# ipa idoverridegroup-show 'Default Trust View' biggroup
  Anchor to override: biggroup
  GID: 5343
Comment 6 errata-xmlrpc 2015-11-19 12:04:44 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2362.html