Bug 1254693
| Summary: | vault --service does not normalize service principal | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Petr Vobornik <pvoborni> |
| Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> |
| Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | medium | ||
| Version: | 7.2 | CC: | mkosek, rcritten, spoore |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | ipa-4.2.0-5.el7 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-11-19 12:05:47 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Petr Vobornik
2015-08-18 16:38:07 UTC
fixed upstream:
master:
76ab7d9bae1a1381af9e7ed51297b00823cce857 vault: normalize service principal in service vault operations
ipa-4-2:
c38e8c3ceb63673815dcf4269b67075f4b10f5cb vault: normalize service principal in service vault operations
Verified. Version :: ipa-server-4.2.0-13.el7.x86_64 Results :: [root@rhel7-1 ~]# ipa vault-add test_short --service=test/example.com New password: Verify password: ------------------------ Added vault "test_short" ------------------------ Vault name: test_short Type: symmetric Salt: YaQ5kn3tiaUbSUWCtXIsjg== Owner users: admin Vault service: test/example.com [root@rhel7-1 ~]# ipa vault-add test_long --service=test/example.com New password: Verify password: ----------------------- Added vault "test_long" ----------------------- Vault name: test_long Type: symmetric Salt: jcZdHSvMoUHY7tDLHXod8g== Owner users: admin Vault service: test/example.com [root@rhel7-1 ~]# ldapsearch -Y GSSAPI -o ldif-wrap=no -b cn=test/example.com,cn=services,cn=vaults,cn=kra,dc=example,dc=com SASL/GSSAPI authentication started SASL username: admin SASL SSF: 56 SASL data security layer installed. # extended LDIF # # LDAPv3 # base <cn=test/example.com,cn=services,cn=vaults,cn=kra,dc=example,dc=com> with scope subtree # filter: (objectclass=*) # requesting: ALL # # test/example.com, services, vaults, kra, example.com dn: cn=test/example.com,cn=services,cn=vaults,cn=kra,dc=example,dc=com objectClass: ipaVaultContainer objectClass: top owner: uid=admin,cn=users,cn=accounts,dc=example,dc=com cn: test/example.com # test_short, test/example.com, services, vaults, kra, example.com dn: cn=test_short,cn=test/example.com,cn=services,cn=vaults,cn=kra,dc=example,dc=com ipaVaultType: symmetric ipaVaultSalt:: YaQ5kn3tiaUbSUWCtXIsjg== objectClass: ipaVault objectClass: top owner: uid=admin,cn=users,cn=accounts,dc=example,dc=com cn: test_short # test_long, test/example.com, services, vaults, kra, example.com dn: cn=test_long,cn=test/example.com,cn=services,cn=vaults,cn=kra,dc=example,dc=com ipaVaultType: symmetric ipaVaultSalt:: jcZdHSvMoUHY7tDLHXod8g== objectClass: ipaVault objectClass: top owner: uid=admin,cn=users,cn=accounts,dc=example,dc=com cn: test_long # search result search: 4 result: 0 Success # numResponses: 4 # numEntries: 3 [root@rhel7-1 ~]# ldapsearch -Y GSSAPI -o ldif-wrap=no -b cn=test/example.com,cn=services,cn=vaults,cn=kra,dc=example,dc=com SASL/GSSAPI authentication started SASL username: admin SASL SSF: 56 SASL data security layer installed. # extended LDIF # # LDAPv3 # base <cn=test/example.com,cn=services,cn=vaults,cn=kra,dc=example,dc=com> with scope subtree # filter: (objectclass=*) # requesting: ALL # # search result search: 4 result: 32 No such object matchedDN: cn=services,cn=vaults,cn=kra,dc=example,dc=com # numResponses: 1 [root@rhel7-1 ~]# ipa vault-del test_short --service=test/example.com -------------------------- Deleted vault "test_short" -------------------------- [root@rhel7-1 ~]# ipa vault-del test_long --service=test/example.com ------------------------- Deleted vault "test_long" ------------------------- [root@rhel7-1 ~]# ipa vault-find --service=test/example.com ---------------- 0 vaults matched ---------------- ---------------------------- Number of entries returned 0 ---------------------------- [root@rhel7-1 ~]# ipa vaultcontainer-show --service=test/example.com Owner users: admin Vault service: test/example.com [root@rhel7-1 ~]# ipa vaultcontainer-show --service=test/example.com Owner users: admin Vault service: test/example.com [root@rhel7-1 ~]# ipa vault-add test2_short --service=test/example.com New password: Verify password: ------------------------- Added vault "test2_short" ------------------------- Vault name: test2_short Type: symmetric Salt: pDn2Db5DVgAiy2iHmn8j9w== Owner users: admin Vault service: test/example.com [root@rhel7-1 ~]# ipa vault-add test2_long --service=test/example.com New password: Verify password: ------------------------ Added vault "test2_long" ------------------------ Vault name: test2_long Type: symmetric Salt: dQvaWruBT7lReD38zb1c1A== Owner users: admin Vault service: test/example.com [root@rhel7-1 ~]# ipa vault-find --service=test/example.com ---------------- 2 vaults matched ---------------- Vault name: test2_long Type: symmetric Vault service: test/example.com Vault name: test2_short Type: symmetric Vault service: test/example.com ---------------------------- Number of entries returned 2 ---------------------------- [root@rhel7-1 ~]# ipa vault-find --service=test/example.com ---------------- 2 vaults matched ---------------- Vault name: test2_long Type: symmetric Vault service: test/example.com Vault name: test2_short Type: symmetric Vault service: test/example.com ---------------------------- Number of entries returned 2 ---------------------------- [root@rhel7-1 ~]# ipa vault-find --services ---------------- 2 vaults matched ---------------- Vault name: test2_long Type: symmetric Vault service: test/example.com Vault name: test2_short Type: symmetric Vault service: test/example.com ---------------------------- Number of entries returned 2 ---------------------------- Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-2362.html |