Bug 1259848

Summary: server closes connection and refuses commands after deleting user that is still logged in
Product: Red Hat Enterprise Linux 7 Reporter: Petr Vobornik <pvoborni>
Component: ipaAssignee: IPA Maintainers <ipa-maint>
Status: CLOSED ERRATA QA Contact: Namita Soman <nsoman>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.2CC: akasurde, ksiddiqu, mkosek, rcritten, tbabej
Target Milestone: rcKeywords: Regression
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-4.2.0-9.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-11-19 12:06:18 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
internal_server_error none

Description Petr Vobornik 2015-09-03 15:46:52 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/5268

VERSION: 4.2.90.201508241517GITb202afb, API_VERSION: 2.152

{{{
[root@freeipabox ~]# ipa user-add --first=Foo --last=Bar --homedir=/home/foobar --password foobar
Password: 
Enter Password again to verify: 
-------------------
Added user "foobar"
-------------------
  User login: foobar
  First name: Foo
  Last name: Bar
  Full name: Foo Bar
  Display name: Foo Bar
  Initials: FB
  Home directory: /home/foobar
  GECOS: Foo Bar
  Login shell: /bin/sh
  Kerberos principal: foobar.COM
  Email address: foobar.com
  UID: 1025000046
  GID: 1025000046
  Password: True
  Member of groups: ipausers
  Kerberos keys available: True


-sh-4.3$ whoami
foobar
-sh-4.3$ ipa vault-find
----------------
0 vaults matched
----------------
----------------------------
Number of entries returned 0
----------------------------


[root@freeipabox ~]# ipa user-del foobar
---------------------
Deleted user "foobar"
---------------------
[root@freeipabox ~]# ipa user-show foobar
ipa: ERROR: foobar: user not found
[root@freeipabox ~]# id foobar
uid=1025000046(foobar) gid=1025000046(foobar) groups=1025000046(foobar)


-sh-4.3$ ipa vault-find
ipa: ERROR: Insufficient access: SASL(-14): authorization failure: Invalid credentials
-sh-4.3$ cd
-sh-4.3$ pwd
/home/foobar
-sh-4.3$ ls
-sh-4.3$ ipa user-find
ipa: ERROR: Can't connect to server: Already connected


[root@freeipabox ~]# ipa user-find
ipa: ERROR: cannot connect to 'https://freeipabox.abc.example.com/ipa/session/json': Internal Server Error


-sh-4.3$ exit
logout
Connection to 192.168.1.1 closed.


[root@freeipabox ~]# ipa user-find
ipa: ERROR: cannot connect to 'https://freeipabox.abc.example.com/ipa/session/json': Internal Server Error
[root@freeipabox ~]# ipa vault-find
ipa: ERROR: cannot connect to 'https://freeipabox.abc.example.com/ipa/session/json': Internal Server Error
# after some time
[root@freeipabox ~]# ipa vault-find
ipa: ERROR: Can't connect to server: Already connected
[root@freeipabox ~]# ipa user-find
ipa: ERROR: Can't connect to server: Already connected
[root@freeipabox ~]# ipa config-show
ipa: ERROR: Can't connect to server: Already connected

# make it working again
[root@freeipabox ~]# systemctl restart ipa
[root@freeipabox ~]# ipa config-show
  Maximum username length: 32
  Home directory base: /home
  Default shell: /bin/sh
  Default users group: ipausers
- SNIP -
[root@freeipabox ~]# ipa vault-find
----------------
0 vaults matched
----------------
----------------------------
Number of entries returned 0
----------------------------
}}}
Comment 2 Tomas Babej 2015-09-04 11:52:44 UTC 
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/198908ec78b9a2dbdb802c3a094ec8f54b931d7a
ipa-4-2:
https://fedorahosted.org/freeipa/changeset/fa1529779de85a589dfa12ca30dcdfe7a1146c83
Comment 5 Abhijeet Kasurde 2015-09-14 10:03:08 UTC 
Created attachment 1073169 [details]
internal_server_error
Comment 6 Abhijeet Kasurde 2015-09-14 10:04:28 UTC 
Verified fix using IPA server - ipa-server-4.2.0-9.el7.x86_64

Marking bug as verified.
Comment 7 errata-xmlrpc 2015-11-19 12:06:18 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2362.html