Bug 1281750
| Summary: | duplicate ldap entries returned on getent when making usage of ID views in IPA | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Jan Kurik <jkurik> |
| Component: | slapi-nis | Assignee: | Alexander Bokovoy <abokovoy> |
| Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> |
| Severity: | urgent | Docs Contact: | |
| Priority: | urgent | ||
| Version: | 7.2 | CC: | abokovoy, ekeck, gagriogi, jkurik, ksiddiqu, ldelouw, mkosek, sumenon |
| Target Milestone: | rc | Keywords: | ZStream |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | 1277576 | Environment: | |
| Last Closed: | 2015-12-08 10:36:42 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1277576 | ||
| Bug Blocks: | |||
|
Description
Jan Kurik
2015-11-13 11:32:59 UTC
Fix is seen.Verified using slapi-nis-0.54-6.el7_2.x86_64.
Duplicate ldap entries are not listed.
1. With slapi-nis-0.54-5.el7.x86_64 which doesn't have the fix.
[root@ipaserver1 ~]# ipa user-add --first=Joe --last=Doe --shell=/bin/bash jdoe
-----------------
Added user "jdoe"
-----------------
User login: jdoe
First name: Joe
Last name: Doe
Full name: Joe Doe
Display name: Joe Doe
Initials: JD
Home directory: /home/jdoe
GECOS: Joe Doe
Login shell: /bin/bash
Kerberos principal: jdoe
Email address: jdoe
UID: 495400005
GID: 495400005
Password: False
Member of groups: ipausers
Kerberos keys available: False
[root@ipaserver1 ~]# ipa idview-add legacy-servers --desc "Our legacy servers"
------------------------------
Added ID View "legacy-servers"
------------------------------
ID View Name: legacy-servers
Description: Our legacy servers
[root@ipaserver1 ~]# ipa idoverrideuser-add --uid=1001 --shell=/bin/ksh
legacy-servers jdoe
---------------------------- Added User ID override "jdoe"
-----------------------------
Anchor to override: jdoe
UID: 1001
Login shell: /bin/ksh
[root@ipaclient01 ~]# authconfig --updateall --enableldap --enableldapauth --ldapserver=ldap://ipaserver1.labs02.test --ldapbasedn=cn=users,cn=legacy-servers,cn=views,cn=compat,dc=labs02,dc=test
[root@ipaclient01 ~]# getent passwd jdoe
jdoe:*:495400005:495400005:Joe Doe:/home/jdoe:/bin/bash <====
[root@ipaclient01 ~]# ldapsearch -LLL -x -b cn=users,cn=legacy-servers,cn=views,cn=compat,dc=labs02,dc=test -D "cn=Directory Manager" -W uid=jdoe
Enter LDAP Password:
dn: uid=jdoe,cn=users,cn=legacy-servers,cn=views,cn=compat,dc=labs02,dc=test
cn: Joe Doe
objectClass: posixAccount
objectClass: top
gidNumber: 495400005
gecos: Joe Doe
uidNumber: 495400005
uidNumber: 1001
loginShell: /bin/bash <====
loginShell: /bin/ksh <====
homeDirectory: /home/jdoe
uid: jdoe
2. After upgrading slapi-nis and restarting directory service instance the fix is seen.
[root@ipaclient01 yum.repos.d]# rpm -qa | grep slapi-nis
slapi-nis-0.54-6.el7_2.x86_64
[root@ipaclient01 yum.repos.d]# getent passwd jdoe
jdoe:*:1001:495400005:Joe Doe:/home/jdoe:/bin/ksh <====
[root@ipaclient01 yum.repos.d]# ldapsearch -LLL -x -b cn=users,cn=legacy-servers,cn=views,cn=compat,dc=labs02,dc=test -D "cn=Directory Manager" -W uid=jdoe
Enter LDAP Password:
dn: uid=jdoe,cn=users,cn=legacy-servers,cn=views,cn=compat,dc=labs02,dc=test
cn: Joe Doe
objectClass: posixAccount
objectClass: top
gidNumber: 495400005
gecos: Joe Doe
homeDirectory: /home/jdoe
uid: jdoe
loginShell: /bin/ksh <====
uidNumber: 1001
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-2571.html |