Bug 1284414
| Summary: | ipa-otptoken-import fails on nonexistent ldap connection | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Jan Cholasta <jcholast> | |
| Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> | |
| Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> | |
| Severity: | urgent | Docs Contact: | ||
| Priority: | urgent | |||
| Version: | 7.2 | CC: | ekeck, jkurik, ksiddiqu, mkosek, mvarun, rcritten | |
| Target Milestone: | rc | Keywords: | Regression, ZStream | |
| Target Release: | --- | |||
| Hardware: | All | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | ipa-4.2.0-16.el7 | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1284813 (view as bug list) | Environment: | ||
| Last Closed: | 2016-11-04 05:41:23 UTC | Type: | --- | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1284813 | |||
|
Description
Jan Cholasta
2015-11-23 09:58:41 UTC
This is a regression in RHEL 7.2. High severity - functionality is not working any more. Fixed upstream master: https://fedorahosted.org/freeipa/changeset/2ef1eb0ae75270d37dcbb106e431a98eb02f0993 ipa-4-2: https://fedorahosted.org/freeipa/changeset/8d59f7752c2539378d4383871f13a17b048edcc6 Verified
[root@master ~]# rpm -qa ipa-server
ipa-server-4.4.0-3.el7.x86_64
[root@master ~]# ipa otptoken-find --all
--------------------
0 OTP tokens matched
--------------------
----------------------------
Number of entries returned 0
----------------------------
[root@master ~]# cat pskc1.xml
<?xml version="1.0" encoding="UTF-8"?>
<KeyContainer Version="1.0"
Id="exampleID1"
xmlns="urn:ietf:params:xml:ns:keyprov:pskc">
<KeyPackage>
<DeviceInfo>
<Manufacturer>Manufacturer</Manufacturer>
<SerialNo>987654321</SerialNo>
<UserId>DC=example-bank,DC=net</UserId>
</DeviceInfo>
<CryptoModuleInfo>
<Id>CM_ID_001</Id>
</CryptoModuleInfo>
<Key Id="12345678"
Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:hotp">
<Issuer>Issuer</Issuer>
<AlgorithmParameters>
<ResponseFormat Length="8" Encoding="DECIMAL"/>
</AlgorithmParameters>
<Data>
<Secret>
<PlainValue>MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=
</PlainValue>
</Secret>
<Counter>
<PlainValue>0</PlainValue>
</Counter>
</Data>
<UserId>UID=jsmith,DC=example-bank,DC=net</UserId>
</Key>
</KeyPackage>
</KeyContainer>
[root@master ~]# ipa-otptoken-import pskc1.xml output.xml
Added token: 12345678
The ipa-otptoken-import command was successful
[root@master ~]# ipa otptoken-find --all
-------------------
1 OTP token matched
-------------------
dn: ipatokenuniqueid=12345678,cn=otp,dc=testrelm,dc=test
Unique ID: 12345678
Type: HOTP
Owner: admin
Manager: admin
Vendor: Manufacturer
Serial: 987654321
Key: MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=
Algorithm: sha1
Digits: 8
Counter: 0
objectclass: ipatokenhotp, top, ipatoken
----------------------------
Number of entries returned 1
----------------------------
[root@master ~]# cat output.xml
<KeyContainer xmlns="urn:ietf:params:xml:ns:keyprov:pskc" Version="1.0" Id="exampleID1">
</KeyContainer>
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2404.html |