Bug 1284414
Summary: | ipa-otptoken-import fails on nonexistent ldap connection | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Jan Cholasta <jcholast> | |
Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> | |
Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> | |
Severity: | urgent | Docs Contact: | ||
Priority: | urgent | |||
Version: | 7.2 | CC: | ekeck, jkurik, ksiddiqu, mkosek, mvarun, rcritten | |
Target Milestone: | rc | Keywords: | Regression, ZStream | |
Target Release: | --- | |||
Hardware: | All | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | ipa-4.2.0-16.el7 | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1284813 (view as bug list) | Environment: | ||
Last Closed: | 2016-11-04 05:41:23 UTC | Type: | --- | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1284813 |
Description
Jan Cholasta
2015-11-23 09:58:41 UTC
This is a regression in RHEL 7.2. High severity - functionality is not working any more. Fixed upstream master: https://fedorahosted.org/freeipa/changeset/2ef1eb0ae75270d37dcbb106e431a98eb02f0993 ipa-4-2: https://fedorahosted.org/freeipa/changeset/8d59f7752c2539378d4383871f13a17b048edcc6 Verified [root@master ~]# rpm -qa ipa-server ipa-server-4.4.0-3.el7.x86_64 [root@master ~]# ipa otptoken-find --all -------------------- 0 OTP tokens matched -------------------- ---------------------------- Number of entries returned 0 ---------------------------- [root@master ~]# cat pskc1.xml <?xml version="1.0" encoding="UTF-8"?> <KeyContainer Version="1.0" Id="exampleID1" xmlns="urn:ietf:params:xml:ns:keyprov:pskc"> <KeyPackage> <DeviceInfo> <Manufacturer>Manufacturer</Manufacturer> <SerialNo>987654321</SerialNo> <UserId>DC=example-bank,DC=net</UserId> </DeviceInfo> <CryptoModuleInfo> <Id>CM_ID_001</Id> </CryptoModuleInfo> <Key Id="12345678" Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:hotp"> <Issuer>Issuer</Issuer> <AlgorithmParameters> <ResponseFormat Length="8" Encoding="DECIMAL"/> </AlgorithmParameters> <Data> <Secret> <PlainValue>MTIzNDU2Nzg5MDEyMzQ1Njc4OTA= </PlainValue> </Secret> <Counter> <PlainValue>0</PlainValue> </Counter> </Data> <UserId>UID=jsmith,DC=example-bank,DC=net</UserId> </Key> </KeyPackage> </KeyContainer> [root@master ~]# ipa-otptoken-import pskc1.xml output.xml Added token: 12345678 The ipa-otptoken-import command was successful [root@master ~]# ipa otptoken-find --all ------------------- 1 OTP token matched ------------------- dn: ipatokenuniqueid=12345678,cn=otp,dc=testrelm,dc=test Unique ID: 12345678 Type: HOTP Owner: admin Manager: admin Vendor: Manufacturer Serial: 987654321 Key: MTIzNDU2Nzg5MDEyMzQ1Njc4OTA= Algorithm: sha1 Digits: 8 Counter: 0 objectclass: ipatokenhotp, top, ipatoken ---------------------------- Number of entries returned 1 ---------------------------- [root@master ~]# cat output.xml <KeyContainer xmlns="urn:ietf:params:xml:ns:keyprov:pskc" Version="1.0" Id="exampleID1"> </KeyContainer> Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2404.html |