Bug 1351142
Summary: | CLI is not using session cookies for communication with IPA API | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Petr Vobornik <pvoborni> |
Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> |
Status: | CLOSED ERRATA | QA Contact: | Kaleem <ksiddiqu> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.3 | CC: | ipa-maint, mbabinsk, pspacek, pvoborni, rcritten, xdong |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ipa-4.4.0-4.el7 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-11-04 05:55:47 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Petr Vobornik
2016-06-29 10:50:39 UTC
Please provide steps to verify this. Fixed upstream master: https://fedorahosted.org/freeipa/changeset/bc7eb99a2959980c1abf31f77610cec2f098744b ipa-4-3: https://fedorahosted.org/freeipa/changeset/268d835556e677c80501349fc96a531ccd63f3f6 (In reply to Petr Vobornik from comment #0) > Every time I run IPA CLI in debug mode it displays `ipa: DEBUG: failed to > find session_cookie in persistent storage for principal > 'admin.IDM.LAB.ENG.BRQ.REDHAT.COM`. Kaleem, just run ipa command with -vvv option and check that the message is not present anymore. Verified on ipa-server-4.4.0-9.el7: [root@auto-hv-01-guest02 ~]# ipa -vvv user-find admin ipa: INFO: trying https://auto-hv-01-guest02.testrelm.test/ipa/json ipa: INFO: Forwarding 'user_find/1' to json server 'https://auto-hv-01-guest02.testrelm.test/ipa/json' ipa: INFO: Request: { "id": 0, "method": "user_find/1", "params": [ [ "admin" ], { "version": "2.212" } ] } send: u'POST /ipa/json HTTP/1.1\r\nHost: auto-hv-01-guest02.testrelm.test\r\nAccept-Encoding: gzip\r\nAccept-Language: en-us\r\nReferer: https://auto-hv-01-guest02.testrelm.test/ipa/xml\r\nAuthorization: negotiate YIICbgYJKoZIhvcSAQICAQBuggJdMIICWaADAgEFoQMCAQ6iBwMFACAAAACjggFuYYIBajCCAWagAwIBBaEPGw1URVNUUkVMTS5URVNUojMwMaADAgEDoSowKBsESFRUUBsgYXV0by1odi0wMS1ndWVzdDAyLnRlc3RyZWxtLnRlc3SjggEXMIIBE6ADAgESoQMCAQKiggEFBIIBAV8aLLfjz/gJb2hj6Rvd10gxSDT7DgMqHbYv/k3pmDJF4w9X6s1knWwb6rYSf0LNGQJf3FkfvmkyMbqOQlbqSDcbsTJDGTEV9aioNE0lopQ+LZ0Fj0F5siRPkoN8167AavNP0b90pCC8eUd3dWfO7zZ44X9Xb4Sgyvog0kbVX/Rj4w+9hBappGUjwQWtDrki2mYgw96yvxYL/9lBmffwuOeclKkSRSaK6e9ExlATMUtXm3tGxZvwPpuDGP0n1tVPIbgJed8nhzTDPb5/Qe7iydD/su8d1hrhKGD40UKE/GWTOS5XRDxdG2lXVYwmr1AwTiID/q2/cjYvQ0wgWWJ3JMP6pIHRMIHOoAMCARKigcYEgcOEJHbidW4xHOMnkFDOSV7mWMEW1mfahCo8ZZ1Q/W8w7aXpH5PNiyLinHwXBLzcxwFnOVr39vCEViGmgsU9n5h1TmoUwyAR/5+7Us6hbAzVhWR4UwVf+PfId2ttnn43hsGGRrpiPLKJcSUdJk1R7SbPiHwVZKD7+a6uaplfYwPiPfVuuSk1IaeYHptGtP90HyvgHPwgO+1/WZYDNZHJlX1YLJLGyElr8Nfl8ovrVuYNbvZCc4bOXO2wWQmTqqla8Phcz2M=\r\nUser-Agent: xmlrpclib.py/1.0.1 (by www.pythonware.com)\r\nContent-Type: application/json\r\nContent-Length: 79\r\n\r\n{"params": [["admin"], {"version": "2.212"}], "method": "user_find/1", "id": 0}' reply: 'HTTP/1.1 200 Success\r\n' header: Date: Sun, 18 Sep 2016 13:05:03 GMT header: Server: Apache/2.4.6 (Red Hat Enterprise Linux) mod_auth_gssapi/1.4.0 mod_nss/1.0.14 NSS/3.21 Basic ECC mod_wsgi/3.4 Python/2.7.5 header: Set-Cookie: ipa_session=c5bb38fe6dcd3d5538b90e30c8f970ff; Domain=auto-hv-01-guest02.testrelm.test; Path=/ipa; Expires=Sun, 18 Sep 2016 13:25:03 GMT; Secure; HttpOnly header: WWW-Authenticate: Negotiate YIGZBgkqhkiG9xIBAgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKicQRvI16cbGmMuC0sQOhZ96LSMxXmJMEb04/SQrMPMraDzSAD+JhBnSyCO2knCECAWssWbASkU9R5+nmp/2cyRxIPtRr7HfORWJ2h0HiH6iegIyaEieGnN6nn06VcLy7EcLnNK7gD0RgT1fRv3YroLVRB header: X-Frame-Options: DENY header: Content-Security-Policy: frame-ancestors 'none' header: Vary: Accept-Encoding header: Content-Encoding: gzip header: Content-Length: 329 header: Content-Type: application/json; charset=utf-8 body: '{\n "error": null, \n "id": 0, \n "principal": "tuser2", \n "result": {\n "count": 1, \n "result": [\n {\n "dn": "uid=admin,cn=users,cn=accounts,dc=testrelm,dc=test", \n "gidnumber": [\n "1224200000"\n ], \n "homedirectory": [\n "/home/admin"\n ], \n "krbprincipalname": [\n "admin"\n ], \n "loginshell": [\n "/bin/bash"\n ], \n "nsaccountlock": false, \n "sn": [\n "Administrator"\n ], \n "uid": [\n "admin"\n ], \n "uidnumber": [\n "1224200000"\n ]\n }\n ], \n "summary": "1 user matched", \n "truncated": false\n }, \n "version": "4.4.0"\n}' ipa: INFO: Response: { "error": null, "id": 0, "principal": "tuser2", "result": { "count": 1, "result": [ { "dn": "uid=admin,cn=users,cn=accounts,dc=testrelm,dc=test", "gidnumber": [ "1224200000" ], "homedirectory": [ "/home/admin" ], "krbprincipalname": [ "admin" ], "loginshell": [ "/bin/bash" ], "nsaccountlock": false, "sn": [ "Administrator" ], "uid": [ "admin" ], "uidnumber": [ "1224200000" ] } ], "summary": "1 user matched", "truncated": false }, "version": "4.4.0" } -------------- 1 user matched -------------- User login: admin Last name: Administrator Home directory: /home/admin Login shell: /bin/bash Principal alias: admin UID: 1224200000 GID: 1224200000 Account disabled: False ---------------------------- Number of entries returned 1 ---------------------------- Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2404.html |