Bug 1379362

Summary: Attribute Encryption not allow to add new user
Product: Red Hat Directory Server Reporter: Kamlesh <kchaudha>
Component: Directory ConsoleAssignee: Noriko Hosoi <nhosoi>
Status: CLOSED WORKSFORME QA Contact: Viktor Ashirov <vashirov>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 10.0CC: kbanerje, nhosoi
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-09-27 14:32:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Kamlesh 2016-09-26 13:12:30 UTC 
Description of problem:
If we add the encryption on any attribute using console. and then after we are not able to add the user.

Version-Release number of selected component (if applicable):
389-ds-console-1.2.13-1.el7dsrv.noarch
idm-console-framework-1.1.16-2.el7dsrv.noarch
redhat-admin-console-doc-10.1.0-2.el7dsrv.noarch
389-admin-1.1.44-1.el7dsrv.x86_64
389-ds-base-1.3.5.10-11.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1. Set the any encryption on attribute
2. Add the user give it give error

entry in error log 

[26/Sep/2016:16:56:34.137556931 +051800] Error: attrcrypt_crypto_op_values failed in attrcrypt_encrypt_entry
[26/Sep/2016:16:56:34.258525318 +051800] attrcrypt_encrypt_entry failed in id2entry_add


Actual results:
give an error box  save error "Can not save to directory server  netscape.ldap.LDAPException error result (1)"
Comment 1 Noriko Hosoi 2016-09-26 15:48:28 UTC 
Please give us more detailed steps.

How did you configured the server cert?  

# certutil -L -d /etc/dirsrv/slapd-INSTANCE

Please share the security related config entries in dse.ldif.

And is the cert successfully used, e.g., over an SSL connection?

You filed this bug against Console.  Does that mean, if you set up the attribute encryption with, e.g., command line, it works fine?

Thanks.
Comment 2 Kamlesh 2016-09-27 14:32:41 UTC 
Hi Noriko,
While reproducing this issue on clean environment; it working fine 
so. might be the issue occur due to any other configuration while testing. 
so closing this bug.