Bug 1745108

Summary: Bug 1497334 invalidating single-label domains introduces regression of usage for customers
Product: Red Hat Enterprise Linux 7 Reporter: Josip Vilicic <jvilicic>
Component: ipaAssignee: Florence Blanc-Renaud <frenaud>
Status: CLOSED ERRATA QA Contact: ipa-qe <ipa-qe>
Severity: high Docs Contact:
Priority: high    
Version: 7.7CC: afarley, fcami, frenaud, myusuf, pasik, pasteur, paul.holman, pcech, pkulkarn, rcritten, ssidhaye, tscherf
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: ipa-4.6.6-5.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-03-31 19:55:52 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Comment 3 Rob Crittenden 2019-08-26 15:02:34 UTC
FWIW it seems that the single label isn't checked if the server is auto-discovered. I did a quickie server install using EXAMPLE as the realm and example as the domain by disabling the check. I then was able to enroll a client against it using auto-discovery. Manually providing domain and realm options fails with the single label error.

Comment 9 François Cami 2019-09-02 14:16:57 UTC
Upstream ticket:
https://pagure.io/freeipa/issue/8058

Comment 10 Rob Crittenden 2019-09-06 14:47:34 UTC
Fixed upstream
ipa-4-6:
https://pagure.io/freeipa/c/8ae6c1af1e6ef25fdfbbf7e72265372366e6b106

Comment 14 Paul Holman 2019-09-23 09:03:44 UTC
Can we have an ETA on the fix for this being released please?

Comment 17 Mohammad Rizwan 2019-10-07 17:03:53 UTC
package version:

rhel-6.10 : ipa-server-3.0.0-51.el6.x86_64
rhel-7.8 :  ipa-server-4.6.6-5.el7.x86_64

Based on comment#15 and comment#16, marking the bug as verified.

Comment 19 Tru Huynh 2019-11-26 14:39:45 UTC
is there a way to have this roll back into 7.7 ?

Comment 20 Florence Blanc-Renaud 2019-11-28 08:52:48 UTC
Hi,
This issue has been fixed in RHEL 7.8 beta that is already available for download.

To request a backport to RHEL 7.7, please contact your support channel and provide additional business and/or technical details about its importance to you.

Comment 21 Tru Huynh 2019-11-28 09:25:46 UTC
I have been using a single label domain in an isolated HPC setup (freeipa+warewulf/diskfull and diskless/centos7) since 7.3. Most of our nodes have been installed and enrolled into freeipa managed with a single label domain. I have just be bitten by this regression(?)  when adding a clean new desktop machine from 7.7. Of course, one can workaround it by downgrading the *ipa* packages to the 7.6 point release, enroll and upgrade... If the patch is not too invasive, I would like to have it backport (or just state wont-fix|wait for 7.8 at https://access.redhat.com/solutions/4369521).

Comment 22 Florence Blanc-Renaud 2019-12-05 18:46:54 UTC
The https://access.redhat.com/solutions/4369521 note has been updated to mention that the fix will be delivered in RHEL 7.8 but not backported.

Comment 24 errata-xmlrpc 2020-03-31 19:55:52 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:1083