Bug 1891505

Summary: ipa-healthcheck returns msg": "{sssctl} {key} reports mismatch: sssd domains {sssd_domains} trust domains {trust_domains}"
Product: Red Hat Enterprise Linux 8 Reporter: Akshay Sakure <asakure>
Component: ipa-healthcheckAssignee: Rob Crittenden <rcritten>
Status: CLOSED ERRATA QA Contact: ipa-qe <ipa-qe>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 8.2CC: abokovoy, fcami, ksiddiqu, micmurph, ndehadra, rcritten, ssidhaye, sumenon
Target Milestone: rc   
Target Release: 8.0   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: ipa-healthcheck-0.7-2.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-05-18 15:48:22 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Akshay Sakure 2020-10-26 13:40:08 UTC
- Description of problem:
'ipa-healthcheck --failures-only' returns msg": "{sssctl} {key} reports mismatch: sssd domains {sssd_domains} trust domains {trust_domains}"

- Version-Release number of selected component (if applicable):
ipa-server-4.8.4-7.module+el8.2.0+6046+aaa49f96.x86_64
ipa-healthcheck-0.4-4.module+el8.2.0+5489+95477d9f.noarch

- How reproducible:
Always

- Steps to Reproduce:
1. Setup IPA-AD trust.
2. Run 'ipa-healthcheck --failures-only' on IPA node.
3. And check for errors.

Actual results:
ipa-healthcheck --failures-only shows an error for SSSD config though configuration is fine:
---
# ipa-healthcheck --failures-only | less
.
  {
    "source": "ipahealthcheck.ipa.trust",
    "check": "IPATrustDomainsCheck",
    "result": "ERROR",
    "uuid": "c3bb87ca-b025-466d-af13-9880b28d1384",
    "when": "20200901205038Z",
    "duration": "0.199490",
    "kw": {
      "key": "domain-list",
      "sssctl": "/usr/sbin/sssctl",
      "sssd_domains": "ipadomain.com", 
      "trust_domains": "",   <----- Empty value
      "msg": "{sssctl} {key} reports mismatch: sssd domains {sssd_domains} trust domains {trust_domains}"  <------ 
    }
.
---
"{sssctl} {key} reports mismatch: sssd domains {sssd_domains} trust domains {trust_domains}"

- Expected results:
ipa-healthcheck --failures-only should show correct information.

- Additional info:
This is a bug as it considers trusted domains only those domains that have trust type ‘Active Directory Domain’.

Comment 1 Rob Crittenden 2020-10-26 13:59:52 UTC
What is the output of sssctl domain-list and ipa trust-find?

Comment 8 Rob Crittenden 2020-10-30 13:56:14 UTC
Upstream PR https://github.com/freeipa/freeipa-healthcheck/pull/156

Comment 24 Mike Murphy 2021-04-20 19:09:53 UTC
Checking in to see what projected version and if there is a fix being applied currently. Thanks.

Comment 26 errata-xmlrpc 2021-05-18 15:48:22 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:1846