Bug 1925410

Summary:	Cannot delete sudocmd with typo error e.g. "/usr/sbin/reboot."
Product:	Red Hat Enterprise Linux 8	Reporter:	Kai <wcheng>
Component:	ipa	Assignee:	Thomas Woerner <twoerner>
Status:	CLOSED ERRATA	QA Contact:	ipa-qe <ipa-qe>
Severity:	low	Docs Contact:
Priority:	unspecified
Version:	8.3	CC:	abokovoy, amore, antorres, ksiddiqu, rcritten, tscherf
Target Milestone:	rc	Keywords:	Triaged
Target Release:	8.0
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:	ipa-4.9.2-1	Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2021-05-18 15:48:53 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Kai 2021-02-05 07:06:35 UTC

Description of problem:
Cannot delete sudocmd with typo error e.g. "/usr/sbin/reboot."

Version-Release number of selected component (if applicable):
FreeIPA, version: 4.8.7

How reproducible:
Yes.

Steps to Reproduce:
1. Add sudocmd with . at the end
2. allow add the command with error 

Actual results:
[admin@idm ~]$ ipa sudocmd-find
----------------------
1 Sudo Command matched
----------------------
  Sudo Command: /usr/sbin/reboot.
----------------------------
Number of entries returned 1
----------------------------
[admin@idm ~]$ ipa sudocmd-del "/usr/sbin/reboot."
ipa: ERROR: /usr/sbin/reboot.: sudo command not found
[admin@idm ~]$ ipa sudocmd-del /usr/sbin/reboot.
ipa: ERROR: /usr/sbin/reboot.: sudo command not found


Expected results:
can delete the command or check the command valid before add.

Additional info:
NA

Comment 1 Alexander Bokovoy 2021-02-05 07:27:55 UTC

Please provide ldap server's logs from this time period to see what searches and delete operations were done

Comment 2 Kai 2021-02-05 07:50:03 UTC

Issue fixed by 

[admin@idm ~]$ ipa sudocmd-find --all
----------------------
1 Sudo Command matched
----------------------
  dn: ipaUniqueID=53f2e872-677d-11eb-92e1-566f86f60005,cn=sudocmds,cn=sudo,dc=lab,dc=example,dc=com
  Sudo Command: /usr/sbin/reboot.
  ipauniqueid: 53f2e872-677d-11eb-92e1-566f86f60005
  objectclass: ipaobject, ipasudocmd
----------------------------
Number of entries returned 1
----------------------------

[admin@idm ~]$ ipa sudocmd-del 53f2e872-677d-11eb-92e1-566f86f60005
ipa: ERROR: 53f2e872-677d-11eb-92e1-566f86f60005: sudo command not found
[admin@idm ~]$ ldapdelete ipaUniqueID=53f2e872-677d-11eb-92e1-566f86f60005,cn=sudocmds,cn=sudo,dc=lab,dc=example,dc=com
SASL/GSSAPI authentication started
SASL username: admin.COM
SASL SSF: 256
SASL data security layer installed.
[admin@idm ~]$

Comment 3 Kai 2021-02-05 07:57:08 UTC

ldap server logs

[Fri Feb 05 07:23:02.927530 2021] [wsgi:error] [pid 2958:tid 139892062689024] [remote 192.168.155.116:33706] ipa: INFO: [jsonserver_session] admin.COM: sudocmd_show('/usr/sbin/reboot.', rights=True, all=True, version='2.239'): NotFound
[Fri Feb 05 07:23:04.991087 2021] [:warn] [pid 2959:tid 139892000528128] [client 192.168.155.116:33706] failed to set perms (3140) on file (/run/ipa/ccaches/admin.COM)!, referer: https://idm.lab.example.com/ipa/ui/
[Fri Feb 05 07:23:05.006146 2021] [wsgi:error] [pid 2957:tid 139892062689024] [remote 192.168.155.116:33706] ipa: INFO: [jsonserver_session] admin.COM: sudocmd_show('/usr/sbin/reboot.', rights=True, all=True, version='2.239'): NotFound
[Fri Feb 05 07:23:05.822056 2021] [:warn] [pid 2959:tid 139892181227264] [client 192.168.155.116:33706] failed to set perms (3140) on file (/run/ipa/ccaches/admin.COM)!, referer: https://idm.lab.example.com/ipa/ui/
[Fri Feb 05 07:23:05.834932 2021] [wsgi:error] [pid 2958:tid 139892062689024] [remote 192.168.155.116:33706] ipa: INFO: [jsonserver_session] admin.COM: sudocmd_show('/usr/sbin/reboot.', rights=True, all=True, version='2.239'): NotFound
[Fri Feb 05 07:23:14.952644 2021] [:warn] [pid 2959:tid 139892164441856] [client 192.168.155.116:33706] failed to set perms (3140) on file (/run/ipa/ccaches/admin.COM)!, referer: https://idm.lab.example.com/ipa/ui/
[Fri Feb 05 07:23:14.969669 2021] [wsgi:error] [pid 2957:tid 139892062689024] [remote 192.168.155.116:33706] ipa: INFO: admin.COM: batch: sudocmd_del(('/usr/sbin/reboot.',)): NotFound
[Fri Feb 05 07:23:14.969857 2021] [wsgi:error] [pid 2957:tid 139892062689024] [remote 192.168.155.116:33706] ipa: INFO: [jsonserver_session] admin.COM: batch(sudocmd_del(('/usr/sbin/reboot.',))): SUCCESS
[Fri Feb 05 07:23:18.000554 2021] [:warn] [pid 2959:tid 139892042491648] [client 192.168.155.116:33706] failed to set perms (3140) on file (/run/ipa/ccaches/admin.COM)!, referer: https://idm.lab.example.com/ipa/ui/
[Fri Feb 05 07:23:18.014229 2021] [wsgi:error] [pid 2956:tid 139892062689024] [remote 192.168.155.116:33706] ipa: INFO: [jsonserver_session] admin.COM: sudocmd_find('', sizelimit=0, version='2.239', pkey_only=True): SUCCESS

Comment 4 Alexander Bokovoy 2021-02-05 09:08:12 UTC

These are'nt LDAP server logs. Please provide /var/log/dirsrv/slapd-LAB-EXAMPLE-COM/access.

Comment 5 Rob Crittenden 2021-02-05 14:10:56 UTC

This is very easily reproduced.

The trailing dot (.) is being dropped in the search:

[05/Feb/2021:09:09:14.884444050 -0500] conn=15 fd=86 slot=86 connection from 192.168.166.203 to 192.168.166.203
[05/Feb/2021:09:09:14.886028052 -0500] conn=15 op=0 BIND dn="" method=sasl version=3 mech=GSS-SPNEGO
[05/Feb/2021:09:09:14.887190798 -0500] conn=15 op=0 RESULT err=0 tag=97 nentries=0 wtime=0.000184237 optime=0.001166503 etime=0.001349591 dn="uid=admin,cn=users,cn=accounts,dc=example,dc=test"
[05/Feb/2021:09:09:14.888556329 -0500] conn=15 op=1 SRCH base="cn=ipaconfig,cn=etc,dc=example,dc=test" scope=0 filter="(objectClass=*)" attrs=ALL
[05/Feb/2021:09:09:14.889561130 -0500] conn=15 op=1 RESULT err=0 tag=101 nentries=1 wtime=0.000188926 optime=0.001016794 etime=0.001203256
[05/Feb/2021:09:09:14.890358017 -0500] conn=15 op=2 SRCH base="cn=sudocmds,cn=sudo,dc=example,dc=test" scope=2 filter="(&(sudoCmd=/usr/sbin/reboot)(&(objectClass=ipaobject)(objectClass=ipasudocmd)))" attrs=""
[05/Feb/2021:09:09:14.890702698 -0500] conn=15 op=2 RESULT err=0 tag=101 nentries=0 wtime=0.000080981 optime=0.000349339 etime=0.000427795 notes=U details="Partially Unindexed Filter"
[05/Feb/2021:09:09:14.891024076 -0500] conn=15 op=3 SRCH base="sudocmd=/usr/sbin/reboot,cn=sudocmds,cn=sudo,dc=example,dc=test" scope=0 filter="(objectClass=*)" attrs=""
[05/Feb/2021:09:09:14.891277957 -0500] conn=15 op=3 RESULT err=32 tag=101 nentries=0 wtime=0.000056069 optime=0.000259185 etime=0.000313009
[05/Feb/2021:09:09:14.891619315 -0500] conn=15 op=4 SRCH base="cn=sudocmds,cn=sudo,dc=example,dc=test" scope=2 filter="(&(sudoCmd=/usr/sbin/reboot)(&(objectClass=ipaobject)(objectClass=ipasudocmd)))" attrs=""
[05/Feb/2021:09:09:14.891787961 -0500] conn=15 op=4 RESULT err=0 tag=101 nentries=0 wtime=0.000065743 optime=0.000171372 etime=0.000235296 notes=U details="Partially Unindexed Filter"
[05/Feb/2021:09:09:14.892166866 -0500] conn=15 op=5 SRCH base="cn=sudorules,cn=sudo,dc=example,dc=test" scope=2 filter="(&(|(memberAllowCmd=sudocmd=/usr/sbin/reboot,cn=sudocmds,cn=sudo,dc=example,dc=test)(memberDenyCmd=sudocmd=/usr/sbin/reboot,cn=sudocmds,cn=sudo,dc=example,dc=test))(objectClass=ipasudorule))" attrs="cn"
[05/Feb/2021:09:09:14.892391531 -0500] conn=15 op=5 RESULT err=0 tag=101 nentries=0 wtime=0.000081034 optime=0.000230074 etime=0.000308701
[05/Feb/2021:09:09:14.892633046 -0500] conn=15 op=6 DEL dn="sudocmd=/usr/sbin/reboot,cn=sudocmds,cn=sudo,dc=example,dc=test"
[05/Feb/2021:09:09:14.892791914 -0500] conn=15 op=6 RESULT err=32 tag=107 nentries=0 wtime=0.000054298 optime=0.000163623 etime=0.000216045
[05/Feb/2021:09:09:14.896289348 -0500] conn=15 op=7 UNBIND
[05/Feb/2021:09:09:14.896310090 -0500] conn=15 op=7 fd=86 closed error - U1

I randomly tested a few other object types, hbacrule and sudorule, and it doesn't affect those so there may be some kind of normalization done to the sudo command.

Comment 6 Rob Crittenden 2021-02-05 14:17:27 UTC

get_dn() explicitly strips off trailing dots in a command and has since inception.

https://github.com/freeipa/freeipa/blob/master/ipaserver/plugins/sudocmd.py#L128

It only does it when constructing the DN subsequent to creation. It doesn't enforce this on the command during the ADD. (e.g. sudocmd-show /usr/sbin/reboot. also fails).

Comment 7 Kai 2021-02-08 00:53:43 UTC

/var/log/dirsrv/slapd-LAB-EXAMPLE-COM/access
...
[08/Feb/2021:00:49:44.063020645 +0000] conn=2520 op=9 RESULT err=0 tag=101 nentries=0 wtime=0.000084354 optime=0.000138813 etime=0.000220896 notes=P details="Paged Search pr_idx=0 pr_cookie=-1
[08/Feb/2021:00:49:44.063366969 +0000] conn=2520 op=8 RESULT err=0 tag=101 nentries=1 wtime=0.000203994 optime=0.000563097 etime=0.000765365
[08/Feb/2021:00:49:44.063393412 +0000] conn=2520 op=10 SRCH base="cn=sudo,dc=lab,dc=example,dc=com" scope=2 filter="(&(objectClass=ipasudorule)(ipaEnabledFlag=TRUE)(|(&(!(memberHost=*))(cn=defaults))(hostCategory=ALL)(memberHost=fqdn=fay-flatau.lab.example.com,cn=computers,cn=accounts,dc=lab,dc=example,dc=com))(entryusn>=2340))" attrs="objectClass cn ipaUniqueID ipaEnabledFlag ipaSudoOpt ipaSudoRunAs ipaSudoRunAsGroup memberAllowCmd memberDenyCmd memberHost memberUser sudoNotAfter sudoNotBefore sudoOrder cmdCategory hostCategory userCategory ipaSudoRunAsUserCategory ipaSudoRunAsGroupCategory ipaSudoRunAsExtUser ipaSudoRunAsExtGroup ipaSudoRunAsExtUserGroup externalUser entryusn"
[08/Feb/2021:00:49:44.063825042 +0000] conn=2520 op=10 RESULT err=0 tag=101 nentries=0 wtime=0.000121599 optime=0.000434984 etime=0.000554957 notes=P details="Paged Search pr_idx=0 pr_cookie=-1
[08/Feb/2021:00:49:44.104516507 +0000] conn=2520 op=11 SRCH base="cn=accounts,dc=lab,dc=example,dc=com" scope=2 filter="(&(objectClass=ipaHost)(fqdn=fay-flatau.lab.example.com))" attrs="cn objectClass"
[08/Feb/2021:00:49:44.105204642 +0000] conn=2520 op=11 RESULT err=0 tag=101 nentries=1 wtime=0.000103127 optime=0.000691324 etime=0.000792689 notes=P details="Paged Search pr_idx=0 pr_cookie=-1
[08/Feb/2021:00:49:44.105636504 +0000] conn=2520 op=12 SRCH base="cn=default,cn=views,cn=accounts,dc=lab,dc=example,dc=com" scope=0 filter="(objectClass=*)" attrs="ipaDomainResolutionOrder"
[08/Feb/2021:00:49:44.105828243 +0000] conn=2520 op=12 RESULT err=0 tag=101 nentries=0 wtime=0.000096865 optime=0.000195076 etime=0.000290283
[08/Feb/2021:00:49:44.127453967 +0000] conn=2520 op=13 SRCH base="cn=etc,dc=lab,dc=example,dc=com" scope=2 filter="(&(cn=ipaConfig)(objectClass=ipaGuiConfig))" attrs="ipaDomainResolutionOrder"
[08/Feb/2021:00:49:44.127848288 +0000] conn=2520 op=13 RESULT err=0 tag=101 nentries=1 wtime=0.000146283 optime=0.000399477 etime=0.000543367
[08/Feb/2021:00:49:58.071776556 +0000] conn=2521 fd=128 slot=128 connection from 192.168.40.10 to 192.168.40.10
[08/Feb/2021:00:49:58.073927028 +0000] conn=2521 op=0 BIND dn="" method=sasl version=3 mech=GSS-SPNEGO
[08/Feb/2021:00:49:58.075618527 +0000] conn=2521 op=0 RESULT err=0 tag=97 nentries=0 wtime=0.000201885 optime=0.001694666 etime=0.001895060 dn="uid=admin,cn=users,cn=accounts,dc=lab,dc=example,dc=com"
[08/Feb/2021:00:49:58.076848531 +0000] conn=2521 op=1 SRCH base="cn=ipaconfig,cn=etc,dc=lab,dc=example,dc=com" scope=0 filter="(objectClass=*)" attrs=ALL
[08/Feb/2021:00:49:58.077634253 +0000] conn=2521 op=1 RESULT err=0 tag=101 nentries=1 wtime=0.000115099 optime=0.000787881 etime=0.000901357
[08/Feb/2021:00:49:58.078604911 +0000] conn=2521 op=2 SRCH base="cn=sudocmds,cn=sudo,dc=lab,dc=example,dc=com" scope=2 filter="(&(sudoCmd=/usr/sbin/reboot)(&(objectClass=ipaobject)(objectClass=ipasudocmd)))" attrs=""
[08/Feb/2021:00:49:58.078863869 +0000] conn=2521 op=2 RESULT err=0 tag=101 nentries=0 wtime=0.000123841 optime=0.000261609 etime=0.000383761 notes=U details="Partially Unindexed Filter
[08/Feb/2021:00:49:58.079384703 +0000] conn=2521 op=3 SRCH base="sudocmd=/usr/sbin/reboot,cn=sudocmds,cn=sudo,dc=lab,dc=example,dc=com" scope=0 filter="(objectClass=*)" attrs=""
[08/Feb/2021:00:49:58.079539354 +0000] conn=2521 op=3 RESULT err=32 tag=101 nentries=0 wtime=0.000067875 optime=0.000157703 etime=0.000224017
[08/Feb/2021:00:49:58.079944208 +0000] conn=2521 op=4 SRCH base="cn=sudocmds,cn=sudo,dc=lab,dc=example,dc=com" scope=2 filter="(&(sudoCmd=/usr/sbin/reboot)(&(objectClass=ipaobject)(objectClass=ipasudocmd)))" attrs=""
[08/Feb/2021:00:49:58.080111868 +0000] conn=2521 op=4 RESULT err=0 tag=101 nentries=0 wtime=0.000064724 optime=0.000169694 etime=0.000232821 notes=U details="Partially Unindexed Filter
[08/Feb/2021:00:49:58.080543244 +0000] conn=2521 op=5 SRCH base="cn=sudorules,cn=sudo,dc=lab,dc=example,dc=com" scope=2 filter="(&(|(memberAllowCmd=sudocmd=/usr/sbin/reboot,cn=sudocmds,cn=sudo,dc=lab,dc=example,dc=com)(memberDenyCmd=sudocmd=/usr/sbin/reboot,cn=sudocmds,cn=sudo,dc=lab,dc=example,dc=com))(objectClass=ipasudorule))" attrs="cn"
[08/Feb/2021:00:49:58.080711746 +0000] conn=2521 op=5 RESULT err=0 tag=101 nentries=0 wtime=0.000073387 optime=0.000171119 etime=0.000243000
[08/Feb/2021:00:49:58.080991406 +0000] conn=2521 op=6 DEL dn="sudocmd=/usr/sbin/reboot,cn=sudocmds,cn=sudo,dc=lab,dc=example,dc=com"
[08/Feb/2021:00:49:58.081153753 +0000] conn=2521 op=6 RESULT err=32 tag=107 nentries=0 wtime=0.000051236 optime=0.000164438 etime=0.000214006
[08/Feb/2021:00:49:58.083799120 +0000] conn=2521 op=7 UNBIND
[08/Feb/2021:00:49:58.083816825 +0000] conn=2521 op=7 fd=128 closed - U1
[08/Feb/2021:00:49:59.964854959 +0000] conn=2522 fd=128 slot=128 connection from 192.168.40.10 to 192.168.40.10
[08/Feb/2021:00:49:59.966948104 +0000] conn=2522 op=0 BIND dn="" method=sasl version=3 mech=GSS-SPNEGO
[08/Feb/2021:00:49:59.968633425 +0000] conn=2522 op=0 RESULT err=0 tag=97 nentries=0 wtime=0.000203405 optime=0.001688704 etime=0.001890696 dn="uid=admin,cn=users,cn=accounts,dc=lab,dc=example,dc=com"
[08/Feb/2021:00:49:59.969938902 +0000] conn=2522 op=1 SRCH base="cn=ipaconfig,cn=etc,dc=lab,dc=example,dc=com" scope=0 filter="(objectClass=*)" attrs=ALL
[08/Feb/2021:00:49:59.970692671 +0000] conn=2522 op=1 RESULT err=0 tag=101 nentries=1 wtime=0.000089290 optime=0.000756359 etime=0.000843996
[08/Feb/2021:00:49:59.971554815 +0000] conn=2522 op=2 SRCH base="cn=sudocmds,cn=sudo,dc=lab,dc=example,dc=com" scope=1 filter="(&(objectClass=ipaobject)(objectClass=ipasudocmd))" attrs="sudoCmd"
[08/Feb/2021:00:49:59.971909403 +0000] conn=2522 op=2 RESULT err=0 tag=101 nentries=2 wtime=0.000086558 optime=0.000357074 etime=0.000442054
[08/Feb/2021:00:49:59.972963175 +0000] conn=2522 op=3 UNBIND
[08/Feb/2021:00:49:59.972977013 +0000] conn=2522 op=3 fd=128 closed - U1
[08/Feb/2021:00:49:59.981833448 +0000] conn=2523 fd=128 slot=128 connection from 192.168.40.10 to 192.168.40.10
[08/Feb/2021:00:49:59.983903930 +0000] conn=2523 op=0 BIND dn="" method=sasl version=3 mech=GSS-SPNEGO
[08/Feb/2021:00:49:59.985631401 +0000] conn=2523 op=0 RESULT err=0 tag=97 nentries=0 wtime=0.000187076 optime=0.001730480 etime=0.001916188 dn="uid=admin,cn=users,cn=accounts,dc=lab,dc=example,dc=com"
[08/Feb/2021:00:49:59.987110174 +0000] conn=2523 op=1 SRCH base="cn=ipaconfig,cn=etc,dc=lab,dc=example,dc=com" scope=0 filter="(objectClass=*)" attrs=ALL
[08/Feb/2021:00:49:59.987916012 +0000] conn=2523 op=1 RESULT err=0 tag=101 nentries=1 wtime=0.000082737 optime=0.000808148 etime=0.000889222
[08/Feb/2021:00:49:59.988835878 +0000] conn=2523 op=2 SRCH base="cn=sudocmds,cn=sudo,dc=lab,dc=example,dc=com" scope=2 filter="(&(sudoCmd=/bin/yum)(&(objectClass=ipaobject)(objectClass=ipasudocmd)))" attrs=""
[08/Feb/2021:00:49:59.989150984 +0000] conn=2523 op=2 RESULT err=0 tag=101 nentries=1 wtime=0.000094844 optime=0.000317215 etime=0.000410387 notes=U details="Partially Unindexed Filter
[08/Feb/2021:00:49:59.989518819 +0000] conn=2523 op=3 SRCH base="ipaUniqueID=5bc3a79c-678e-11eb-a5f6-566f86f60005,cn=sudocmds,cn=sudo,dc=lab,dc=example,dc=com" scope=0 filter="(objectClass=*)" attrs=""
[08/Feb/2021:00:49:59.989654674 +0000] conn=2523 op=3 RESULT err=0 tag=101 nentries=1 wtime=0.000052016 optime=0.000141769 etime=0.000192243
[08/Feb/2021:00:49:59.990124848 +0000] conn=2523 op=4 SRCH base="ipaUniqueID=5bc3a79c-678e-11eb-a5f6-566f86f60005,cn=sudocmds,cn=sudo,dc=lab,dc=example,dc=com" scope=0 filter="(objectClass=*)" attrs="sudoCmd description"
[08/Feb/2021:00:49:59.990260732 +0000] conn=2523 op=4 RESULT err=0 tag=101 nentries=1 wtime=0.000102797 optime=0.000138842 etime=0.000240012
[08/Feb/2021:00:49:59.991186668 +0000] conn=2523 op=5 SRCH base="cn=sudocmds,cn=sudo,dc=lab,dc=example,dc=com" scope=2 filter="(&(sudoCmd=/usr/sbin/reboot)(&(objectClass=ipaobject)(objectClass=ipasudocmd)))" attrs=""
[08/Feb/2021:00:49:59.991388110 +0000] conn=2523 op=5 RESULT err=0 tag=101 nentries=0 wtime=0.000064947 optime=0.000212785 etime=0.000276096 notes=U details="Partially Unindexed Filter
[08/Feb/2021:00:49:59.991827900 +0000] conn=2523 op=6 SRCH base="sudocmd=/usr/sbin/reboot,cn=sudocmds,cn=sudo,dc=lab,dc=example,dc=com" scope=0 filter="(objectClass=*)" attrs=""
[08/Feb/2021:00:49:59.991980355 +0000] conn=2523 op=6 RESULT err=32 tag=101 nentries=0 wtime=0.000076758 optime=0.000154939 etime=0.000230154
[08/Feb/2021:00:49:59.992434218 +0000] conn=2523 op=7 SRCH base="cn=sudocmds,cn=sudo,dc=lab,dc=example,dc=com" scope=2 filter="(&(sudoCmd=/usr/sbin/reboot)(&(objectClass=ipaobject)(objectClass=ipasudocmd)))" attrs=""
[08/Feb/2021:00:49:59.992602136 +0000] conn=2523 op=7 RESULT err=0 tag=101 nentries=0 wtime=0.000064359 optime=0.000170023 etime=0.000232744 notes=U details="Partially Unindexed Filter
[08/Feb/2021:00:49:59.992959454 +0000] conn=2523 op=8 SRCH base="sudocmd=/usr/sbin/reboot,cn=sudocmds,cn=sudo,dc=lab,dc=example,dc=com" scope=0 filter="(objectClass=*)" attrs="sudoCmd description"
[08/Feb/2021:00:49:59.993108210 +0000] conn=2523 op=8 RESULT err=32 tag=101 nentries=0 wtime=0.000058100 optime=0.000151263 etime=0.000207861
[08/Feb/2021:00:49:59.993877955 +0000] conn=2523 op=9 UNBIND
[08/Feb/2021:00:49:59.993892808 +0000] conn=2523 op=9 fd=128 closed - U1

Comment 8 Rob Crittenden 2021-02-12 19:25:47 UTC

https://github.com/freeipa/freeipa/pull/5538

Comment 9 Alexander Bokovoy 2021-02-15 08:00:17 UTC

Fixed upstream
master:
https://pagure.io/freeipa/c/d6c5a9260940c4e132469439a7155e62553c72b7
https://pagure.io/freeipa/c/89135830cc95e3fefb5106d4680631f782dc7baf

Comment 10 Alexander Bokovoy 2021-02-15 11:53:44 UTC

Fixed upstream
ipa-4-9:
https://pagure.io/freeipa/c/602a4fa321560c69407d1c6d0a04f190a5350038
https://pagure.io/freeipa/c/029daa5ffad5ee5f7be9c3661d88c98fe20398cb

Comment 11 anuja 2021-02-17 13:59:11 UTC

Pre-verified using :
compose: rhel-8.4.0-mbs/9973-1386-idm/

2021-02-17T12:50:17+0000 ok: [master.testrelm.test] => (item=ipa-server) => 
2021-02-17T12:50:17+0000   msg:
2021-02-17T12:50:17+0000   - arch: x86_64
2021-02-17T12:50:17+0000     epoch: null
2021-02-17T12:50:17+0000     name: ipa-server
2021-02-17T12:50:17+0000     release: 1.module+el8.4.0+9973+3d202164
2021-02-17T12:50:17+0000     source: rpm
2021-02-17T12:50:17+0000     version: 4.9.2

Test logs:
============================= test session starts ==============================
platform linux -- Python 3.6.8, pytest-3.10.1, py-1.10.0, pluggy-0.13.1 -- /usr/libexec/platform-python
cachedir: /home/cloud-user/.pytest_cache
metadata: {'Python': '3.6.8', 'Platform': 'Linux-4.18.0-280.el8.x86_64-x86_64-with-redhat-8.4-Ootpa', 'Packages': {'pytest': '3.10.1', 'py': '1.10.0', 'pluggy': '0.13.1'}, 'Plugins': {'metadata': '1.11.0', 'html': '1.22.1', 'multihost': '3.0', 'sourceorder': '0.5'}}
rootdir: /usr/lib/python3.6/site-packages/ipatests, inifile:
plugins: metadata-1.11.0, html-1.22.1, multihost-3.0, sourceorder-0.5
collecting ... collected 79 items

test_integration/test_sudo.py::TestSudo::test_admins_group_does_not_have_sudo_permission PASSED [  1%]
test_integration/test_sudo.py::TestSudo::test_advise_script_enable_sudo_admins PASSED [  2%]
test_integration/test_sudo.py::TestSudo::test_nisdomainname PASSED       [  3%]
test_integration/test_sudo.py::TestSudo::test_add_sudo_commands PASSED   [  5%]
test_integration/test_sudo.py::TestSudo::test_add_sudo_command_groups PASSED [  6%]
test_integration/test_sudo.py::TestSudo::test_create_allow_all_rule PASSED [  7%]
test_integration/test_sudo.py::TestSudo::test_add_sudo_rule PASSED       [  8%]
...
...
test_integration/test_sudo.py::TestSudo::test_category_all_validation_command_allow_group PASSED [ 92%]
test_integration/test_sudo.py::TestSudo::test_category_all_validation_command_deny PASSED [ 93%]
test_integration/test_sudo.py::TestSudo::test_category_all_validation_command_deny_group PASSED [ 94%]
test_integration/test_sudo.py::TestSudo::test_category_all_validation_runasuser PASSED [ 96%]
test_integration/test_sudo.py::TestSudo::test_category_all_validation_runasuser_group PASSED [ 97%]
test_integration/test_sudo.py::TestSudo::test_category_all_validation_runasgroup PASSED [ 98%]
test_integration/test_sudo.py::TestSudo::test_domain_resolution_order PASSED [100%]

---------------- generated xml file: /home/cloud-user/junit.xml ----------------
----------- generated html file: file:///home/cloud-user/report.html -----------
========================= 79 passed in 1010.14 seconds =========================


Test is passing:
test_integration/test_sudo.py::TestSudo::test_add_sudo_commands PASSED   [  5%]

Comment 14 anuja 2021-02-19 10:51:27 UTC

Verified using nightly compose:
ipa-server-4.9.2-1.module+el8.4.0+9973+3d202164.x86_64

============================= test session starts ==============================
platform linux -- Python 3.6.8, pytest-3.10.1, py-1.10.0, pluggy-0.13.1 -- /usr/libexec/platform-python
cachedir: /home/cloud-user/.pytest_cache
metadata: {'Python': '3.6.8', 'Platform': 'Linux-4.18.0-287.el8.x86_64-x86_64-with-redhat-8.4-Ootpa', 'Packages': {'pytest': '3.10.1', 'py': '1.10.0', 'pluggy': '0.13.1'}, 'Plugins': {'metadata': '1.11.0', 'html': '1.22.1', 'multihost': '3.0', 'sourceorder': '0.5'}}
rootdir: /usr/lib/python3.6/site-packages/ipatests, inifile:
plugins: metadata-1.11.0, html-1.22.1, multihost-3.0, sourceorder-0.5
collecting ... collected 79 items

test_integration/test_sudo.py::TestSudo::test_admins_group_does_not_have_sudo_permission PASSED [  1%]
test_integration/test_sudo.py::TestSudo::test_advise_script_enable_sudo_admins PASSED [  2%]
test_integration/test_sudo.py::TestSudo::test_nisdomainname PASSED       [  3%]
test_integration/test_sudo.py::TestSudo::test_add_sudo_commands PASSED   [  5%]
...
...
test_integration/test_sudo.py::TestSudo::test_category_all_validation_command_allow_group PASSED [ 92%]
test_integration/test_sudo.py::TestSudo::test_category_all_validation_command_deny PASSED [ 93%]
test_integration/test_sudo.py::TestSudo::test_category_all_validation_command_deny_group PASSED [ 94%]
test_integration/test_sudo.py::TestSudo::test_category_all_validation_runasuser PASSED [ 96%]
test_integration/test_sudo.py::TestSudo::test_category_all_validation_runasuser_group PASSED [ 97%]
test_integration/test_sudo.py::TestSudo::test_category_all_validation_runasgroup PASSED [ 98%]
test_integration/test_sudo.py::TestSudo::test_domain_resolution_order PASSED [100%]

---------------- generated xml file: /home/cloud-user/junit.xml ----------------
----------- generated html file: file:///home/cloud-user/report.html -----------
========================= 79 passed in 1055.98 seconds =========================

Test is passing:
test_integration/test_sudo.py::TestSudo::test_add_sudo_commands PASSED   [  5%]

Comment 16 errata-xmlrpc 2021-05-18 15:48:53 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:1846