Bug 499299

Summary: ipa group-add-member doesn't seem to be finding groups and users
Product: [Retired] freeIPA Reporter: Michael Gregg <mgregg>
Component: ipa-admintoolsAssignee: Rob Crittenden <rcritten>
Status: CLOSED NOTABUG QA Contact: Chandrasekar Kannan <ckannan>
Severity: medium Docs Contact:
Priority: low    
Version: unspecifiedCC: benl, dpal
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-05-06 19:55:13 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Michael Gregg 2009-05-06 01:11:42 UTC 
Description of problem:
I may be using this utility wrong, and I know that the documentation isn't ready for this tool yet, but whenever I try to add one group to the member of another group, group-add-member reports "entry not found"

Version-Release number of selected component (if applicable):
ipa-server-2.0-2.20090505.el5ipa

How reproducible:
always

Steps to Reproduce:
1. create group1
2. create group2
3. add group1 as a member of group2
  
Actual results:
ipa group-add-member --groups=group1 group2
ipa: ERROR: entry not found

Expected results:


Additional info:
I've also tried:
ipa group-add-member --groups=group2 cn=group1,cn=groups,cn=accounts,dc=dsdev,dc=sjc,dc=redhat,dc=com

and:
ipa group-add-member --groups=cn=group1,cn=groups,cn=accounts,dc=dsdev,dc=sjc,dc=redhat,dc=com group2
Comment 1 Rob Crittenden 2009-05-06 01:53:23 UTC 
I can't duplicate this. Can you re-run the group-add-member with the first (simpler) format then attach the last 100 lines of so of /var/log/httpd/error_log to the bug?
Comment 2 Michael Gregg 2009-05-06 17:33:13 UTC 
[root@iparhel5-vma ~]# ipa group-add-member --groups=group1 group2
ipa: ERROR: entry not found

I know it's not 100 lines, but this what gets generated in the error_log.
/var/log/httpd/error_log:
ipa: INFO: Created connection context.ldap
ipa: DEBUG: raw: group_add_member(u'group2', groups=(u'group1',))
ipa: INFO: group_add_member(u'group2', groups=(u'group1',))
ipa: INFO: Destroyed connection context.ldap
ipa: INFO: response: NotFound: entry not found
Comment 3 Rob Crittenden 2009-05-06 17:57:09 UTC 
The plot thickens...

Ok, need some LDAP logs then. Can you do this:

ipa group-show group1
ipa group-show group2
ipa group-add-member --groups=group1 group2

And attach the LDAP access log for that period?
Comment 4 Michael Gregg 2009-05-06 19:55:13 UTC 
The problem ended up being that I had a QA daemon that was running and removing group2. 

That's why the command was reporting "entry not found" when I would try to add group1 to group2.