Bug 670941

Summary:	ipa permission-find returns error
Product:	[Retired] freeIPA	Reporter:	Yi Zhang <yzhang>
Component:	ipa-server	Assignee:	Rob Crittenden <rcritten>
Status:	CLOSED ERRATA	QA Contact:	Chandrasekar Kannan <ckannan>
Severity:	medium	Docs Contact:
Priority:	low
Version:	2.0	CC:	benl, dpal, jgalipea, mkosek
Target Milestone:	---
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:	freeipa-2.0.0-1.fc15	Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2012-03-28 09:41:12 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:

Description Yi Zhang 2011-01-19 17:47:03 UTC

Description of problem:
after kinit as 'admin'
ipa permission-find 
should return all permission but we get "ipa: ERROR: no such entry" instead

Version-Release number of selected component (if applicable):ipa-server-2.0-0.2011011115gitc778919.fc14.i686


How reproducible: always


Steps to Reproduce:
[yi@dhcp-137 ipa-delegation]$ ipa permission-add --desc testonly --permissions=read,delete,all --type=user testPermission
---------------------------------
Added permission "testpermission"
---------------------------------
  Permission name: testpermission
  Description: testonly
  Permissions: read, delete, all
  Type: user
[yi@dhcp-137 ipa-delegation]$ ipa permission-find
ipa: ERROR: no such entry
[yi@dhcp-137 ipa-delegation]$ ipa permission-find --permissions=read
ipa: ERROR: no such entry
[yi@dhcp-137 ipa-delegation]$ ipa permission-find --permissions=read,delete,all
ipa: ERROR: no such entry
[yi@dhcp-137 ipa-delegation]$ ipa permission-find testPermission
--------------------
1 permission matched
--------------------
  Permission name: testpermission
  Description: testonly
  Permissions: read, delete, all
  Type: user
----------------------------
Number of entries returned 1

  

Additional info: <email>:
yi zhang wrote:
> On 01/18/2011 03:06 PM, Rob Crittenden wrote:
>> yi zhang wrote:
>>> Another question:
>>> how to list all permissions?
>>> I did this, but failed. (please confirm if this is also a bug)
>>>
>>> [yi@dhcp-137 ipa-delegation]$ ipa permission-find permission_add_1019
>>> --------------------
>>> 1 permission matched
>>> --------------------
>>> Permission name: permission_add_1019
>>> Description: auto_generated_description_permission_add_1019
>>> Permissions: read
>>> Attributes: gidnumber
>>> Filter: (cn=)
>>> ----------------------------
>>> Number of entries returned 1
>>> ----------------------------
>>> [yi@dhcp-137 ipa-delegation]$ ipa permission-find
>>> ipa: ERROR: no such entry
>>>
>>> <<<<<<<--------- is this a bug? shall we return all permissions just
>>> like "ipa user-find" ?
>>>
>>
>> I'm guessing that it is blowing up and returning that as a bogus
>> error. Can you check the Apache error log to see if there is something
>> there?
>>
> there is no message logged in httpd-error log .
> If you can confirm that "ipa permission-find" should return all
> permissions, i will log a bug.

Yes, it should return everything. I'm guessing that you added a permission? I'd include the permission (or permissions) you added in the bug report along with any traceback found in the Apache error log.

rob

Comment 1 Yi Zhang 2011-01-19 17:48:35 UTC

there are no error message in httpd 's error_log file

Comment 2 Dmitri Pal 2011-01-19 17:52:27 UTC

https://fedorahosted.org/freeipa/ticket/810

Comment 3 Rob Crittenden 2011-01-19 18:02:51 UTC

Can you create the file /etc/ipa/server.conf and set the contents to:

[global]
debug=True

Restart httpd and run: ipa permission-find

The log should have more information in it.

Comment 4 Yi Zhang 2011-01-19 23:37:05 UTC

[Wed Jan 19 15:33:18 2011] [error] ipa: INFO: Created connection context.ldap2
[Wed Jan 19 15:33:18 2011] [error] ipa: DEBUG: raw: permission_find(None, all=False, raw=False)
[Wed Jan 19 15:33:18 2011] [error] ipa: INFO: permission_find(None, all=False, raw=False)
[Wed Jan 19 15:33:19 2011] [error] ipa: DEBUG: raw: aci_show(u'Add Users')
[Wed Jan 19 15:33:19 2011] [error] ipa: INFO: aci_show(u'Add Users', all=False, raw=False)
[Wed Jan 19 15:33:19 2011] [error] ipa: DEBUG: raw: aci_show(u'Change a user password')
[Wed Jan 19 15:33:19 2011] [error] ipa: INFO: aci_show(u'Change a user password', all=False, raw=False)
[Wed Jan 19 15:33:19 2011] [error] ipa: DEBUG: raw: aci_show(u'Add user to default group')
[Wed Jan 19 15:33:19 2011] [error] ipa: INFO: aci_show(u'Add user to default group', all=False, raw=False)
[Wed Jan 19 15:33:19 2011] [error] ipa: DEBUG: raw: aci_show(u'Remove Users')
[Wed Jan 19 15:33:19 2011] [error] ipa: INFO: aci_show(u'Remove Users', all=False, raw=False)
[Wed Jan 19 15:33:19 2011] [error] ipa: DEBUG: raw: aci_show(u'Modify Users')
[Wed Jan 19 15:33:19 2011] [error] ipa: INFO: aci_show(u'Modify Users', all=False, raw=False)
[Wed Jan 19 15:33:19 2011] [error] ipa: DEBUG: raw: aci_show(u'Add Groups')
[Wed Jan 19 15:33:19 2011] [error] ipa: INFO: aci_show(u'Add Groups', all=False, raw=False)
[Wed Jan 19 15:33:19 2011] [error] ipa: DEBUG: raw: aci_show(u'Remove Groups')
[Wed Jan 19 15:33:19 2011] [error] ipa: INFO: aci_show(u'Remove Groups', all=False, raw=False)
[Wed Jan 19 15:33:19 2011] [error] ipa: DEBUG: raw: aci_show(u'Modify Groups')
[Wed Jan 19 15:33:19 2011] [error] ipa: INFO: aci_show(u'Modify Groups', all=False, raw=False)
[Wed Jan 19 15:33:19 2011] [error] ipa: DEBUG: raw: aci_show(u'Modify Group membership')
[Wed Jan 19 15:33:19 2011] [error] ipa: INFO: aci_show(u'Modify Group membership', all=False, raw=False)
[Wed Jan 19 15:33:19 2011] [error] ipa: DEBUG: raw: aci_show(u'Add Hosts')
[Wed Jan 19 15:33:19 2011] [error] ipa: INFO: aci_show(u'Add Hosts', all=False, raw=False)
[Wed Jan 19 15:33:19 2011] [error] ipa: DEBUG: raw: aci_show(u'Remove Hosts')
[Wed Jan 19 15:33:19 2011] [error] ipa: INFO: aci_show(u'Remove Hosts', all=False, raw=False)
[Wed Jan 19 15:33:19 2011] [error] ipa: DEBUG: raw: aci_show(u'Modify Hosts')
[Wed Jan 19 15:33:19 2011] [error] ipa: INFO: aci_show(u'Modify Hosts', all=False, raw=False)
[Wed Jan 19 15:33:19 2011] [error] ipa: DEBUG: raw: aci_show(u'Add Hostgroups')
[Wed Jan 19 15:33:19 2011] [error] ipa: INFO: aci_show(u'Add Hostgroups', all=False, raw=False)
[Wed Jan 19 15:33:19 2011] [error] ipa: DEBUG: raw: aci_show(u'Remove Hostgroups')
[Wed Jan 19 15:33:19 2011] [error] ipa: INFO: aci_show(u'Remove Hostgroups', all=False, raw=False)
[Wed Jan 19 15:33:19 2011] [error] ipa: DEBUG: raw: aci_show(u'Modify Hostgroups')
[Wed Jan 19 15:33:19 2011] [error] ipa: INFO: aci_show(u'Modify Hostgroups', all=False, raw=False)
[Wed Jan 19 15:33:19 2011] [error] ipa: DEBUG: raw: aci_show(u'Modify Hostgroup membership')
[Wed Jan 19 15:33:19 2011] [error] ipa: INFO: aci_show(u'Modify Hostgroup membership', all=False, raw=False)
[Wed Jan 19 15:33:19 2011] [error] ipa: DEBUG: raw: aci_show(u'Add Services')
[Wed Jan 19 15:33:19 2011] [error] ipa: INFO: aci_show(u'Add Services', all=False, raw=False)
[Wed Jan 19 15:33:19 2011] [error] ipa: DEBUG: raw: aci_show(u'Remove Services')
[Wed Jan 19 15:33:19 2011] [error] ipa: INFO: aci_show(u'Remove Services', all=False, raw=False)
[Wed Jan 19 15:33:19 2011] [error] ipa: DEBUG: raw: aci_show(u'Modify Services')
[Wed Jan 19 15:33:19 2011] [error] ipa: INFO: aci_show(u'Modify Services', all=False, raw=False)
[Wed Jan 19 15:33:19 2011] [error] ipa: DEBUG: raw: aci_show(u'Add Roles')
[Wed Jan 19 15:33:19 2011] [error] ipa: INFO: aci_show(u'Add Roles', all=False, raw=False)
[Wed Jan 19 15:33:19 2011] [error] ipa: DEBUG: raw: aci_show(u'Remove Roles')
[Wed Jan 19 15:33:19 2011] [error] ipa: INFO: aci_show(u'Remove Roles', all=False, raw=False)
[Wed Jan 19 15:33:19 2011] [error] ipa: DEBUG: raw: aci_show(u'Modify Roles')
[Wed Jan 19 15:33:19 2011] [error] ipa: INFO: aci_show(u'Modify Roles', all=False, raw=False)
[Wed Jan 19 15:33:19 2011] [error] ipa: DEBUG: raw: aci_show(u'Modify Role Group membership')
[Wed Jan 19 15:33:19 2011] [error] ipa: INFO: aci_show(u'Modify Role Group membership', all=False, raw=False)
[Wed Jan 19 15:33:19 2011] [error] ipa: DEBUG: raw: aci_show(u'Modify privilege membership')
[Wed Jan 19 15:33:19 2011] [error] ipa: INFO: aci_show(u'Modify privilege membership', all=False, raw=False)
[Wed Jan 19 15:33:19 2011] [error] ipa: DEBUG: raw: aci_show(u'Add Automount maps')
[Wed Jan 19 15:33:19 2011] [error] ipa: INFO: aci_show(u'Add Automount maps', all=False, raw=False)
[Wed Jan 19 15:33:19 2011] [error] ipa: DEBUG: raw: aci_show(u'Remove Automount maps')
[Wed Jan 19 15:33:19 2011] [error] ipa: INFO: aci_show(u'Remove Automount maps', all=False, raw=False)
[Wed Jan 19 15:33:19 2011] [error] ipa: DEBUG: raw: aci_show(u'Add Automount keys')
[Wed Jan 19 15:33:19 2011] [error] ipa: INFO: aci_show(u'Add Automount keys', all=False, raw=False)
[Wed Jan 19 15:33:20 2011] [error] ipa: DEBUG: raw: aci_show(u'Remove Automount keys')
[Wed Jan 19 15:33:20 2011] [error] ipa: INFO: aci_show(u'Remove Automount keys', all=False, raw=False)
[Wed Jan 19 15:33:20 2011] [error] ipa: DEBUG: raw: aci_show(u'Add netgroups')
[Wed Jan 19 15:33:20 2011] [error] ipa: INFO: aci_show(u'Add netgroups', all=False, raw=False)
[Wed Jan 19 15:33:20 2011] [error] ipa: DEBUG: raw: aci_show(u'Remove netgroups')
[Wed Jan 19 15:33:20 2011] [error] ipa: INFO: aci_show(u'Remove netgroups', all=False, raw=False)
[Wed Jan 19 15:33:20 2011] [error] ipa: DEBUG: raw: aci_show(u'Modify netgroups')
[Wed Jan 19 15:33:20 2011] [error] ipa: INFO: aci_show(u'Modify netgroups', all=False, raw=False)
[Wed Jan 19 15:33:20 2011] [error] ipa: DEBUG: raw: aci_show(u'Modify netgroup membership')
[Wed Jan 19 15:33:20 2011] [error] ipa: INFO: aci_show(u'Modify netgroup membership', all=False, raw=False)
[Wed Jan 19 15:33:20 2011] [error] ipa: DEBUG: raw: aci_show(u'Manage host keytab')
[Wed Jan 19 15:33:20 2011] [error] ipa: INFO: aci_show(u'Manage host keytab', all=False, raw=False)
[Wed Jan 19 15:33:20 2011] [error] ipa: DEBUG: raw: aci_show(u'Manage service keytab')
[Wed Jan 19 15:33:20 2011] [error] ipa: INFO: aci_show(u'Manage service keytab', all=False, raw=False)
[Wed Jan 19 15:33:20 2011] [error] ipa: DEBUG: raw: aci_show(u'Enroll a host')
[Wed Jan 19 15:33:20 2011] [error] ipa: INFO: aci_show(u'Enroll a host', all=False, raw=False)
[Wed Jan 19 15:33:20 2011] [error] ipa: DEBUG: raw: aci_show(u'Add Replication Agreements')
[Wed Jan 19 15:33:20 2011] [error] ipa: INFO: aci_show(u'Add Replication Agreements', all=False, raw=False)
[Wed Jan 19 15:33:20 2011] [error] ipa: DEBUG: ACI not found for Add Replication Agreements
[Wed Jan 19 15:33:20 2011] [error] ipa: DEBUG: raw: aci_show(u'Modify Replication Agreements')
[Wed Jan 19 15:33:20 2011] [error] ipa: INFO: aci_show(u'Modify Replication Agreements', all=False, raw=False)
[Wed Jan 19 15:33:20 2011] [error] ipa: DEBUG: ACI not found for Modify Replication Agreements
[Wed Jan 19 15:33:20 2011] [error] ipa: DEBUG: raw: aci_show(u'Remove Replication Agreements')
[Wed Jan 19 15:33:20 2011] [error] ipa: INFO: aci_show(u'Remove Replication Agreements', all=False, raw=False)
[Wed Jan 19 15:33:20 2011] [error] ipa: DEBUG: ACI not found for Remove Replication Agreements
[Wed Jan 19 15:33:20 2011] [error] ipa: DEBUG: raw: aci_show(u'Add Entitlements')
[Wed Jan 19 15:33:20 2011] [error] ipa: INFO: aci_show(u'Add Entitlements', all=False, raw=False)
[Wed Jan 19 15:33:20 2011] [error] ipa: DEBUG: raw: aci_show(u'Remove Entitlements')
[Wed Jan 19 15:33:20 2011] [error] ipa: INFO: aci_show(u'Remove Entitlements', all=False, raw=False)
[Wed Jan 19 15:33:20 2011] [error] ipa: DEBUG: raw: aci_show(u'Modify Entitlements')
[Wed Jan 19 15:33:20 2011] [error] ipa: INFO: aci_show(u'Modify Entitlements', all=False, raw=False)
[Wed Jan 19 15:33:20 2011] [error] ipa: DEBUG: raw: aci_show(u'Retrieve Certificates from the CA')
[Wed Jan 19 15:33:20 2011] [error] ipa: INFO: aci_show(u'Retrieve Certificates from the CA', all=False, raw=False)
[Wed Jan 19 15:33:20 2011] [error] ipa: DEBUG: raw: aci_show(u'Request Certificates from the CA')
[Wed Jan 19 15:33:20 2011] [error] ipa: INFO: aci_show(u'Request Certificates from the CA', all=False, raw=False)
[Wed Jan 19 15:33:20 2011] [error] ipa: DEBUG: raw: aci_show(u'Request Certificates from a different host')
[Wed Jan 19 15:33:20 2011] [error] ipa: INFO: aci_show(u'Request Certificates from a different host', all=False, raw=False)
[Wed Jan 19 15:33:20 2011] [error] ipa: DEBUG: raw: aci_show(u'Get Certificates status from the CA')
[Wed Jan 19 15:33:20 2011] [error] ipa: INFO: aci_show(u'Get Certificates status from the CA', all=False, raw=False)
[Wed Jan 19 15:33:20 2011] [error] ipa: DEBUG: raw: aci_show(u'Revoke Certificate')
[Wed Jan 19 15:33:20 2011] [error] ipa: INFO: aci_show(u'Revoke Certificate', all=False, raw=False)
[Wed Jan 19 15:33:20 2011] [error] ipa: DEBUG: raw: aci_show(u'Certificate Remove Hold')
[Wed Jan 19 15:33:20 2011] [error] ipa: INFO: aci_show(u'Certificate Remove Hold', all=False, raw=False)
[Wed Jan 19 15:33:20 2011] [error] ipa: DEBUG: raw: aci_show(u'Manage group members')
[Wed Jan 19 15:33:20 2011] [error] ipa: INFO: aci_show(u'Manage group members', all=False, raw=False)
[Wed Jan 19 15:33:20 2011] [error] ipa: DEBUG: raw: aci_show(u'Manage group members random')
[Wed Jan 19 15:33:20 2011] [error] ipa: INFO: aci_show(u'Manage group members random', all=False, raw=False)
[Wed Jan 19 15:33:20 2011] [error] ipa: DEBUG: ACI not found for Manage group members random
[Wed Jan 19 15:33:20 2011] [error] ipa: DEBUG: raw: aci_show(u'Manage group members add')
[Wed Jan 19 15:33:20 2011] [error] ipa: INFO: aci_show(u'Manage group members add', all=False, raw=False)
[Wed Jan 19 15:33:20 2011] [error] ipa: DEBUG: ACI not found for Manage group members add
[Wed Jan 19 15:33:20 2011] [error] ipa: DEBUG: raw: aci_show(u'test001 permission')
[Wed Jan 19 15:33:20 2011] [error] ipa: INFO: aci_show(u'test001 permission', all=False, raw=False)
[Wed Jan 19 15:33:20 2011] [error] ipa: DEBUG: raw: aci_show(u'test002 permission')
[Wed Jan 19 15:33:20 2011] [error] ipa: INFO: aci_show(u'test002 permission', all=False, raw=False)
[Wed Jan 19 15:33:20 2011] [error] ipa: DEBUG: raw: aci_show(u'test003 permission')
[Wed Jan 19 15:33:20 2011] [error] ipa: INFO: aci_show(u'test003 permission', all=False, raw=False)
[Wed Jan 19 15:33:20 2011] [error] ipa: DEBUG: ACI not found for test003 permission
[Wed Jan 19 15:33:20 2011] [error] ipa: DEBUG: raw: aci_show(u'test004 permission')
[Wed Jan 19 15:33:20 2011] [error] ipa: INFO: aci_show(u'test004 permission', all=False, raw=False)
[Wed Jan 19 15:33:20 2011] [error] ipa: DEBUG: ACI not found for test004 permission
[Wed Jan 19 15:33:20 2011] [error] ipa: DEBUG: raw: aci_show(u'test005 permission')
[Wed Jan 19 15:33:20 2011] [error] ipa: INFO: aci_show(u'test005 permission', all=False, raw=False)
[Wed Jan 19 15:33:20 2011] [error] ipa: DEBUG: raw: aci_show(u'test006 permission')
[Wed Jan 19 15:33:20 2011] [error] ipa: INFO: aci_show(u'test006 permission', all=False, raw=False)
[Wed Jan 19 15:33:20 2011] [error] ipa: DEBUG: ACI not found for test006 permission
[Wed Jan 19 15:33:20 2011] [error] ipa: DEBUG: raw: aci_show(u'test007 permission')
[Wed Jan 19 15:33:20 2011] [error] ipa: INFO: aci_show(u'test007 permission', all=False, raw=False)
[Wed Jan 19 15:33:21 2011] [error] ipa: DEBUG: raw: aci_show(u'test009 permission')
[Wed Jan 19 15:33:21 2011] [error] ipa: INFO: aci_show(u'test009 permission', all=False, raw=False)
[Wed Jan 19 15:33:21 2011] [error] ipa: DEBUG: raw: aci_show(u'auto_generated_description_permission_add_1022')
[Wed Jan 19 15:33:21 2011] [error] ipa: INFO: aci_show(u'auto_generated_description_permission_add_1022', all=False, raw=False)
[Wed Jan 19 15:33:21 2011] [error] ipa: DEBUG: raw: aci_show(u'auto_generated_description_permission_add_1024')
[Wed Jan 19 15:33:21 2011] [error] ipa: INFO: aci_show(u'auto_generated_description_permission_add_1024', all=False, raw=False)
[Wed Jan 19 15:33:21 2011] [error] ipa: DEBUG: ACI not found for auto_generated_description_permission_add_1024
[Wed Jan 19 15:33:21 2011] [error] ipa: DEBUG: raw: aci_show(u'testgrp')
[Wed Jan 19 15:33:21 2011] [error] ipa: INFO: aci_show(u'testgrp', all=False, raw=False)
[Wed Jan 19 15:33:21 2011] [error] ipa: DEBUG: raw: aci_show(u'testp')
[Wed Jan 19 15:33:21 2011] [error] ipa: INFO: aci_show(u'testp', all=False, raw=False)
[Wed Jan 19 15:33:21 2011] [error] ipa: DEBUG: raw: aci_show(u'testper')
[Wed Jan 19 15:33:21 2011] [error] ipa: INFO: aci_show(u'testper', all=False, raw=False)
[Wed Jan 19 15:33:21 2011] [error] ipa: DEBUG: raw: aci_show(u'4_permission_mod_1022')
[Wed Jan 19 15:33:21 2011] [error] ipa: INFO: aci_show(u'4_permission_mod_1022', all=False, raw=False)
[Wed Jan 19 15:33:21 2011] [error] ipa: DEBUG: raw: aci_find(None, all=False, raw=False)
[Wed Jan 19 15:33:21 2011] [error] ipa: INFO: aci_find(None, all=False, raw=False)
[Wed Jan 19 15:33:21 2011] [error] ipa: INFO: response: NotFound: no such entry
[Wed Jan 19 15:33:21 2011] [error] ipa: INFO: Destroyed connection context.ldap2

Comment 5 Yi Zhang 2011-01-20 18:35:52 UTC

I retest "ipa permission-find" today in a clean installed ipa server. And it does return all permissions in server. It looks like this problem is not caused by the command itself. Some of my permission related test, such as permission-add or permission-mod triggered this error. The actual cause is hard to address.

Comment 6 Dmitri Pal 2011-01-21 00:39:23 UTC

Does this mean that you will close this bug?

Comment 7 Rob Crittenden 2011-01-21 15:07:13 UTC

The fact that permissions can be gotten into a state where permission-find returns Not Found is bad.

Comment 8 Martin Kosek 2011-01-27 12:47:45 UTC

Do we have a reproduction for this bug? In other case I would like to close ticket 810 as I am unable to reproduce it.

There were several significant changes to ACIs and permission plugin last days (e.g. ticket 764) which may have fixed the original source of this issue.

Comment 9 Yi Zhang 2011-01-31 23:55:30 UTC

I haven't have a recent version of ipa server installed yet. I will come back to this bug once I have one.