Bug 671006

Summary: ipa permission-mod --rename does not work
Product: [Retired] freeIPA Reporter: Yi Zhang <yzhang>
Component: ipa-serverAssignee: Rob Crittenden <rcritten>
Status: CLOSED ERRATA QA Contact: Chandrasekar Kannan <ckannan>
Severity: medium Docs Contact:
Priority: low    
Version: 2.0CC: benl, dpal, jgalipea
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: freeipa-2.0.0-1.fc15 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-03-28 09:41:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Yi Zhang 2011-01-19 21:59:33 UTC 
Description of problem:
the next test failed:
[yi@dhcp-137 ipa-delegation]$ klist
Ticket cache: FILE:/tmp/krb5cc_500
Default principal: admin.COM

Valid starting     Expires            Service principal
01/19/11 13:48:26  01/20/11 13:48:26  krbtgt/SJC.REDHAT.COM.COM
01/19/11 13:49:08  01/20/11 13:48:26  HTTP/dhcp-137.sjc.redhat.com.COM

[yi@dhcp-137 ipa-delegation]$ ipa permission-mod permission_mod_1022 --rename=test
ipa: ERROR: no modifications to be performed



Version-Release number of selected component (if applicable):ipa-server-2.0-0.2011011115gitc778919.fc14.i686


How reproducible: always

 


Additional info: no error logged in httpd's error_log file
Comment 1 Yi Zhang 2011-01-19 22:04:34 UTC 
based on Rob's tips,
1. create file : /etc/ipa/server.conf
2. add this 2 lines:
[global]
debug=true
3. restart httpd
4. re-run test and i get following:

[Wed Jan 19 13:59:11 2011] [error] ipa: INFO: Created connection context.ldap2
[Wed Jan 19 13:59:11 2011] [error] ipa: DEBUG: raw: permission_mod(u'permission_mod_1022', rights=False, all=False, raw=False, rename=u'test')
[Wed Jan 19 13:59:11 2011] [error] ipa: INFO: permission_mod(u'permission_mod_1022', rights=False, all=False, raw=False, rename=u'test')
[Wed Jan 19 13:59:11 2011] [error] ipa: DEBUG: raw: aci_mod(u'4_permission_mod_1022', permission=u'permission_mod_1022')
[Wed Jan 19 13:59:11 2011] [error] ipa: INFO: aci_mod(u'4_permission_mod_1022', permission=u'permission_mod_1022', selfaci=False, all=False, raw=False)
[Wed Jan 19 13:59:12 2011] [error] ipa: DEBUG: raw: permission_show(u'permission_mod_1022')
[Wed Jan 19 13:59:12 2011] [error] ipa: INFO: permission_show(u'permission_mod_1022', rights=False, all=False, raw=False)
[Wed Jan 19 13:59:12 2011] [error] ipa: DEBUG: raw: aci_show(u'4_permission_mod_1022')
[Wed Jan 19 13:59:12 2011] [error] ipa: INFO: aci_show(u'4_permission_mod_1022', all=False, raw=False)
[Wed Jan 19 13:59:12 2011] [error] ipa: INFO: response: EmptyModlist: no modifications to be performed
[Wed Jan 19 13:59:12 2011] [error] ipa: INFO: Destroyed connection context.ldap2
[Wed Jan 19 13:59:16 2011] [error] Unable to read from pin store for slot: internal APR err: 70007
Comment 2 Dmitri Pal 2011-01-19 22:15:00 UTC 
https://fedorahosted.org/freeipa/ticket/814
Comment 3 Dmitri Pal 2011-02-10 21:07:33 UTC 
master: f72d8e506a82dc558f89a4d115f3aad261655ba8