Bug 743071

Summary: duplicate hostgroup and netgroup
Product: [Retired] freeIPA Reporter: Sigbjorn Lie <sigbjorn>
Component: ipa-serverAssignee: Rob Crittenden <rcritten>
Status: CLOSED ERRATA QA Contact: Chandrasekar Kannan <ckannan>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 2.1CC: benl, dpal, jgalipea, mkosek, nsoman
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: freeipa-2.1.4-5.fc16 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 743253 (view as bug list) Environment:
Last Closed: 2012-03-28 09:28:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 743253    

Description Sigbjorn Lie 2011-10-03 18:39:00 UTC 
Description of problem:
When a host group is added having the same name as an existing netgroup, the host group is allowed to be created, thus creating an error and making the Host Group tab in the webui inaccessible with the following error:

Error: IPA Error 4027
The search criteria was not specific enough. Expected 1 and found 2.
Version-Release number of selected component (if applicable):



How reproducible:
Every time

Steps to Reproduce:
1. Create a netgroup with a certain name, ex: "all"
2. Create a hostgroup with a certain name, ex: "all"
3.
  
Actual results:
The host group tab in the webui is now inaccessible

Expected results:
Error message displayed about duplicate name OR the webui to handle the duplicate group name. Using the CLI to remove the duplicate host group resolves the issue.

Additional info:
Comment 1 Rob Crittenden 2011-10-03 18:54:41 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/1914
Comment 2 Jenny Severance 2011-10-04 11:37:19 UTC 
I was able to reproduce this with ipa-server-2.1.1-101.20111003T0058zgitaaa7c05.el6.x86_64
Comment 3 Martin Kosek 2011-10-04 12:13:23 UTC 
For NIS compatibility sake, for every created hostgroup, a relevant netgroup is created. This can be checked via netgroup-show or directly in LDAP (cn=ng,cn=alt,$SUFFIX).

This is the reason why there cannot be a hostgroup and netgroup with the same name. This is what I get in this scenario:

# ipa hostgroup-add foo --desc=bar
---------------------
Added hostgroup "foo"
---------------------
  Host-group: foo
  Description: bar

# ipa netgroup-find
-------------------
0 netgroups matched
-------------------
----------------------------
Number of entries returned 0
----------------------------

# ipa netgroup-show foo
  Netgroup name: foo
  Description: ipaNetgroup foo
  NIS domain name: idm.lab.bos.redhat.com
  Member Hostgroup: foo

# ipa netgroup-add foo --desc=bar2
ipa: ERROR: Constraint violation: Another entry with the same attribute value already exists (attribute: "cn")

I wasn't even able to add a netgroup with the same name.

There is also a relevant fix for "The search criteria was not specific enough" already pushed upstream, which should help:

https://bugzilla.redhat.com/show_bug.cgi?id=740830
Comment 4 Rob Crittenden 2011-10-07 02:40:10 UTC 
Fixed upstream

master: a85bb7fa9e5a03b391d684e2850bfe4663f94e21

ipa-2-1: 92dbd68677b3166ebb8897c5fac7d6a142226ac1
Comment 5 Martin Kosek 2011-10-17 15:13:45 UTC 
The following commit also fixed an error message when a duplicate hostgroup was being added.


master: https://fedorahosted.org/freeipa/changeset/99d938152fbef41f2d48d4088e5ba39bc820e9de
ipa-2-1: https://fedorahosted.org/freeipa/changeset/5a3268fc7d731232844eb9391be722db2179f24c