Bug 804609
Summary: | Issues with DS migrated Users | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Jenny Severance <jgalipea> | ||||||||
Component: | ipa | Assignee: | Rob Crittenden <rcritten> | ||||||||
Status: | CLOSED ERRATA | QA Contact: | IDM QE LIST <seceng-idm-qe-list> | ||||||||
Severity: | unspecified | Docs Contact: | |||||||||
Priority: | high | ||||||||||
Version: | 6.3 | CC: | mkosek | ||||||||
Target Milestone: | rc | ||||||||||
Target Release: | 6.3 | ||||||||||
Hardware: | Unspecified | ||||||||||
OS: | Unspecified | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | ipa-2.2.0-6.el6 | Doc Type: | Bug Fix | ||||||||
Doc Text: |
No documentation needed.
|
Story Points: | --- | ||||||||
Clone Of: | Environment: | ||||||||||
Last Closed: | 2012-06-20 13:25:02 UTC | Type: | --- | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Attachments: |
|
Description
Jenny Severance
2012-03-19 12:23:38 UTC
Created attachment 571098 [details]
screen shot 1
Created attachment 571099 [details]
screen shot 2
Created attachment 571100 [details]
screen shot 3
Not just a UI issue ... # ipa user-show --all Zonda_Logarajah ipa: ERROR: an internal error has occurred [Mon Mar 19 08:39:07 2012] [error] ipa: ERROR: non-public: KeyError: '"uid" not found in cn=Blakeley Sokyrko,ou=People,dc=example,dc=com' [Mon Mar 19 08:39:07 2012] [error] Traceback (most recent call last): [Mon Mar 19 08:39:07 2012] [error] File "/usr/lib/python2.6/site-packages/ipaserver/rpcserver.py", line 315, in wsgi_execute [Mon Mar 19 08:39:07 2012] [error] result = self.Command[name](*args, **options) [Mon Mar 19 08:39:07 2012] [error] File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 438, in __call__ [Mon Mar 19 08:39:07 2012] [error] ret = self.run(*args, **options) [Mon Mar 19 08:39:07 2012] [error] File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 696, in run [Mon Mar 19 08:39:07 2012] [error] return self.execute(*args, **options) [Mon Mar 19 08:39:07 2012] [error] File "/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py", line 1142, in execute [Mon Mar 19 08:39:07 2012] [error] dn = callback(ldap, dn, entry_attrs, *keys, **options) [Mon Mar 19 08:39:07 2012] [error] File "/usr/lib/python2.6/site-packages/ipalib/plugins/user.py", line 629, in post_callback [Mon Mar 19 08:39:07 2012] [error] self.obj._convert_manager(entry_attrs, **options) [Mon Mar 19 08:39:07 2012] [error] File "/usr/lib/python2.6/site-packages/ipalib/plugins/user.py", line 396, in _convert_manager [Mon Mar 19 08:39:07 2012] [error] entry_attrs['manager'][m] = self.get_primary_key_from_dn(entry_attrs['manager'][m]) [Mon Mar 19 08:39:07 2012] [error] File "/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py", line 490, in get_primary_key_from_dn [Mon Mar 19 08:39:07 2012] [error] return dn[self.primary_key.name] [Mon Mar 19 08:39:07 2012] [error] File "/usr/lib/python2.6/site-packages/ipalib/dn.py", line 1137, in __getitem__ [Mon Mar 19 08:39:07 2012] [error] raise KeyError("\\"%s\\" not found in %s" % (key, self.__str__())) [Mon Mar 19 08:39:07 2012] [error] KeyError: '"uid" not found in cn=Blakeley Sokyrko,ou=People,dc=example,dc=com' [Mon Mar 19 08:39:07 2012] [error] ipa: INFO: admin: user_show(u'zonda_logarajah', rights=False, all=True, raw=False, version=u'2.30'): KeyError ~ Can you do an ldapsearch for this user and give the results? I'm guessing we aren't creating the new dn correctly, the search output will confirm it. User in IPA :: dn: uid=zonda_logarajah,cn=users,cn=accounts,dc=testrelm,dc=com telephoneNumber: +1 818 862-4100 cn: Zonda Logarajah manager: cn=Blakeley Sokyrko,ou=People,dc=example,dc=com homeDirectory: /home/Zonda_Logarajah krbPrincipalName: zonda_logarajah uid: Zonda_Logarajah title: Master Payroll Sales Rep facsimileTelephoneNumber: +1 510 887-2730 uidNumber: 10034 mail: Zonda_Logarajah employeeType: Temp description: This is Zonda Logarajah's description roomNumber: 8582 carLicense: RITUXZ3 postalAddress: example.com, Payroll Dept #954, Room#641 givenName: Zonda pager: +1 714 321-7999 departmentNumber: 6182 objectClass: krbticketpolicyaux objectClass: ipaobject objectClass: organizationalperson objectClass: top objectClass: ipasshuser objectClass: inetorgperson objectClass: person objectClass: inetuser objectClass: krbprincipalaux objectClass: posixaccount objectClass: ipaSshGroupOfPubKeys objectClass: mepOriginEntry l: San Mateo mobile: +1 303 719-8147 gidNumber: 20034 sn: Logarajah ou: Payroll secretary: cn=Connie Mulqueen,ou=People,dc=example,dc=com homePhone: +1 206 130-6522 initials: Z. L. userPassword:: e1NTSEF9Vk1oY2toQVhrd2owSUxXTFRVQnNlUmlLWGpseGdPUW5nbkpNQ0E9PQ= = ipaUniqueID: 049d1c22-6f9b-11e1-b98b-5254009e206c mepManagedEntry: cn=Zonda_Logarajah,cn=groups,cn=accounts,dc=testrelm,dc=com memberOf: cn=ipausers,cn=groups,cn=accounts,dc=testrelm,dc=com User's private group ... dn: cn=Zonda_Logarajah,cn=groups,cn=accounts,dc=testrelm,dc=com objectClass: posixgroup objectClass: ipaobject objectClass: mepManagedEntry objectClass: top cn: Zonda_Logarajah gidNumber: 10034 description: User private group for Zonda_Logarajah mepManagedBy: uid=zonda_logarajah,cn=users,cn=accounts,dc=testrelm,dc=com ipaUniqueID: 04a0bd00-6f9b-11e1-b98b-5254009e206c # search result search: 2 result: 0 Success Note: user's gidnumber does not match user's private group gidnumber and gid number 20034 does not exist (In reply to comment #0) > Description of problem: > > After migration of users and groups from 389 directory server, get errors > viewing users and group members from the WebUI. Not all attributes are > viewable. > > Example User from directory server :: > > dn: cn=Darcee Leeson,ou=People,dc=example,dc=com > carLicense: 2CGORU4 > cn: Darcee Leeson > departmentNumber: 9466 > description: This is Darcee Leeson's description > employeeType: Normal > facsimileTelephoneNumber: +1 408 553-4571 > givenName: Darcee > homePhone: +1 206 217-8241 > initials: D. L. > l: Sunnyvale > mail: Darcee_Leeson > manager: cn=Mollee Weisenberg,ou=People,dc=example,dc=com > mobile: +1 818 264-2444 > objectClass: top > objectClass: person > objectClass: organizationalPerson > objectClass: inetOrgPerson > objectClass: posixAccount > ou: Product Testing > pager: +1 510 405-3251 > postalAddress: example.com, Product Testing Dept #795, Room#250 > roomNumber: 9844 > secretary: cn=Ayaz Kreiger,ou=People,dc=example,dc=com > sn: Leeson > telephoneNumber: +1 804 913-8558 > title: Supreme Product Testing Visionary > uid: Darcee_Leeson > uidNumber: 11731 > gidNumber: 21731 > homeDirectory: /home/Darcee_Leeson > userPassword:: e1NTSEF9VzMySTlBaFBkT0dMa201QU9DQThobW5LSC9RV296RWpCMFJ6TXc9PQ= > = > > Example of user in IPA from CLI after migration :: > > # ipa user-find Darcee_Leeson > -------------- > 1 user matched > -------------- > User login: Darcee_Leeson > First name: Darcee > Last name: Leeson > Home directory: /home/Darcee_Leeson > Email address: Darcee_Leeson > UID: 11731 > GID: 21731 > Telephone Number: +1 804 913-8558 > Job Title: Supreme Product Testing Visionary > Account disabled: False > Password: True > Kerberos keys available: False > > > Example group from 389 directory server :: > > dn: cn=Accounting,ou=Groups,dc=example,dc=com > objectClass: top > objectClass: inetuser > objectClass: groupofnames > objectClass: posixGroup > cn: Accounting > member: cn=Gabbie Sarubbi,ou=People,dc=example,dc=com > member: cn=Klara Eswara,ou=People,dc=example,dc=com > member: cn=Tomasina Kowalsky,ou=People,dc=example,dc=com > member: cn=Merilyn Upton,ou=People,dc=example,dc=com > member: cn=Cang Keighley,ou=People,dc=example,dc=com > member: cn=Idette Risler,ou=People,dc=example,dc=com > member: cn=Leanora Corless,ou=People,dc=example,dc=com > member: cn=Scarlet Witt,ou=People,dc=example,dc=com > member: cn=Laurene Kindem,ou=People,dc=example,dc=com > member: cn=Kin-Wai Wennerstrom,ou=People,dc=example,dc=com > member: cn=Saeed Dehghan,ou=People,dc=example,dc=com > member: cn=Dalenna Spann,ou=People,dc=example,dc=com > member: cn=Lonee Praeuner,ou=People,dc=example,dc=com > member: cn=Clemence Royle,ou=People,dc=example,dc=com > member: cn=Christan Propes,ou=People,dc=example,dc=com > member: cn=Blondelle Rabiasz,ou=People,dc=example,dc=com > member: cn=Loesje Sparkes,ou=People,dc=example,dc=com > member: cn=Gwynith Leigh,ou=People,dc=example,dc=com > member: cn=Ella Markell,ou=People,dc=example,dc=com > member: cn=Gretchen Lightowler,ou=People,dc=example,dc=com > member: cn=Briney Hollingsworth,ou=People,dc=example,dc=com > member: cn=Roxy Winlow,ou=People,dc=example,dc=com > member: cn=Maycel Kardos,ou=People,dc=example,dc=com > member: cn=Marybeth Fuson,ou=People,dc=example,dc=com > member: cn=Frederick Vinnell,ou=People,dc=example,dc=com > member: cn=Janusz Fussell,ou=People,dc=example,dc=com > member: cn=Lorenzo Wilczewski,ou=People,dc=example,dc=com > ............ > > Example of group from IPA after migration :: > > # ipa group-find accounting > ---------------- > 2 groups matched > ---------------- > Group name: Accounting > GID: 30000 > Member users: Gabbie Sarubbi, Klara Eswara, Tomasina Kowalsky, Merilyn Upton, > Cang Keighley, Idette Risler, Leanora Corless, Scarlet Witt, Laurene > Kindem, Kin-Wai Wennerstrom, Saeed Dehghan, Dalenna Spann, > Lonee Praeuner, Clemence Royle, Christan Propes, Blondelle Rabiasz, Loesje > Sparkes, Gwynith Leigh, Ella Markell, Gretchen Lightowler, > Briney Hollingsworth, Roxy Winlow, Maycel Kardos, Marybeth Fuson, Frederick > Vinnell, Janusz Fussell, Lorenzo Wilczewski, Avie Pouliot > > Group name: Accounting Managers > Description: People who can manage accounting entries > ---------------------------- > Number of entries returned 2 > ---------------------------- > > > PLEASE NOTE :: 2 entries noted ... one returned opps ... there are two entries returned ... pls disregard the comment! > > Version-Release number of selected component (if applicable): > ipa-server-2.2.0-4.el6.x86_64 > > How reproducible: > > > Steps to Reproduce: > 1. ipa migrate-ds ldap://389server.hostname > 2. launch WebUI, view users and group members > 3. > > Actual results: > > > Expected results: > > > Additional info: > > Please see attached screen shots Upstream ticket: https://fedorahosted.org/freeipa/ticket/2562 automated results :: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: bz804609 Internal Server Error - non-posix user-show --all :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ FAIL ] :: Show migrated non-posix user (Expected 0, got 1) :: [ FAIL ] :: File '/tmp/bz804609.out' should not contain 'ipa: ERROR: an internal error has occurred' :: [ LOG ] :: Duration: 20s :: [ LOG ] :: Assertions: 0 good, 2 bad :: [ FAIL ] :: RESULT: bz804609 Internal Server Error - non-posix user-show --all I believe the problem is we aren't updating dn entries within a user. You'll notice that manager and secretary point still refer to ou=People. In your original data what group has gidNumber 20034? yes, the output in comment #6 shows the user in ldap with gidNumber: 20034 I want to see the group itself. Was this group migrated? nope - not that matches that gidNumber :-( Fixed upstream: master: https://fedorahosted.org/freeipa/changeset/b9c3eb79a953fc20e148d518babf84925524f712 https://fedorahosted.org/freeipa/changeset/98a99cbca894b6122377976e51567d65513635e7 ipa-2-2: https://fedorahosted.org/freeipa/changeset/4e0e0fd3596bb5d8b7917f4ba8d78ce4636b988a https://fedorahosted.org/freeipa/changeset/0b5c853a0f7c4f2cbc74d6b9ed1bf5c97e79e3d6 verified :: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: bz804609 Internal Server Error - non-posix user-show --all :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ PASS ] :: Show migrated non-posix user :: [ PASS ] :: File '/tmp/bz804609.out' should not contain 'ipa: ERROR: an internal error has occurred' :: [ LOG ] :: Duration: 26s :: [ LOG ] :: Assertions: 2 good, 0 bad :: [ PASS ] :: RESULT: bz804609 Internal Server Error - non-posix user-show --all No errors from WebUI and all user attributes are visible now from UI and CLI version :: ipa-server.x86_64 0:2.2.0-7.el6 Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: No documentation needed. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0819.html |