Bug 804609

Created attachment 571098 [details]
screen shot 1

Created attachment 571099 [details]
screen shot 2

Created attachment 571100 [details]
screen shot 3

Not just a UI issue ...


# ipa user-show --all Zonda_Logarajah
ipa: ERROR: an internal error has occurred


[Mon Mar 19 08:39:07 2012] [error] ipa: ERROR: non-public: KeyError: '"uid" not found in cn=Blakeley Sokyrko,ou=People,dc=example,dc=com'
[Mon Mar 19 08:39:07 2012] [error] Traceback (most recent call last):
[Mon Mar 19 08:39:07 2012] [error]   File "/usr/lib/python2.6/site-packages/ipaserver/rpcserver.py", line 315, in wsgi_execute
[Mon Mar 19 08:39:07 2012] [error]     result = self.Command[name](*args, **options)
[Mon Mar 19 08:39:07 2012] [error]   File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 438, in __call__
[Mon Mar 19 08:39:07 2012] [error]     ret = self.run(*args, **options)
[Mon Mar 19 08:39:07 2012] [error]   File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 696, in run
[Mon Mar 19 08:39:07 2012] [error]     return self.execute(*args, **options)
[Mon Mar 19 08:39:07 2012] [error]   File "/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py", line 1142, in execute
[Mon Mar 19 08:39:07 2012] [error]     dn = callback(ldap, dn, entry_attrs, *keys, **options)
[Mon Mar 19 08:39:07 2012] [error]   File "/usr/lib/python2.6/site-packages/ipalib/plugins/user.py", line 629, in post_callback
[Mon Mar 19 08:39:07 2012] [error]     self.obj._convert_manager(entry_attrs, **options)
[Mon Mar 19 08:39:07 2012] [error]   File "/usr/lib/python2.6/site-packages/ipalib/plugins/user.py", line 396, in _convert_manager
[Mon Mar 19 08:39:07 2012] [error]     entry_attrs['manager'][m] = self.get_primary_key_from_dn(entry_attrs['manager'][m])
[Mon Mar 19 08:39:07 2012] [error]   File "/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py", line 490, in get_primary_key_from_dn
[Mon Mar 19 08:39:07 2012] [error]     return dn[self.primary_key.name]
[Mon Mar 19 08:39:07 2012] [error]   File "/usr/lib/python2.6/site-packages/ipalib/dn.py", line 1137, in __getitem__
[Mon Mar 19 08:39:07 2012] [error]     raise KeyError("\\"%s\\" not found in %s" % (key, self.__str__()))
[Mon Mar 19 08:39:07 2012] [error] KeyError: '"uid" not found in cn=Blakeley Sokyrko,ou=People,dc=example,dc=com'
[Mon Mar 19 08:39:07 2012] [error] ipa: INFO: admin: user_show(u'zonda_logarajah', rights=False, all=True, raw=False, version=u'2.30'): KeyError
~

Can you do an ldapsearch for this user and give the results?

I'm guessing we aren't creating the new dn correctly, the search output will confirm it.

User in IPA ::

dn: uid=zonda_logarajah,cn=users,cn=accounts,dc=testrelm,dc=com
telephoneNumber: +1 818 862-4100
cn: Zonda Logarajah
manager: cn=Blakeley Sokyrko,ou=People,dc=example,dc=com
homeDirectory: /home/Zonda_Logarajah
krbPrincipalName: zonda_logarajah
uid: Zonda_Logarajah
title: Master Payroll Sales Rep
facsimileTelephoneNumber: +1 510 887-2730
uidNumber: 10034
mail: Zonda_Logarajah
employeeType: Temp
description: This is Zonda Logarajah's description
roomNumber: 8582
carLicense: RITUXZ3
postalAddress: example.com, Payroll Dept #954, Room#641
givenName: Zonda
pager: +1 714 321-7999
departmentNumber: 6182
objectClass: krbticketpolicyaux
objectClass: ipaobject
objectClass: organizationalperson
objectClass: top
objectClass: ipasshuser
objectClass: inetorgperson
objectClass: person
objectClass: inetuser
objectClass: krbprincipalaux
objectClass: posixaccount
objectClass: ipaSshGroupOfPubKeys
objectClass: mepOriginEntry
l: San Mateo
mobile: +1 303 719-8147
gidNumber: 20034
sn: Logarajah
ou: Payroll
secretary: cn=Connie Mulqueen,ou=People,dc=example,dc=com
homePhone: +1 206 130-6522
initials: Z. L.
userPassword:: e1NTSEF9Vk1oY2toQVhrd2owSUxXTFRVQnNlUmlLWGpseGdPUW5nbkpNQ0E9PQ=
 =
ipaUniqueID: 049d1c22-6f9b-11e1-b98b-5254009e206c
mepManagedEntry: cn=Zonda_Logarajah,cn=groups,cn=accounts,dc=testrelm,dc=com
memberOf: cn=ipausers,cn=groups,cn=accounts,dc=testrelm,dc=com

User's private group ...

dn: cn=Zonda_Logarajah,cn=groups,cn=accounts,dc=testrelm,dc=com
objectClass: posixgroup
objectClass: ipaobject
objectClass: mepManagedEntry
objectClass: top
cn: Zonda_Logarajah
gidNumber: 10034
description: User private group for Zonda_Logarajah
mepManagedBy: uid=zonda_logarajah,cn=users,cn=accounts,dc=testrelm,dc=com
ipaUniqueID: 04a0bd00-6f9b-11e1-b98b-5254009e206c

# search result
search: 2
result: 0 Success


Note:  user's gidnumber does not match user's private group gidnumber and gid number 20034 does not exist

(In reply to comment #0)
> Description of problem:
> 
> After migration of users and groups from 389 directory server, get errors
> viewing users and group members from the WebUI.  Not all attributes are
> viewable.
> 
> Example User from directory server ::
> 
> dn: cn=Darcee Leeson,ou=People,dc=example,dc=com
> carLicense: 2CGORU4
> cn: Darcee Leeson
> departmentNumber: 9466
> description: This is Darcee Leeson's description
> employeeType: Normal
> facsimileTelephoneNumber: +1 408 553-4571
> givenName: Darcee
> homePhone: +1 206 217-8241
> initials: D. L.
> l: Sunnyvale
> mail: Darcee_Leeson
> manager: cn=Mollee Weisenberg,ou=People,dc=example,dc=com
> mobile: +1 818 264-2444
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: posixAccount
> ou: Product Testing
> pager: +1 510 405-3251
> postalAddress: example.com, Product Testing Dept #795, Room#250
> roomNumber: 9844
> secretary: cn=Ayaz Kreiger,ou=People,dc=example,dc=com
> sn: Leeson
> telephoneNumber: +1 804 913-8558
> title: Supreme Product Testing Visionary
> uid: Darcee_Leeson
> uidNumber: 11731
> gidNumber: 21731
> homeDirectory: /home/Darcee_Leeson
> userPassword:: e1NTSEF9VzMySTlBaFBkT0dMa201QU9DQThobW5LSC9RV296RWpCMFJ6TXc9PQ=
>  =
> 
> Example of user in IPA from CLI after migration ::
> 
> # ipa user-find Darcee_Leeson
> --------------
> 1 user matched
> --------------
>   User login: Darcee_Leeson
>   First name: Darcee
>   Last name: Leeson
>   Home directory: /home/Darcee_Leeson
>   Email address: Darcee_Leeson
>   UID: 11731
>   GID: 21731
>   Telephone Number: +1 804 913-8558
>   Job Title: Supreme Product Testing Visionary
>   Account disabled: False
>   Password: True
>   Kerberos keys available: False
> 
> 
> Example group from 389 directory server ::
> 
> dn: cn=Accounting,ou=Groups,dc=example,dc=com
> objectClass: top
> objectClass: inetuser
> objectClass: groupofnames
> objectClass: posixGroup
> cn: Accounting
> member: cn=Gabbie Sarubbi,ou=People,dc=example,dc=com
> member: cn=Klara Eswara,ou=People,dc=example,dc=com
> member: cn=Tomasina Kowalsky,ou=People,dc=example,dc=com
> member: cn=Merilyn Upton,ou=People,dc=example,dc=com
> member: cn=Cang Keighley,ou=People,dc=example,dc=com
> member: cn=Idette Risler,ou=People,dc=example,dc=com
> member: cn=Leanora Corless,ou=People,dc=example,dc=com
> member: cn=Scarlet Witt,ou=People,dc=example,dc=com
> member: cn=Laurene Kindem,ou=People,dc=example,dc=com
> member: cn=Kin-Wai Wennerstrom,ou=People,dc=example,dc=com
> member: cn=Saeed Dehghan,ou=People,dc=example,dc=com
> member: cn=Dalenna Spann,ou=People,dc=example,dc=com
> member: cn=Lonee Praeuner,ou=People,dc=example,dc=com
> member: cn=Clemence Royle,ou=People,dc=example,dc=com
> member: cn=Christan Propes,ou=People,dc=example,dc=com
> member: cn=Blondelle Rabiasz,ou=People,dc=example,dc=com
> member: cn=Loesje Sparkes,ou=People,dc=example,dc=com
> member: cn=Gwynith Leigh,ou=People,dc=example,dc=com
> member: cn=Ella Markell,ou=People,dc=example,dc=com
> member: cn=Gretchen Lightowler,ou=People,dc=example,dc=com
> member: cn=Briney Hollingsworth,ou=People,dc=example,dc=com
> member: cn=Roxy Winlow,ou=People,dc=example,dc=com
> member: cn=Maycel Kardos,ou=People,dc=example,dc=com
> member: cn=Marybeth Fuson,ou=People,dc=example,dc=com
> member: cn=Frederick Vinnell,ou=People,dc=example,dc=com
> member: cn=Janusz Fussell,ou=People,dc=example,dc=com
> member: cn=Lorenzo Wilczewski,ou=People,dc=example,dc=com
> ............
> 
> Example of group from IPA after migration ::
> 
> # ipa group-find accounting
> ----------------
> 2 groups matched
> ----------------
>   Group name: Accounting
>   GID: 30000
>   Member users: Gabbie Sarubbi, Klara Eswara, Tomasina Kowalsky, Merilyn Upton,
> Cang Keighley, Idette Risler, Leanora Corless, Scarlet Witt, Laurene
>                 Kindem, Kin-Wai Wennerstrom, Saeed Dehghan, Dalenna Spann,
> Lonee Praeuner, Clemence Royle, Christan Propes, Blondelle Rabiasz, Loesje
>                 Sparkes, Gwynith Leigh, Ella Markell, Gretchen Lightowler,
> Briney Hollingsworth, Roxy Winlow, Maycel Kardos, Marybeth Fuson, Frederick
>                 Vinnell, Janusz Fussell, Lorenzo Wilczewski, Avie Pouliot
> 
>   Group name: Accounting Managers
>   Description: People who can manage accounting entries
> ----------------------------
> Number of entries returned 2
> ----------------------------
> 
> 
> PLEASE NOTE :: 2 entries noted ... one returned

opps ... there are two entries returned ... pls disregard the comment!

> 
> Version-Release number of selected component (if applicable):
> ipa-server-2.2.0-4.el6.x86_64
> 
> How reproducible:
> 
> 
> Steps to Reproduce:
> 1. ipa migrate-ds ldap://389server.hostname
> 2. launch WebUI, view users and group members
> 3.
> 
> Actual results:
> 
> 
> Expected results:
> 
> 
> Additional info:
> 
> Please see attached screen shots

Upstream ticket:
https://fedorahosted.org/freeipa/ticket/2562

automated results ::

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: bz804609 Internal Server Error - non-posix user-show --all
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   FAIL   ] :: Show migrated non-posix user (Expected 0, got 1)
:: [   FAIL   ] :: File '/tmp/bz804609.out' should not contain 'ipa: ERROR: an internal error has occurred' 
:: [   LOG    ] :: Duration: 20s
:: [   LOG    ] :: Assertions: 0 good, 2 bad
:: [   FAIL   ] :: RESULT: bz804609 Internal Server Error - non-posix user-show --all

I believe the problem is we aren't updating dn entries within a user. You'll notice that manager and secretary point still refer to ou=People.

In your original data what group has gidNumber 20034?

yes, the output in comment #6 shows the user in ldap with gidNumber: 20034

I want to see the group itself. Was this group migrated?

nope - not that matches that gidNumber :-(

Fixed upstream:
master: https://fedorahosted.org/freeipa/changeset/b9c3eb79a953fc20e148d518babf84925524f712
https://fedorahosted.org/freeipa/changeset/98a99cbca894b6122377976e51567d65513635e7

ipa-2-2: https://fedorahosted.org/freeipa/changeset/4e0e0fd3596bb5d8b7917f4ba8d78ce4636b988a
https://fedorahosted.org/freeipa/changeset/0b5c853a0f7c4f2cbc74d6b9ed1bf5c97e79e3d6

verified ::
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: bz804609 Internal Server Error - non-posix user-show --all
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Show migrated non-posix user
:: [   PASS   ] :: File '/tmp/bz804609.out' should not contain 'ipa: ERROR: an internal error has occurred'
:: [   LOG    ] :: Duration: 26s
:: [   LOG    ] :: Assertions: 2 good, 0 bad
:: [   PASS   ] :: RESULT: bz804609 Internal Server Error - non-posix user-show --all

No errors from WebUI and all user attributes are visible now from UI and CLI

version ::
ipa-server.x86_64 0:2.2.0-7.el6

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
No documentation needed.

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0819.html