Bug 804609
| Summary: | Issues with DS migrated Users | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Jenny Severance <jgalipea> | ||||||||
| Component: | ipa | Assignee: | Rob Crittenden <rcritten> | ||||||||
| Status: | CLOSED ERRATA | QA Contact: | IDM QE LIST <seceng-idm-qe-list> | ||||||||
| Severity: | unspecified | Docs Contact: | |||||||||
| Priority: | high | ||||||||||
| Version: | 6.3 | CC: | mkosek | ||||||||
| Target Milestone: | rc | ||||||||||
| Target Release: | 6.3 | ||||||||||
| Hardware: | Unspecified | ||||||||||
| OS: | Unspecified | ||||||||||
| Whiteboard: | |||||||||||
| Fixed In Version: | ipa-2.2.0-6.el6 | Doc Type: | Bug Fix | ||||||||
| Doc Text: |
No documentation needed.
|
Story Points: | --- | ||||||||
| Clone Of: | Environment: | ||||||||||
| Last Closed: | 2012-06-20 13:25:02 UTC | Type: | --- | ||||||||
| Regression: | --- | Mount Type: | --- | ||||||||
| Documentation: | --- | CRM: | |||||||||
| Verified Versions: | Category: | --- | |||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||
| Embargoed: | |||||||||||
| Attachments: |
|
||||||||||
Created attachment 571098 [details]
screen shot 1
Created attachment 571099 [details]
screen shot 2
Created attachment 571100 [details]
screen shot 3
Not just a UI issue ...
# ipa user-show --all Zonda_Logarajah
ipa: ERROR: an internal error has occurred
[Mon Mar 19 08:39:07 2012] [error] ipa: ERROR: non-public: KeyError: '"uid" not found in cn=Blakeley Sokyrko,ou=People,dc=example,dc=com'
[Mon Mar 19 08:39:07 2012] [error] Traceback (most recent call last):
[Mon Mar 19 08:39:07 2012] [error] File "/usr/lib/python2.6/site-packages/ipaserver/rpcserver.py", line 315, in wsgi_execute
[Mon Mar 19 08:39:07 2012] [error] result = self.Command[name](*args, **options)
[Mon Mar 19 08:39:07 2012] [error] File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 438, in __call__
[Mon Mar 19 08:39:07 2012] [error] ret = self.run(*args, **options)
[Mon Mar 19 08:39:07 2012] [error] File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 696, in run
[Mon Mar 19 08:39:07 2012] [error] return self.execute(*args, **options)
[Mon Mar 19 08:39:07 2012] [error] File "/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py", line 1142, in execute
[Mon Mar 19 08:39:07 2012] [error] dn = callback(ldap, dn, entry_attrs, *keys, **options)
[Mon Mar 19 08:39:07 2012] [error] File "/usr/lib/python2.6/site-packages/ipalib/plugins/user.py", line 629, in post_callback
[Mon Mar 19 08:39:07 2012] [error] self.obj._convert_manager(entry_attrs, **options)
[Mon Mar 19 08:39:07 2012] [error] File "/usr/lib/python2.6/site-packages/ipalib/plugins/user.py", line 396, in _convert_manager
[Mon Mar 19 08:39:07 2012] [error] entry_attrs['manager'][m] = self.get_primary_key_from_dn(entry_attrs['manager'][m])
[Mon Mar 19 08:39:07 2012] [error] File "/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py", line 490, in get_primary_key_from_dn
[Mon Mar 19 08:39:07 2012] [error] return dn[self.primary_key.name]
[Mon Mar 19 08:39:07 2012] [error] File "/usr/lib/python2.6/site-packages/ipalib/dn.py", line 1137, in __getitem__
[Mon Mar 19 08:39:07 2012] [error] raise KeyError("\\"%s\\" not found in %s" % (key, self.__str__()))
[Mon Mar 19 08:39:07 2012] [error] KeyError: '"uid" not found in cn=Blakeley Sokyrko,ou=People,dc=example,dc=com'
[Mon Mar 19 08:39:07 2012] [error] ipa: INFO: admin: user_show(u'zonda_logarajah', rights=False, all=True, raw=False, version=u'2.30'): KeyError
~
Can you do an ldapsearch for this user and give the results? I'm guessing we aren't creating the new dn correctly, the search output will confirm it. User in IPA :: dn: uid=zonda_logarajah,cn=users,cn=accounts,dc=testrelm,dc=com telephoneNumber: +1 818 862-4100 cn: Zonda Logarajah manager: cn=Blakeley Sokyrko,ou=People,dc=example,dc=com homeDirectory: /home/Zonda_Logarajah krbPrincipalName: zonda_logarajah uid: Zonda_Logarajah title: Master Payroll Sales Rep facsimileTelephoneNumber: +1 510 887-2730 uidNumber: 10034 mail: Zonda_Logarajah employeeType: Temp description: This is Zonda Logarajah's description roomNumber: 8582 carLicense: RITUXZ3 postalAddress: example.com, Payroll Dept #954, Room#641 givenName: Zonda pager: +1 714 321-7999 departmentNumber: 6182 objectClass: krbticketpolicyaux objectClass: ipaobject objectClass: organizationalperson objectClass: top objectClass: ipasshuser objectClass: inetorgperson objectClass: person objectClass: inetuser objectClass: krbprincipalaux objectClass: posixaccount objectClass: ipaSshGroupOfPubKeys objectClass: mepOriginEntry l: San Mateo mobile: +1 303 719-8147 gidNumber: 20034 sn: Logarajah ou: Payroll secretary: cn=Connie Mulqueen,ou=People,dc=example,dc=com homePhone: +1 206 130-6522 initials: Z. L. userPassword:: e1NTSEF9Vk1oY2toQVhrd2owSUxXTFRVQnNlUmlLWGpseGdPUW5nbkpNQ0E9PQ= = ipaUniqueID: 049d1c22-6f9b-11e1-b98b-5254009e206c mepManagedEntry: cn=Zonda_Logarajah,cn=groups,cn=accounts,dc=testrelm,dc=com memberOf: cn=ipausers,cn=groups,cn=accounts,dc=testrelm,dc=com User's private group ... dn: cn=Zonda_Logarajah,cn=groups,cn=accounts,dc=testrelm,dc=com objectClass: posixgroup objectClass: ipaobject objectClass: mepManagedEntry objectClass: top cn: Zonda_Logarajah gidNumber: 10034 description: User private group for Zonda_Logarajah mepManagedBy: uid=zonda_logarajah,cn=users,cn=accounts,dc=testrelm,dc=com ipaUniqueID: 04a0bd00-6f9b-11e1-b98b-5254009e206c # search result search: 2 result: 0 Success Note: user's gidnumber does not match user's private group gidnumber and gid number 20034 does not exist (In reply to comment #0) > Description of problem: > > After migration of users and groups from 389 directory server, get errors > viewing users and group members from the WebUI. Not all attributes are > viewable. > > Example User from directory server :: > > dn: cn=Darcee Leeson,ou=People,dc=example,dc=com > carLicense: 2CGORU4 > cn: Darcee Leeson > departmentNumber: 9466 > description: This is Darcee Leeson's description > employeeType: Normal > facsimileTelephoneNumber: +1 408 553-4571 > givenName: Darcee > homePhone: +1 206 217-8241 > initials: D. L. > l: Sunnyvale > mail: Darcee_Leeson > manager: cn=Mollee Weisenberg,ou=People,dc=example,dc=com > mobile: +1 818 264-2444 > objectClass: top > objectClass: person > objectClass: organizationalPerson > objectClass: inetOrgPerson > objectClass: posixAccount > ou: Product Testing > pager: +1 510 405-3251 > postalAddress: example.com, Product Testing Dept #795, Room#250 > roomNumber: 9844 > secretary: cn=Ayaz Kreiger,ou=People,dc=example,dc=com > sn: Leeson > telephoneNumber: +1 804 913-8558 > title: Supreme Product Testing Visionary > uid: Darcee_Leeson > uidNumber: 11731 > gidNumber: 21731 > homeDirectory: /home/Darcee_Leeson > userPassword:: e1NTSEF9VzMySTlBaFBkT0dMa201QU9DQThobW5LSC9RV296RWpCMFJ6TXc9PQ= > = > > Example of user in IPA from CLI after migration :: > > # ipa user-find Darcee_Leeson > -------------- > 1 user matched > -------------- > User login: Darcee_Leeson > First name: Darcee > Last name: Leeson > Home directory: /home/Darcee_Leeson > Email address: Darcee_Leeson > UID: 11731 > GID: 21731 > Telephone Number: +1 804 913-8558 > Job Title: Supreme Product Testing Visionary > Account disabled: False > Password: True > Kerberos keys available: False > > > Example group from 389 directory server :: > > dn: cn=Accounting,ou=Groups,dc=example,dc=com > objectClass: top > objectClass: inetuser > objectClass: groupofnames > objectClass: posixGroup > cn: Accounting > member: cn=Gabbie Sarubbi,ou=People,dc=example,dc=com > member: cn=Klara Eswara,ou=People,dc=example,dc=com > member: cn=Tomasina Kowalsky,ou=People,dc=example,dc=com > member: cn=Merilyn Upton,ou=People,dc=example,dc=com > member: cn=Cang Keighley,ou=People,dc=example,dc=com > member: cn=Idette Risler,ou=People,dc=example,dc=com > member: cn=Leanora Corless,ou=People,dc=example,dc=com > member: cn=Scarlet Witt,ou=People,dc=example,dc=com > member: cn=Laurene Kindem,ou=People,dc=example,dc=com > member: cn=Kin-Wai Wennerstrom,ou=People,dc=example,dc=com > member: cn=Saeed Dehghan,ou=People,dc=example,dc=com > member: cn=Dalenna Spann,ou=People,dc=example,dc=com > member: cn=Lonee Praeuner,ou=People,dc=example,dc=com > member: cn=Clemence Royle,ou=People,dc=example,dc=com > member: cn=Christan Propes,ou=People,dc=example,dc=com > member: cn=Blondelle Rabiasz,ou=People,dc=example,dc=com > member: cn=Loesje Sparkes,ou=People,dc=example,dc=com > member: cn=Gwynith Leigh,ou=People,dc=example,dc=com > member: cn=Ella Markell,ou=People,dc=example,dc=com > member: cn=Gretchen Lightowler,ou=People,dc=example,dc=com > member: cn=Briney Hollingsworth,ou=People,dc=example,dc=com > member: cn=Roxy Winlow,ou=People,dc=example,dc=com > member: cn=Maycel Kardos,ou=People,dc=example,dc=com > member: cn=Marybeth Fuson,ou=People,dc=example,dc=com > member: cn=Frederick Vinnell,ou=People,dc=example,dc=com > member: cn=Janusz Fussell,ou=People,dc=example,dc=com > member: cn=Lorenzo Wilczewski,ou=People,dc=example,dc=com > ............ > > Example of group from IPA after migration :: > > # ipa group-find accounting > ---------------- > 2 groups matched > ---------------- > Group name: Accounting > GID: 30000 > Member users: Gabbie Sarubbi, Klara Eswara, Tomasina Kowalsky, Merilyn Upton, > Cang Keighley, Idette Risler, Leanora Corless, Scarlet Witt, Laurene > Kindem, Kin-Wai Wennerstrom, Saeed Dehghan, Dalenna Spann, > Lonee Praeuner, Clemence Royle, Christan Propes, Blondelle Rabiasz, Loesje > Sparkes, Gwynith Leigh, Ella Markell, Gretchen Lightowler, > Briney Hollingsworth, Roxy Winlow, Maycel Kardos, Marybeth Fuson, Frederick > Vinnell, Janusz Fussell, Lorenzo Wilczewski, Avie Pouliot > > Group name: Accounting Managers > Description: People who can manage accounting entries > ---------------------------- > Number of entries returned 2 > ---------------------------- > > > PLEASE NOTE :: 2 entries noted ... one returned opps ... there are two entries returned ... pls disregard the comment! > > Version-Release number of selected component (if applicable): > ipa-server-2.2.0-4.el6.x86_64 > > How reproducible: > > > Steps to Reproduce: > 1. ipa migrate-ds ldap://389server.hostname > 2. launch WebUI, view users and group members > 3. > > Actual results: > > > Expected results: > > > Additional info: > > Please see attached screen shots Upstream ticket: https://fedorahosted.org/freeipa/ticket/2562 automated results :: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: bz804609 Internal Server Error - non-posix user-show --all :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ FAIL ] :: Show migrated non-posix user (Expected 0, got 1) :: [ FAIL ] :: File '/tmp/bz804609.out' should not contain 'ipa: ERROR: an internal error has occurred' :: [ LOG ] :: Duration: 20s :: [ LOG ] :: Assertions: 0 good, 2 bad :: [ FAIL ] :: RESULT: bz804609 Internal Server Error - non-posix user-show --all I believe the problem is we aren't updating dn entries within a user. You'll notice that manager and secretary point still refer to ou=People. In your original data what group has gidNumber 20034? yes, the output in comment #6 shows the user in ldap with gidNumber: 20034 I want to see the group itself. Was this group migrated? nope - not that matches that gidNumber :-( Fixed upstream: master: https://fedorahosted.org/freeipa/changeset/b9c3eb79a953fc20e148d518babf84925524f712 https://fedorahosted.org/freeipa/changeset/98a99cbca894b6122377976e51567d65513635e7 ipa-2-2: https://fedorahosted.org/freeipa/changeset/4e0e0fd3596bb5d8b7917f4ba8d78ce4636b988a https://fedorahosted.org/freeipa/changeset/0b5c853a0f7c4f2cbc74d6b9ed1bf5c97e79e3d6 verified :: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: bz804609 Internal Server Error - non-posix user-show --all :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ PASS ] :: Show migrated non-posix user :: [ PASS ] :: File '/tmp/bz804609.out' should not contain 'ipa: ERROR: an internal error has occurred' :: [ LOG ] :: Duration: 26s :: [ LOG ] :: Assertions: 2 good, 0 bad :: [ PASS ] :: RESULT: bz804609 Internal Server Error - non-posix user-show --all No errors from WebUI and all user attributes are visible now from UI and CLI version :: ipa-server.x86_64 0:2.2.0-7.el6
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
New Contents:
No documentation needed.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0819.html |
Description of problem: After migration of users and groups from 389 directory server, get errors viewing users and group members from the WebUI. Not all attributes are viewable. Example User from directory server :: dn: cn=Darcee Leeson,ou=People,dc=example,dc=com carLicense: 2CGORU4 cn: Darcee Leeson departmentNumber: 9466 description: This is Darcee Leeson's description employeeType: Normal facsimileTelephoneNumber: +1 408 553-4571 givenName: Darcee homePhone: +1 206 217-8241 initials: D. L. l: Sunnyvale mail: Darcee_Leeson manager: cn=Mollee Weisenberg,ou=People,dc=example,dc=com mobile: +1 818 264-2444 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount ou: Product Testing pager: +1 510 405-3251 postalAddress: example.com, Product Testing Dept #795, Room#250 roomNumber: 9844 secretary: cn=Ayaz Kreiger,ou=People,dc=example,dc=com sn: Leeson telephoneNumber: +1 804 913-8558 title: Supreme Product Testing Visionary uid: Darcee_Leeson uidNumber: 11731 gidNumber: 21731 homeDirectory: /home/Darcee_Leeson userPassword:: e1NTSEF9VzMySTlBaFBkT0dMa201QU9DQThobW5LSC9RV296RWpCMFJ6TXc9PQ= = Example of user in IPA from CLI after migration :: # ipa user-find Darcee_Leeson -------------- 1 user matched -------------- User login: Darcee_Leeson First name: Darcee Last name: Leeson Home directory: /home/Darcee_Leeson Email address: Darcee_Leeson UID: 11731 GID: 21731 Telephone Number: +1 804 913-8558 Job Title: Supreme Product Testing Visionary Account disabled: False Password: True Kerberos keys available: False Example group from 389 directory server :: dn: cn=Accounting,ou=Groups,dc=example,dc=com objectClass: top objectClass: inetuser objectClass: groupofnames objectClass: posixGroup cn: Accounting member: cn=Gabbie Sarubbi,ou=People,dc=example,dc=com member: cn=Klara Eswara,ou=People,dc=example,dc=com member: cn=Tomasina Kowalsky,ou=People,dc=example,dc=com member: cn=Merilyn Upton,ou=People,dc=example,dc=com member: cn=Cang Keighley,ou=People,dc=example,dc=com member: cn=Idette Risler,ou=People,dc=example,dc=com member: cn=Leanora Corless,ou=People,dc=example,dc=com member: cn=Scarlet Witt,ou=People,dc=example,dc=com member: cn=Laurene Kindem,ou=People,dc=example,dc=com member: cn=Kin-Wai Wennerstrom,ou=People,dc=example,dc=com member: cn=Saeed Dehghan,ou=People,dc=example,dc=com member: cn=Dalenna Spann,ou=People,dc=example,dc=com member: cn=Lonee Praeuner,ou=People,dc=example,dc=com member: cn=Clemence Royle,ou=People,dc=example,dc=com member: cn=Christan Propes,ou=People,dc=example,dc=com member: cn=Blondelle Rabiasz,ou=People,dc=example,dc=com member: cn=Loesje Sparkes,ou=People,dc=example,dc=com member: cn=Gwynith Leigh,ou=People,dc=example,dc=com member: cn=Ella Markell,ou=People,dc=example,dc=com member: cn=Gretchen Lightowler,ou=People,dc=example,dc=com member: cn=Briney Hollingsworth,ou=People,dc=example,dc=com member: cn=Roxy Winlow,ou=People,dc=example,dc=com member: cn=Maycel Kardos,ou=People,dc=example,dc=com member: cn=Marybeth Fuson,ou=People,dc=example,dc=com member: cn=Frederick Vinnell,ou=People,dc=example,dc=com member: cn=Janusz Fussell,ou=People,dc=example,dc=com member: cn=Lorenzo Wilczewski,ou=People,dc=example,dc=com ............ Example of group from IPA after migration :: # ipa group-find accounting ---------------- 2 groups matched ---------------- Group name: Accounting GID: 30000 Member users: Gabbie Sarubbi, Klara Eswara, Tomasina Kowalsky, Merilyn Upton, Cang Keighley, Idette Risler, Leanora Corless, Scarlet Witt, Laurene Kindem, Kin-Wai Wennerstrom, Saeed Dehghan, Dalenna Spann, Lonee Praeuner, Clemence Royle, Christan Propes, Blondelle Rabiasz, Loesje Sparkes, Gwynith Leigh, Ella Markell, Gretchen Lightowler, Briney Hollingsworth, Roxy Winlow, Maycel Kardos, Marybeth Fuson, Frederick Vinnell, Janusz Fussell, Lorenzo Wilczewski, Avie Pouliot Group name: Accounting Managers Description: People who can manage accounting entries ---------------------------- Number of entries returned 2 ---------------------------- PLEASE NOTE :: 2 entries noted ... one returned Version-Release number of selected component (if applicable): ipa-server-2.2.0-4.el6.x86_64 How reproducible: Steps to Reproduce: 1. ipa migrate-ds ldap://389server.hostname 2. launch WebUI, view users and group members 3. Actual results: Expected results: Additional info: Please see attached screen shots