Bug 817885

Summary: Internal error : ipa config-mod addattr on user and group objectclasses
Product: Red Hat Enterprise Linux 6 Reporter: Jenny Severance <jgalipea>
Component: ipaAssignee: Rob Crittenden <rcritten>
Status: CLOSED ERRATA QA Contact: Namita Soman <nsoman>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.3CC: mkosek
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-3.0.0-1.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-02-21 09:12:39 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jenny Severance 2012-05-01 17:14:24 UTC 
Description of problem:

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Add additional allowed user object class
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

ipa: ERROR: an internal error has occurred
:: [   FAIL   ] :: Add additional allowed objectclass (Expected 0, got 1)
:: [   FAIL   ] :: User object classes not as expected. 
ipa: ERROR: ipauserobjectclasses does not contain 'sambasamaccount'
:: [   FAIL   ] :: Running 'ipa config-mod
--delattr=ipauserobjectclasses=sambasamaccount' (Expected 0, got 1)

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Add additional allowed group object class
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

ipa: ERROR: an internal error has occurred
:: [   FAIL   ] :: Add additional allowed objectclass (Expected 0, got 1)
:: [   FAIL   ] :: Group objectclasses not as expected. 
ipa: ERROR: ipagroupobjectclasses does not contain 'posixgroup'
:: [   FAIL   ] :: Running 'ipa config-mod
--delattr=ipagroupobjectclasses=posixgroup' (Expected 0, got 1)


/var/log/httpd/error_log ::
[Tue May 01 10:13:16 2012] [error] ipa: INFO: admin:
group_del((u'mygroup',), continue=False): SUCCESS
[Tue May 01 10:14:44 2012] [error] ipa: ERROR: non-public: TypeError: can only
concatenate tuple (not "list") to tuple
[Tue May 01 10:14:44 2012] [error] Traceback (most recent call last):
[Tue May 01 10:14:44 2012] [error]   File
"/usr/lib/python2.6/site-packages/ipaserver/rpcserver.py", line 320, in
wsgi_execute
[Tue May 01 10:14:44 2012] [error]     result = self.Command[name](*args,
**options)
[Tue May 01 10:14:44 2012] [error]   File
"/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 438, in __call__
[Tue May 01 10:14:44 2012] [error]     ret = self.run(*args, **options)
[Tue May 01 10:14:44 2012] [error]   File
"/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 716, in run
[Tue May 01 10:14:44 2012] [error]     return self.execute(*args, **options)
[Tue May 01 10:14:44 2012] [error]   File
"/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py", line 1278, in
execute
[Tue May 01 10:14:44 2012] [error]     ldap, dn, entry_attrs, attrs_list,
*keys, **options
[Tue May 01 10:14:44 2012] [error]   File
"/usr/lib/python2.6/site-packages/ipalib/plugins/config.py", line 233, in
pre_callback
[Tue May 01 10:14:44 2012] [error]     +
self.api.Object[obj].possible_objectclasses))
[Tue May 01 10:14:44 2012] [error] TypeError: can only concatenate tuple (not
"list") to tuple
[Tue May 01 10:14:44 2012] [error] ipa: INFO: admin:
config_mod(addattr=(u'ipauserobjectclasses=sambasamaccount',), rights=False,
all=False, raw=False, version=u'2.34'): TypeError
[Tue May 01 10:15:33 2012] [error] ipa: ERROR: non-public: TypeError: can only
concatenate tuple (not "list") to tuple
[Tue May 01 10:15:33 2012] [error] Traceback (most recent call last):
[Tue May 01 10:15:33 2012] [error]   File
"/usr/lib/python2.6/site-packages/ipaserver/rpcserver.py", line 320, in
wsgi_execute
[Tue May 01 10:15:33 2012] [error]     result = self.Command[name](*args,
**options)
[Tue May 01 10:15:33 2012] [error]   File
"/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 438, in __call__
[Tue May 01 10:15:33 2012] [error]     ret = self.run(*args, **options)
[Tue May 01 10:15:33 2012] [error]   File
"/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 716, in run
[Tue May 01 10:15:33 2012] [error]     return self.execute(*args, **options)
[Tue May 01 10:15:33 2012] [error]   File
"/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py", line 1278, in
execute
[Tue May 01 10:15:33 2012] [error]     ldap, dn, entry_attrs, attrs_list,
*keys, **options
[Tue May 01 10:15:33 2012] [error]   File
"/usr/lib/python2.6/site-packages/ipalib/plugins/config.py", line 233, in
pre_callback
[Tue May 01 10:15:33 2012] [error]     +
self.api.Object[obj].possible_objectclasses))
[Tue May 01 10:15:33 2012] [error] TypeError: can only concatenate tuple (not
"list") to tuple


Version-Release number of selected component (if applicable):
ipa-server-2.2.0-11.el6

How reproducible:


Steps to Reproduce:
1.  see description
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Martin Kosek 2012-05-02 06:56:21 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/2706
Comment 2 Martin Kosek 2012-05-09 07:55:15 UTC 
Fixed upstream:
master: https://fedorahosted.org/freeipa/changeset/c02fcf5d34ad880e082cbc0c7f59fc3812d11c9e
Comment 5 Namita Soman 2013-01-15 03:10:57 UTC 
Verified using ipa-server-3.0.0-20.el6.x86_64


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Add additional allowed user object class
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

  Maximum username length: 32
  Home directory base: /home
  Default shell: /bin/sh
  Default users group: ipausers
  Default e-mail domain: testrelm.com
  Search time limit: 2
  Search size limit: 100
  User search fields: uid,givenname,sn,telephonenumber,ou,title
  Group search fields: cn,description
  Enable migration mode: TRUE
  Certificate Subject base: O=TESTRELM.COM
  Default user objectclasses: top, person, organizationalperson, inetorgperson, inetuser, posixaccount, krbprincipalaux, krbticketpolicyaux,
                              ipaobject, ipasshuser, sambasamaccount
  Password Expiration Notification (days): 4
  Password plugin features: AllowNThash
  SELinux user map order: guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023
  Default SELinux user: unconfined_u:s0-s0:c0.c1023
  Default PAC types: MS-PAC
:: [   PASS   ] :: Add additional allowed objectclass
  Default user objectclasses: top, person, organizationalperson, inetorgperson, inetuser, posixaccount, krbprincipalaux, krbticketpolicyaux, ipaobject, ipasshuser, sambasamaccount
:: [   PASS   ] :: Additional user objectclass successfully added.
  Maximum username length: 32
  Home directory base: /home
  Default shell: /bin/sh
  Default users group: ipausers
  Default e-mail domain: testrelm.com
  Search time limit: 2
  Search size limit: 100
  User search fields: uid,givenname,sn,telephonenumber,ou,title
  Group search fields: cn,description
  Enable migration mode: TRUE
  Certificate Subject base: O=TESTRELM.COM
  Default user objectclasses: top, person, organizationalperson, inetorgperson, inetuser, posixaccount, krbprincipalaux, krbticketpolicyaux,
                              ipaobject, ipasshuser
  Password Expiration Notification (days): 4
  Password plugin features: AllowNThash
  SELinux user map order: guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023
  Default SELinux user: unconfined_u:s0-s0:c0.c1023
  Default PAC types: MS-PAC
:: [   PASS   ] :: Running 'ipa config-mod --delattr=ipauserobjectclasses=sambasamaccount'

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Add additional allowed group object class
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

  Maximum username length: 32
  Home directory base: /home
  Default shell: /bin/sh
  Default users group: ipausers
  Default e-mail domain: testrelm.com
  Search time limit: 2
  Search size limit: 100
  User search fields: uid,givenname,sn,telephonenumber,ou,title
  Group search fields: cn,description
  Enable migration mode: TRUE
  Certificate Subject base: O=TESTRELM.COM
  Default group objectclasses: top, groupofnames, nestedgroup, ipausergroup, ipaobject, posixgroup
  Password Expiration Notification (days): 4
  Password plugin features: AllowNThash
  SELinux user map order: guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023
  Default SELinux user: unconfined_u:s0-s0:c0.c1023
  Default PAC types: MS-PAC
:: [   PASS   ] :: Add additional allowed objectclass
  Default group objectclasses: top, groupofnames, nestedgroup, ipausergroup, ipaobject, posixgroup
:: [   PASS   ] :: Additional group objectclass successfully added.
  Maximum username length: 32
  Home directory base: /home
  Default shell: /bin/sh
  Default users group: ipausers
  Default e-mail domain: testrelm.com
  Search time limit: 2
  Search size limit: 100
  User search fields: uid,givenname,sn,telephonenumber,ou,title
  Group search fields: cn,description
  Enable migration mode: TRUE
  Certificate Subject base: O=TESTRELM.COM
  Default group objectclasses: top, groupofnames, nestedgroup, ipausergroup, ipaobject
  Password Expiration Notification (days): 4
  Password plugin features: AllowNThash
  SELinux user map order: guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023
  Default SELinux user: unconfined_u:s0-s0:c0.c1023
  Default PAC types: MS-PAC
:: [   PASS   ] :: Running 'ipa config-mod --delattr=ipagroupobjectclasses=posixgroup'
Comment 7 errata-xmlrpc 2013-02-21 09:12:39 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0528.html