Bug 891930
| Summary: | DNA plugin no longer reports additional info when range is depleted | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Martin Kosek <mkosek> |
| Component: | 389-ds-base | Assignee: | Rich Megginson <rmeggins> |
| Status: | CLOSED ERRATA | QA Contact: | Sankar Ramalingam <sramling> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.4 | CC: | jgalipea, nhosoi, nkinder, rcritten, spoore, tlavigne |
| Target Milestone: | rc | Keywords: | Regression |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | 389-ds-base-1.2.11.15-9.el6 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-02-21 08:21:55 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 895654 | ||
|
Description
Martin Kosek
2013-01-04 14:31:44 UTC
This regression is caused by a change that was made to have DNA allocate values at backend preop time (as opposed to the regular preop phase). I have a working patch that I will be sending out for review shortly. Upstream ticket: https://fedorahosted.org/389/ticket/549 Verified. Version :: 389-ds-base-1.2.11.15-9.el6.x86_64 Pre Test Setup :: [root@rhel6-2 install-server-cli]# ipa-server-install --setup-dns --forwarder=$DNSFORWARD -r $RELM -p $ADMINPW -P $ADMINPW -a $ADMINPW --idstart=5000 --idmax=5010 -U The log file for this installation can be found in /var/log/ipaserver-install.log ============================================================================== This program will set up the IPA Server. This includes: * Configure a stand-alone CA (dogtag) for certificate management * Configure the Network Time Daemon (ntpd) * Create and configure an instance of Directory Server * Create and configure a Kerberos Key Distribution Center (KDC) * Configure Apache (httpd) * Configure DNS (bind) To accept the default shown in brackets, press the Enter key. Warning: skipping DNS resolution of host rhel6-2.testrelm.com The domain name has been determined based on the host name. Using reverse zone 122.168.192.in-addr.arpa. The IPA Master Server will be configured with: Hostname: rhel6-2.testrelm.com IP address: 192.168.122.62 Domain name: testrelm.com Realm name: TESTRELM.COM BIND DNS server will be configured to serve IPA domain with: Forwarders: 192.168.122.1 Reverse zone: 122.168.192.in-addr.arpa. Configuring NTP daemon (ntpd) [1/4]: stopping ntpd [2/4]: writing configuration [3/4]: configuring ntpd to start on boot [4/4]: starting ntpd Done configuring NTP daemon (ntpd). Configuring directory server for the CA (pkids): Estimated time 30 seconds [1/3]: creating directory server user [2/3]: creating directory server instance [3/3]: restarting directory server Done configuring directory server for the CA (pkids). Configuring certificate server (pki-cad): Estimated time 3 minutes 30 seconds [1/21]: creating certificate server user [2/21]: creating pki-ca instance [3/21]: configuring certificate server instance [4/21]: disabling nonces [5/21]: creating CA agent PKCS#12 file in /root [6/21]: creating RA agent certificate database [7/21]: importing CA chain to RA certificate database [8/21]: fixing RA database permissions [9/21]: setting up signing cert profile [10/21]: set up CRL publishing [11/21]: set certificate subject base [12/21]: enabling Subject Key Identifier [13/21]: setting audit signing renewal to 2 years [14/21]: configuring certificate server to start on boot [15/21]: restarting certificate server [16/21]: requesting RA certificate from CA [17/21]: issuing RA agent certificate [18/21]: adding RA agent as a trusted user [19/21]: configure certificate renewals [20/21]: configure Server-Cert certificate renewal [21/21]: Configure HTTP to proxy connections Done configuring certificate server (pki-cad). Configuring directory server (dirsrv): Estimated time 1 minute [1/38]: creating directory server user [2/38]: creating directory server instance [3/38]: adding default schema [4/38]: enabling memberof plugin [5/38]: enabling winsync plugin [6/38]: configuring replication version plugin [7/38]: enabling IPA enrollment plugin [8/38]: enabling ldapi [9/38]: disabling betxn plugins [10/38]: configuring uniqueness plugin [11/38]: configuring uuid plugin [12/38]: configuring modrdn plugin [13/38]: enabling entryUSN plugin [14/38]: configuring lockout plugin [15/38]: creating indices [16/38]: enabling referential integrity plugin [17/38]: configuring ssl for ds instance [18/38]: configuring certmap.conf [19/38]: configure autobind for root [20/38]: configure new location for managed entries [21/38]: restarting directory server [22/38]: adding default layout [23/38]: adding delegation layout [24/38]: adding replication acis [25/38]: creating container for managed entries [26/38]: configuring user private groups [27/38]: configuring netgroups from hostgroups [28/38]: creating default Sudo bind user [29/38]: creating default Auto Member layout [30/38]: adding range check plugin [31/38]: creating default HBAC rule allow_all [32/38]: Upload CA cert to the directory [33/38]: initializing group membership [34/38]: adding master entry [35/38]: configuring Posix uid/gid generation [36/38]: enabling compatibility plugin [37/38]: tuning directory server [38/38]: configuring directory to start on boot Done configuring directory server (dirsrv). Configuring Kerberos KDC (krb5kdc): Estimated time 30 seconds [1/10]: adding sasl mappings to the directory [2/10]: adding kerberos container to the directory [3/10]: configuring KDC [4/10]: initialize kerberos container [5/10]: adding default ACIs [6/10]: creating a keytab for the directory [7/10]: creating a keytab for the machine [8/10]: adding the password extension to the directory [9/10]: starting the KDC [10/10]: configuring KDC to start on boot Done configuring Kerberos KDC (krb5kdc). Configuring kadmin [1/2]: starting kadmin [2/2]: configuring kadmin to start on boot Done configuring kadmin. Configuring ipa_memcached [1/2]: starting ipa_memcached [2/2]: configuring ipa_memcached to start on boot Done configuring ipa_memcached. Configuring the web interface (httpd): Estimated time 1 minute [1/13]: setting mod_nss port to 443 [2/13]: setting mod_nss password file [3/13]: enabling mod_nss renegotiate [4/13]: adding URL rewriting rules [5/13]: configuring httpd [6/13]: setting up ssl [7/13]: setting up browser autoconfig [8/13]: publish CA cert [9/13]: creating a keytab for httpd [10/13]: clean up any existing httpd ccache [11/13]: configuring SELinux for httpd [12/13]: restarting httpd [13/13]: configuring httpd to start on boot Done configuring the web interface (httpd). Applying LDAP updates Restarting the directory server Restarting the KDC Configuring DNS (named) [1/9]: adding DNS container [2/9]: setting up our zone [3/9]: setting up reverse zone [4/9]: setting up our own record [5/9]: setting up kerberos principal [6/9]: setting up named.conf [7/9]: restarting named [8/9]: configuring named to start on boot [9/9]: changing resolv.conf to point to ourselves Done configuring DNS (named). Global DNS configuration in LDAP server is empty You can use 'dnsconfig-mod' command to set global DNS options that would override settings in local named.conf files Restarting the web server ============================================================================== Setup complete Next steps: 1. You must make sure these network ports are open: TCP Ports: * 80, 443: HTTP/HTTPS * 389, 636: LDAP/LDAPS * 88, 464: kerberos * 53: bind UDP Ports: * 88, 464: kerberos * 53: bind * 123: ntp 2. You can now obtain a kerberos ticket using the command: 'kinit admin' This ticket will allow you to use the IPA tools (e.g., ipa user-add) and the web user interface. Be sure to back up the CA certificate stored in /root/cacert.p12 This file is required to create replicas. The password for this file is the Directory Manager password Automated Test Results (manually run) :: [root@rhel6-2 install-server-cli]# verify_useradd :: [20:36:05] :: EXECUTING: ipa user-add --first=TestUser1 --last=TestUser1 TestUser1 ---------------------- Added user "testuser1" ---------------------- User login: testuser1 First name: TestUser1 Last name: TestUser1 Full name: TestUser1 TestUser1 Display name: TestUser1 TestUser1 Initials: TT Home directory: /home/testuser1 GECOS field: TestUser1 TestUser1 Login shell: /bin/sh Kerberos principal: testuser1 Email address: testuser1 UID: 5001 GID: 5001 Password: False Kerberos keys available: False :: [ PASS ] :: Added new user within given uid range :: [20:36:09] :: EXECUTING: ipa user-add --first=TestUser2 --last=TestUser2 TestUser2 ---------------------- Added user "testuser2" ---------------------- User login: testuser2 First name: TestUser2 Last name: TestUser2 Full name: TestUser2 TestUser2 Display name: TestUser2 TestUser2 Initials: TT Home directory: /home/testuser2 GECOS field: TestUser2 TestUser2 Login shell: /bin/sh Kerberos principal: testuser2 Email address: testuser2 UID: 5003 GID: 5003 Password: False Kerberos keys available: False :: [ PASS ] :: Added new user within given uid range :: [20:36:10] :: EXECUTING: ipa user-add --first=TestUser3 --last=TestUser3 TestUser3 ---------------------- Added user "testuser3" ---------------------- User login: testuser3 First name: TestUser3 Last name: TestUser3 Full name: TestUser3 TestUser3 Display name: TestUser3 TestUser3 Initials: TT Home directory: /home/testuser3 GECOS field: TestUser3 TestUser3 Login shell: /bin/sh Kerberos principal: testuser3 Email address: testuser3 UID: 5004 GID: 5004 Password: False Kerberos keys available: False :: [ PASS ] :: Added new user within given uid range :: [20:36:11] :: EXECUTING: ipa user-add --first=TestUser4 --last=TestUser4 TestUser4 ---------------------- Added user "testuser4" ---------------------- User login: testuser4 First name: TestUser4 Last name: TestUser4 Full name: TestUser4 TestUser4 Display name: TestUser4 TestUser4 Initials: TT Home directory: /home/testuser4 GECOS field: TestUser4 TestUser4 Login shell: /bin/sh Kerberos principal: testuser4 Email address: testuser4 UID: 5005 GID: 5005 Password: False Kerberos keys available: False :: [ PASS ] :: Added new user within given uid range :: [20:36:12] :: EXECUTING: ipa user-add --first=TestUser5 --last=TestUser5 TestUser5 ---------------------- Added user "testuser5" ---------------------- User login: testuser5 First name: TestUser5 Last name: TestUser5 Full name: TestUser5 TestUser5 Display name: TestUser5 TestUser5 Initials: TT Home directory: /home/testuser5 GECOS field: TestUser5 TestUser5 Login shell: /bin/sh Kerberos principal: testuser5 Email address: testuser5 UID: 5006 GID: 5006 Password: False Kerberos keys available: False :: [ PASS ] :: Added new user within given uid range :: [20:36:13] :: EXECUTING: ipa user-add --first=TestUser6 --last=TestUser6 TestUser6 ---------------------- Added user "testuser6" ---------------------- User login: testuser6 First name: TestUser6 Last name: TestUser6 Full name: TestUser6 TestUser6 Display name: TestUser6 TestUser6 Initials: TT Home directory: /home/testuser6 GECOS field: TestUser6 TestUser6 Login shell: /bin/sh Kerberos principal: testuser6 Email address: testuser6 UID: 5007 GID: 5007 Password: False Kerberos keys available: False :: [ PASS ] :: Added new user within given uid range :: [20:36:15] :: EXECUTING: ipa user-add --first=TestUser7 --last=TestUser7 TestUser7 ---------------------- Added user "testuser7" ---------------------- User login: testuser7 First name: TestUser7 Last name: TestUser7 Full name: TestUser7 TestUser7 Display name: TestUser7 TestUser7 Initials: TT Home directory: /home/testuser7 GECOS field: TestUser7 TestUser7 Login shell: /bin/sh Kerberos principal: testuser7 Email address: testuser7 UID: 5008 GID: 5008 Password: False Kerberos keys available: False :: [ PASS ] :: Added new user within given uid range :: [20:36:16] :: EXECUTING: ipa user-add --first=TestUser8 --last=TestUser8 TestUser8 ---------------------- Added user "testuser8" ---------------------- User login: testuser8 First name: TestUser8 Last name: TestUser8 Full name: TestUser8 TestUser8 Display name: TestUser8 TestUser8 Initials: TT Home directory: /home/testuser8 GECOS field: TestUser8 TestUser8 Login shell: /bin/sh Kerberos principal: testuser8 Email address: testuser8 UID: 5009 GID: 5009 Password: False Kerberos keys available: False :: [ PASS ] :: Added new user within given uid range :: [20:36:17] :: EXECUTING: ipa user-add --first=TestUser9 --last=TestUser9 TestUser9 ---------------------- Added user "testuser9" ---------------------- User login: testuser9 First name: TestUser9 Last name: TestUser9 Full name: TestUser9 TestUser9 Display name: TestUser9 TestUser9 Initials: TT Home directory: /home/testuser9 GECOS field: TestUser9 TestUser9 Login shell: /bin/sh Kerberos principal: testuser9 Email address: testuser9 UID: 5010 GID: 5010 Password: False Kerberos keys available: False :: [ PASS ] :: Added new user within given uid range ----------------------- Added user "testuser20" ----------------------- User login: testuser20 First name: TestUser20 Last name: TestUser20 Full name: TestUser20 TestUser20 Display name: TestUser20 TestUser20 Initials: TT Home directory: /home/testuser20 GECOS field: TestUser20 TestUser20 Login shell: /bin/sh Kerberos principal: testuser20 Email address: testuser20 UID: 5020 GID: 5020 Password: False Kerberos keys available: False :: [ PASS ] :: Added new user outside uid range :: [20:36:19] :: EXECUTING: ipa user-find --uid=5001 -------------- 1 user matched -------------- User login: testuser1 First name: TestUser1 Last name: TestUser1 Home directory: /home/testuser1 Login shell: /bin/sh Email address: testuser1 UID: 5001 GID: 5001 Account disabled: False Password: False Kerberos keys available: False ---------------------------- Number of entries returned 1 ---------------------------- :: [ PASS ] :: Running 'ipa user-find --uid=5001' :: [20:36:19] :: EXECUTING: ipa user-find --uid=5003 -------------- 1 user matched -------------- User login: testuser2 First name: TestUser2 Last name: TestUser2 Home directory: /home/testuser2 Login shell: /bin/sh Email address: testuser2 UID: 5003 GID: 5003 Account disabled: False Password: False Kerberos keys available: False ---------------------------- Number of entries returned 1 ---------------------------- :: [ PASS ] :: Running 'ipa user-find --uid=5003' :: [20:36:20] :: EXECUTING: ipa user-find --uid=5004 -------------- 1 user matched -------------- User login: testuser3 First name: TestUser3 Last name: TestUser3 Home directory: /home/testuser3 Login shell: /bin/sh Email address: testuser3 UID: 5004 GID: 5004 Account disabled: False Password: False Kerberos keys available: False ---------------------------- Number of entries returned 1 ---------------------------- :: [ PASS ] :: Running 'ipa user-find --uid=5004' :: [20:36:21] :: EXECUTING: ipa user-find --uid=5005 -------------- 1 user matched -------------- User login: testuser4 First name: TestUser4 Last name: TestUser4 Home directory: /home/testuser4 Login shell: /bin/sh Email address: testuser4 UID: 5005 GID: 5005 Account disabled: False Password: False Kerberos keys available: False ---------------------------- Number of entries returned 1 ---------------------------- :: [ PASS ] :: Running 'ipa user-find --uid=5005' :: [20:36:21] :: EXECUTING: ipa user-find --uid=5006 -------------- 1 user matched -------------- User login: testuser5 First name: TestUser5 Last name: TestUser5 Home directory: /home/testuser5 Login shell: /bin/sh Email address: testuser5 UID: 5006 GID: 5006 Account disabled: False Password: False Kerberos keys available: False ---------------------------- Number of entries returned 1 ---------------------------- :: [ PASS ] :: Running 'ipa user-find --uid=5006' :: [20:36:22] :: EXECUTING: ipa user-find --uid=5007 -------------- 1 user matched -------------- User login: testuser6 First name: TestUser6 Last name: TestUser6 Home directory: /home/testuser6 Login shell: /bin/sh Email address: testuser6 UID: 5007 GID: 5007 Account disabled: False Password: False Kerberos keys available: False ---------------------------- Number of entries returned 1 ---------------------------- :: [ PASS ] :: Running 'ipa user-find --uid=5007' :: [20:36:22] :: EXECUTING: ipa user-find --uid=5008 -------------- 1 user matched -------------- User login: testuser7 First name: TestUser7 Last name: TestUser7 Home directory: /home/testuser7 Login shell: /bin/sh Email address: testuser7 UID: 5008 GID: 5008 Account disabled: False Password: False Kerberos keys available: False ---------------------------- Number of entries returned 1 ---------------------------- :: [ PASS ] :: Running 'ipa user-find --uid=5008' :: [20:36:23] :: EXECUTING: ipa user-find --uid=5009 -------------- 1 user matched -------------- User login: testuser8 First name: TestUser8 Last name: TestUser8 Home directory: /home/testuser8 Login shell: /bin/sh Email address: testuser8 UID: 5009 GID: 5009 Account disabled: False Password: False Kerberos keys available: False ---------------------------- Number of entries returned 1 ---------------------------- :: [ PASS ] :: Running 'ipa user-find --uid=5009' :: [20:36:23] :: EXECUTING: ipa user-find --uid=5010 -------------- 1 user matched -------------- User login: testuser9 First name: TestUser9 Last name: TestUser9 Home directory: /home/testuser9 Login shell: /bin/sh Email address: testuser9 UID: 5010 GID: 5010 Account disabled: False Password: False Kerberos keys available: False ---------------------------- Number of entries returned 1 ---------------------------- :: [ PASS ] :: Running 'ipa user-find --uid=5010' :: [20:36:24] :: EXECUTING: ipa group-find --private --gid=5003 --------------- 1 group matched --------------- Group name: testuser2 Description: User private group for testuser2 GID: 5003 ---------------------------- Number of entries returned 1 ---------------------------- :: [ PASS ] :: Verifying group with expected gid :: [20:36:24] :: EXECUTING: ipa group-find --private --gid=5004 --------------- 1 group matched --------------- Group name: testuser3 Description: User private group for testuser3 GID: 5004 ---------------------------- Number of entries returned 1 ---------------------------- :: [ PASS ] :: Verifying group with expected gid :: [20:36:25] :: EXECUTING: ipa group-find --private --gid=5005 --------------- 1 group matched --------------- Group name: testuser4 Description: User private group for testuser4 GID: 5005 ---------------------------- Number of entries returned 1 ---------------------------- :: [ PASS ] :: Verifying group with expected gid :: [20:36:26] :: Executing: ipa user-add --first=TestUser --last=TestUser TestUser ipa: ERROR: Operations error: Allocation of a new value for range cn=posix ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed! Unable to proceed. :: [20:36:26] :: "ipa user-add --first=TestUser --last=TestUser TestUser" failed as expected. :: [ PASS ] :: Error message as expected: ipa: ERROR: Operations error: Allocation of a new value for range cn=posix ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed! Unable to proceed. :: [ PASS ] :: Verify expected error message when adding users after uid range is depleted :: [ PASS ] :: BZ 891930 not found Manual Test Results :: [root@rhel6-2 install-server-cli]# ipa user-add newtestuser --first=f --last=l ipa: ERROR: Operations error: Allocation of a new value for range cn=posix ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed! Unable to proceed. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0503.html |