Bug 910902

Summary: Entire 60basev3 schema is not included in update file, other errors
Product: Red Hat Enterprise Linux 7 Reporter: Namita Soman <nsoman>
Component: ipaAssignee: Rob Crittenden <rcritten>
Status: CLOSED CURRENTRELEASE QA Contact: IDM QE LIST <seceng-idm-qe-list>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 7.0CC: mkosek, spoore, xdong
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-3.2.1-1.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 915745 (view as bug list) Environment:
Last Closed: 2014-06-13 09:18:13 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 915745    
Attachments:
Description Flags
updated from ipa-server-2.1.3-9.el6.x86_64
none
updated to ipa-server-3.0.0-26.el6_4.x86_64 ,WebUI shows error prompt none

Description Namita Soman 2013-02-13 20:07:19 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/3398

In a very brief look I found a number of attributes and objectclasses in 60basev3.ldif that are not in an associated update file. The updates are split between 10-60basev3.update and 60-trusts.update.

missing attributes
 * ipaExternalMember

missing objectclasses
 * ipaExternalGroup

The definition for ipaNTFlatName has a misspelled ORDERING in both the 60basev3.ldif and the update file.
Comment 1 Namita Soman 2013-02-13 20:53:53 UTC 
QE will install ipa 2.1, add objects, upgrade to ipa 3.0 and verify UI is accessible. Is that a good test?
Comment 2 Rob Crittenden 2013-02-14 13:55:00 UTC 
Yes, that should be sufficient.
Comment 3 Xiyang Dong 2013-02-14 19:03:18 UTC 
Created attachment 697340 [details]
updated from ipa-server-2.1.3-9.el6.x86_64
Comment 4 Xiyang Dong 2013-02-14 19:05:05 UTC 
Created attachment 697341 [details]
updated to ipa-server-3.0.0-26.el6_4.x86_64 ,WebUI shows error prompt
Comment 5 Rob Crittenden 2013-02-15 14:14:16 UTC 
If you look at /var/log/httpd/error_log you'll see whether you're getting the sam backtrace as originally reported (related to missing ipaExternalMember)
Comment 6 Xiyang Dong 2013-02-21 21:10:30 UTC 
[Thu Feb 21 15:59:59 2013] [error] ipa: ERROR: non-public: KeyError: 'ipaExternalGroup'
[Thu Feb 21 15:59:59 2013] [error] Traceback (most recent call last):
[Thu Feb 21 15:59:59 2013] [error]   File "/usr/lib/python2.6/site-packages/ipaserver/rpcserver.py", line 334, in wsgi_execute
[Thu Feb 21 15:59:59 2013] [error]     result = self.Command[name](*args, **options)
[Thu Feb 21 15:59:59 2013] [error]   File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 435, in __call__
[Thu Feb 21 15:59:59 2013] [error]     ret = self.run(*args, **options)
[Thu Feb 21 15:59:59 2013] [error]   File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 747, in run
[Thu Feb 21 15:59:59 2013] [error]     return self.execute(*args, **options)
[Thu Feb 21 15:59:59 2013] [error]   File "/usr/lib/python2.6/site-packages/ipalib/plugins/internal.py", line 119, in execute
[Thu Feb 21 15:59:59 2013] [error]     (o.name, json_serialize(o)) for o in self.api.Object()
[Thu Feb 21 15:59:59 2013] [error]   File "/usr/lib/python2.6/site-packages/ipalib/plugins/internal.py", line 119, in <genexpr>
[Thu Feb 21 15:59:59 2013] [error]     (o.name, json_serialize(o)) for o in self.api.Object()
[Thu Feb 21 15:59:59 2013] [error]   File "/usr/lib/python2.6/site-packages/ipalib/util.py", line 55, in json_serialize
[Thu Feb 21 15:59:59 2013] [error]     return json_serialize(obj.__json__())
[Thu Feb 21 15:59:59 2013] [error]   File "/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py", line 644, in __json__
[Thu Feb 21 15:59:59 2013] [error]     attrs = self.api.Backend.ldap2.schema.attribute_types(objectclasses)
[Thu Feb 21 15:59:59 2013] [error]   File "/usr/lib64/python2.6/site-packages/ldap/schema/subentry.py", line 277, in attribute_types
[Thu Feb 21 15:59:59 2013] [error]     object_class = self.sed[ObjectClass][object_class_oid]
[Thu Feb 21 15:59:59 2013] [error] KeyError: 'ipaExternalGroup'
[Thu Feb 21 15:59:59 2013] [error] ipa: INFO: admin.REDHAT.COM: json_metadata(None, None, object=u'all'): KeyError
Comment 7 Martin Kosek 2013-02-22 12:36:27 UTC 
Fixed upstream:
master: https://fedorahosted.org/freeipa/changeset/49beb8cd3a752322285aa21a94306f7b99bcfae8
ipa-3-1: https://fedorahosted.org/freeipa/changeset/fd1cfd38e2cf0b9b8730f6d68c9fc3283a0872a1
ipa-3-0: https://fedorahosted.org/freeipa/changeset/d6a92b2dece5908eec94b8394ee611a497916648

The missing attributeType and objectClasse is now added to update file. It also replaces misspelled ipant* attributeTypes ORDERING value on new install and upgrades.
Comment 8 Martin Kosek 2013-02-26 08:54:09 UTC 
Upstream ticket reopened, moving to ASSIGNED.
Comment 9 Martin Kosek 2013-02-27 11:52:39 UTC 
Regression (schema parsing error messages) fixed upstream:

master: https://fedorahosted.org/freeipa/changeset/4a6f3cac29d0cbc119b32a4ed41efdeac13791e5
ipa-3-1: https://fedorahosted.org/freeipa/changeset/6832218a6afb38265044b2f0dd6633163bf0e11d
ipa-3-0: https://fedorahosted.org/freeipa/changeset/9c00258f7a4b7f10d83c8f13d2c7508a6820a79b


Moving back to POST.
Comment 12 Scott Poore 2013-09-05 23:33:05 UTC 
Verified.

Version ::

ipa-server-3.3.1-1.el7.x86_64

Automated Test Results ::

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ipa_upgrade_bz910902 - Entire 60basev3 schema is not included in update file, other errors
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 18:29:23 ] ::  Checking Web UI
:: [ 18:29:23 ] ::  Prepare json query in file
:: [ 18:29:24 ] ::  Getting Session ID with:  curl -v --negotiate -u: https://rhel7-1.testrelm.com/ipa/session/login_kerberos --cacert /etc/ipa/ca.crt
:: [   PASS   ] :: Running 'curl  -H "Content-Type:application/json" -H "Referer: https://rhel7-1.testrelm.com/ipa/xml" -H "Accept:application/json"  -H "Accept-Language:en" --cacert /etc/ipa/ca.crt -d  @/tmp/jsoninput -X POST -b "ipa_session=0245803d039cbc74f9377eb22e8c9f0c; httponly; Path=/ipa; secure" https://rhel7-1.testrelm.com/ipa/session/json > /tmp/tmpout.ipa_quicktest_webui_check 2>&1' (Expected 0, got 0)
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   798    0   729  100    69   1620    153 --:--:-- --:--:-- --:--:--  1623
{
    "error": null, 
    "id": null, 
    "principal": "admin", 
    "result": {
        "count": 1, 
        "messages": [
            {
                "code": 13001, 
                "message": "API Version number was not sent, forward compatibility not guaranteed. Assuming server's API version, 2.65", 
                "name": "VersionMissing", 
                "type": "warning"
            }
        ], 
        "result": [
            {
                "dn": "uid=admin,cn=users,cn=accounts,dc=testrelm,dc=com", 
                "uid": [
                    "admin"
                ]
            }
        ], 
        "summary": "1 user matched", 
        "truncated": false
    }, 
    "version": "3.3.1"
}:: [   PASS   ] :: Running 'cat /tmp/tmpout.ipa_quicktest_webui_check' (Expected 0, got 0)
:: [   PASS   ] :: File '/tmp/tmpout.ipa_quicktest_webui_check' should contain 'uid=admin.*' 
:: [   PASS   ] :: File '/usr/share/ipa/updates/10-60basev3.update' should contain 'ipaExternalMember' 
:: [   PASS   ] :: BZ 910902 not found
Comment 13 Ludek Smid 2014-06-13 09:18:13 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.