Description of problem: When deleting hosts with --updatedns=True, IPA fails to find the DNS records. Version-Release number of selected component (if applicable): ipa-admintools-3.0.0-37.el6.x86_64 ipa-pki-common-theme-9.0.3-7.el6.noarch ipa-pki-ca-theme-9.0.3-7.el6.noarch ipa-python-3.0.0-37.el6.x86_64 ipa-client-3.0.0-37.el6.x86_64 ipa-server-3.0.0-37.el6.x86_64 ipa-server-selinux-3.0.0-37.el6.x86_64 How reproducible: Always Steps to Reproduce: 1. Enroll a host in an IPA server that was configured for DNS 2. IPA automatically creates DNS records 3. Delete the host with ipa host-del <hostname> --updatedns=True Actual results: DNS records are not deleted The records exist... [root@ipa01 httpd]# ipa dnsrecord-show katello.example.org realm-rhel6 Record name: realm-rhel6 A record: 192.168.100.147 [root@ipa01 httpd]# ipa dnsrecord-show 100.168.192.in-addr.arpa. 147 Record name: 147 PTR record: realm-rhel6.katello.example.org. But the API says the records are NotFound: [Tue Jul 08 14:17:59 2014] [error] ipa: DEBUG: raw: host_del((u'realm-rhel6.katello.example.org',), updatedns=True) [Tue Jul 08 14:17:59 2014] [error] ipa: DEBUG: host_del((u'realm-rhel6.katello.example.org',), updatedns=True) [Tue Jul 08 14:17:59 2014] [error] ipa: DEBUG: raw: service_find(u'realm-rhel6.katello.example.org') [Tue Jul 08 14:17:59 2014] [error] ipa: DEBUG: service_find(u'realm-rhel6.katello.example.org', all=False, raw=False, no_members=False, pkey_only=False) [Tue Jul 08 14:17:59 2014] [error] ipa: DEBUG: raw: dnszone_show(u'katello.example.org') [Tue Jul 08 14:17:59 2014] [error] ipa: DEBUG: dnszone_show(u'katello.example.org', rights=False, all=False, raw=False) [Tue Jul 08 14:17:59 2014] [error] ipa: INFO: realm-capsule.ORG: host_del((u'realm-rhel6.katello.example.org',), updatedns=True): NotFound [Tue Jul 08 14:17:59 2014] [error] ipa: DEBUG: response: NotFound: realm-rhel6.katello.example.org: host not found Expected results: DNS records are deleted (as in the latest upstream version - freeipa-server-3.3.5-1.fc20.x86_64): [Wed Jul 09 09:11:12.780174 2014] [:error] [pid 22883] ipa: DEBUG: raw: host_del((u'fedora456.bitbin.de',), updatedns=True, version=u'2.65') [Wed Jul 09 09:11:12.780342 2014] [:error] [pid 22883] ipa: DEBUG: host_del((u'fedora456.bitbin.de',), updatedns=True, version=u'2.65') [Wed Jul 09 09:11:12.784403 2014] [:error] [pid 22883] ipa: DEBUG: retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-BITBIN-DE.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f24b4c14bd8> [Wed Jul 09 09:11:13.039536 2014] [:error] [pid 22883] ipa: DEBUG: raw: service_find(u'fedora456.bitbin.de') [Wed Jul 09 09:11:13.039725 2014] [:error] [pid 22883] ipa: DEBUG: service_find(u'fedora456.bitbin.de', all=False, raw=False, no_members=False, pkey_only=False) [Wed Jul 09 09:11:13.043095 2014] [:error] [pid 22883] ipa: DEBUG: raw: dnszone_show(u'bitbin.de') [Wed Jul 09 09:11:13.043244 2014] [:error] [pid 22883] ipa: DEBUG: dnszone_show(u'bitbin.de', rights=False, all=False, raw=False) [Wed Jul 09 09:11:13.047731 2014] [:error] [pid 22883] ipa: DEBUG: raw: dnsrecord_find(u'bitbin.de', None, idnsname=u'fedora456') [Wed Jul 09 09:11:13.048055 2014] [:error] [pid 22883] ipa: DEBUG: dnsrecord_find(u'bitbin.de', None, idnsname=u'fedora456', structured=False, all=False, raw=False, pkey_only=False) [Wed Jul 09 09:11:13.053805 2014] [:error] [pid 22883] ipa: DEBUG: deleting ipaddr 10.7.13.132 [Wed Jul 09 09:11:13.053988 2014] [:error] [pid 22883] ipa: DEBUG: raw: dnszone_find(None) [Wed Jul 09 09:11:13.054191 2014] [:error] [pid 22883] ipa: DEBUG: dnszone_find(None, forward_only=False, all=False, raw=False, pkey_only=False) [Wed Jul 09 09:11:13.058742 2014] [:error] [pid 22883] ipa: DEBUG: raw: dnsrecord_del(u'13.7.10.in-addr.arpa.', u'132', ptrrecord=u'fedora456.bitbin.de') [Wed Jul 09 09:11:13.059075 2014] [:error] [pid 22883] ipa: DEBUG: dnsrecord_del(u'13.7.10.in-addr.arpa.', u'132', ptrrecord=(u'fedora456.bitbin.de.',), del_all=False, structured=False) [Wed Jul 09 09:11:13.062739 2014] [:error] [pid 22883] ipa: DEBUG: raw: dnsrecord_del(u'bitbin.de', u'fedora456', arecord=u'10.7.13.132') [Wed Jul 09 09:11:13.063052 2014] [:error] [pid 22883] ipa: DEBUG: dnsrecord_del(u'bitbin.de', u'fedora456', arecord=(u'10.7.13.132',), del_all=False, structured=False) [Wed Jul 09 09:11:13.616730 2014] [:error] [pid 22883] ipa: INFO: admin: host_del((u'fedora456.bitbin.de',), updatedns=True, version=u'2.65'): SUCCESS
Missing permissions - Adding this worked: ipa privilege-add-permission 'Satellite Capsule Host Management' --permission="read dns entries" --permission="remove dns entries" --permission="add dns entries" --permission="update dns entries"
Related to: https://fedorahosted.org/freeipa/ticket/4329