1168376 – Clean up debug log for trust-add

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1168376 - Clean up debug log for trust-add

Summary: Clean up debug log for trust-add

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	ipa
Sub Component:
Version:	7.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	IPA Maintainers
QA Contact:	Namita Soman
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-11-26 18:02 UTC by Steeve Goveas
Modified:	2015-09-23 14:44 UTC (History)
CC List:	3 users (show)
Fixed In Version:	ipa-4.1.0-14.el7
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-03-05 10:15:55 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2015:0442	0	normal	SHIPPED_LIVE	Moderate: ipa security, bug fix, and enhancement update	2015-03-05 14:50:39 UTC

Description Steeve Goveas 2014-11-26 18:02:21 UTC

Description of problem:
While trying to debug a trust-add failure, found below debug logs. Functionality seems works as expected.

Version-Release number of selected component (if applicable):
ipa-server-4.1.0-9.el7.x86_64

How reproducible:


Steps to Reproduce:
1. Install IPA server
2. Run ipa-adtrust-install
3. Run trust-add with -vvv

Actual results:
[root@ibm-x3620m3-01 ~]# echo Secret123 | ipa -vvv trust-add adtest.qe --admin
administrator --password
ipa: INFO: trying https://ibm-x3620m3-01.steeve2011.test/ipa/session/json
ipa: INFO: Forwarding 'trust_add' to json server
'https://ibm-x3620m3-01.steeve2011.test/ipa/session/json'
ipa: INFO: Request: {
    "id": 0,
    "method": "trust_add",
    "params": [
        [
            "adtest.qe"
        ],
        {
            "all": false,
            "raw": false,
            "realm_admin": "administrator",
            "realm_passwd": "Secret123",
            "trust_type": "ad",
            "version": "2.108"
        }
    ]
}
send: u'POST /ipa/session/json HTTP/1.1\r\nHost:
ibm-x3620m3-01.steeve2011.test\r\nAccept-Encoding: gzip\r\nAccept-Language:
en-us\r\nReferer: https://ibm-x3620m3-01.steeve2011.test/ipa/xml\r\nCookie:
ipa_session=f474c2700c4a503f7b6688d4f39f7442;\r\nUser-Agent:
xmlrpclib.py/1.0.1 (by www.pythonware.com)\r\nContent-Type:
application/json\r\nContent-Length: 190\r\n\r\n{"params": [["adtest.qe"],
{"all": false, "realm_passwd": "Secret123", "raw": false, "realm_admin":
"administrator", "version": "2.108", "trust_type": "ad"}], "method":
"trust_add", "id": 0}'
reply: 'HTTP/1.1 200 Success\r\n'
header: Date: Wed, 26 Nov 2014 13:09:06 GMT
header: Server: Apache/2.4.6 (Red Hat Enterprise Linux) mod_auth_kerb/5.4
mod_nss/2.4.6 NSS/3.15.4 Basic ECC mod_wsgi/3.4 Python/2.7.5
header: Set-Cookie: ipa_session=f474c2700c4a503f7b6688d4f39f7442;
Domain=ibm-x3620m3-01.steeve2011.test; Path=/ipa; Expires=Wed, 26 Nov 2014
13:29:06 GMT; Secure; HttpOnly
header: Vary: Accept-Encoding
header: Content-Encoding: gzip
header: Content-Length: 893
header: Content-Type: application/json; charset=utf-8
body: '{\n    "error": null, \n    "id": 0, \n    "principal":
"admin", \n    "result": {\n        "result": {\n
"cn": [\n                "adtest.qe"\n            ], \n
"ipantflatname": [\n "ADTEST"\n            ], \n
"ipantsecurityidentifier": [\n
"S-1-5-21-1892920146-2165982554-3378841437-1012"\n            ], \n
"ipantsidblacklistincoming": [\n "S-1-5-20", \n                "S-1-5-3", \n
"S-1-5-2", \n                "S-1-5-1", \n                "S-1-5-7", \n
"S-1-5-6", \n                "S-1-5-5", \n                "S-1-5-4", \n
"S-1-5-9", \n                "S-1-5-8", \n                "S-1-5-17", \n
"S-1-5-16", \n                "S-1-5-15", \n                "S-1-5-14", \n
"S-1-5-13", \n                "S-1-5-12", \n                "S-1-5-11", \n
"S-1-5-10", \n                "S-1-3", \n                "S-1-2", \n
"S-1-1", \n                "'
body: 'S-1-0", \n                "S-1-5-19", \n "S-1-5-18"\n            ], \n
"ipantsidblacklistoutgoing": [\n                "S-1-5-20", \n
"S-1-5-3", \n                "S-1-5-2", \n                "S-1-5-1", \n
"S-1-5-7", \n                "S-1-5-6", \n                "S-1-5-5", \n
"S-1-5-4", \n                "S-1-5-9", \n                "S-1-5-8", \n
"S-1-5-17", \n                "S-1-5-16", \n                "S-1-5-15", \n
"S-1-5-14", \n                "S-1-5-13", \n                "S-1-5-12", \n
"S-1-5-11", \n                "S-1-5-10", \n                "S-1-3", \n
"S-1-2", \n                "S-1-1", \n                "S-1-0", \n
"S-1-5-19", \n                "S-1-5-18"\n            ], \n
"ipantsupportedencryptiontypes": [\n "28"\n            ], \n
"ipanttrustattributes": [\n                "8"\n            ], \n
"ipanttrustauthincoming": [\n             '
body: '   {\n                    "__base64__": "AQAAAAwAAAAcAQAAgA+iLXoJ0AECAAAAAAEAADMARwAkAHIAMwBJAHEAagBrAGQAXwBkAFgAcQBCAHYAQABRAG4AawBTAGwAVwBjAEYAVgArAE0AfgB6AHIAJgBIAGkASgBZAEwAegBTADQARABUAEMAVABQAEYAVgB+AHEAKAAtAHEAVQBKACUAXwA1ADcAJgBTADMAZABhAEoALABZAEcAJQA4ADoAagBPACEAbQBBAHAAOgBlAC4AUgBlAFsAUwBPAEgAOwA7ADgAVgBiAD8AUQBYAGwAYgBhADwALQB4AGQARgBLAGkAQABMAHYAdQBCAEkALgBOAGwAVQBaAGUAZgBTAE8AUAAoACYAagBHAHcAZwApADEAYQA="\n
}\n            ], \n            "ipanttrustauthoutgoing": [\n
{\n                    "__base64__": "AQAAAAwAAAAcAQAAgA+iLXoJ0AECAAAAAAEAADMARwAkAHIAMwBJAHEAagBrAGQAXwBkAFgAcQBCAHYAQABRAG4AawBTAGwAVwBjAEYAVgArAE0AfgB6AHIAJgBIAGkASgBZAEwAegBTADQARABUAEMAVABQAEYAVgB+AHEAKAAtAHEAVQBKACUAXwA1ADcAJgBTADMAZABhAEoALABZAEcAJQA4ADoAagBPACEAbQBBAHAAOgBlAC4AUgBlAFsAUwBPAEgAOwA7ADgAVgBiAD8AUQBYAGwAYgBhADwALQB4AGQARgBLAGkAQABMAHYAdQBCAEkALgBOAGwAVQBaAGUAZgBTAE8AUAAoACYAagBHAHcAZwApADEAYQA="\n
}\n            ], \n            "ipanttrustdirection": [\n
"3"\n  '
body: '          ], \n            "ipanttrusteddomainsid": [\n
"S-1-5-21-1910160501-511572375-3625658879"\n            ], \n
"ipanttrustpartner": [\n "adtest.qe"\n            ], \n
"ipanttrustposixoffset": [\n                "0"\n            ], \n
"ipanttrusttype": [\n                "2"\n            ], \n
"objectclass": [\n                "top", \n
"ipaNTTrustedDomain", \n "ipaIDobject"\n            ], \n
"trustdirection": [\n                "Two-way trust"\n            ], \n
"truststatus": [\n                "Established and verified"\n            ],
\n            "trusttype": [\n                "Active Directory domain"\n
], \n            "uidnumber": [\n "1119800012"\n            ]\n        }, \n
"summary": "Added Active Directory trust for realm \\"adtest.qe\\"", \n
"value": "adtest.qe"\n    }, \n    "version": "4.1.0"\n}'
ipa: ERROR: non-public: UnicodeDecodeError: 'utf8' codec can't decode byte
0x80 in position 12: invalid start byte
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line 129, in
execute
    result = self.Command[_name](*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 439, in
__call__
    ret = self.run(*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 755, in run
    return self.forward(*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 776, in
forward
    return self.Backend.rpcclient.forward(self.name, *args, **kw)
  File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 880, in forward
    return self._call_command(command, params)
  File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 857, in
_call_command
    return command(*params)
  File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 1004, in _call
    return self.__request(name, args)
  File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 986, in
__request
    json.dumps(response, sort_keys=True, indent=4))
  File "/usr/lib64/python2.7/json/__init__.py", line 250, in dumps
    sort_keys=sort_keys, **kw).encode(obj)
  File "/usr/lib64/python2.7/json/encoder.py", line 209, in encode
    chunks = list(chunks)
  File "/usr/lib64/python2.7/json/encoder.py", line 434, in _iterencode
    for chunk in _iterencode_dict(o, _current_indent_level):
  File "/usr/lib64/python2.7/json/encoder.py", line 408, in _iterencode_dict
    for chunk in chunks:
  File "/usr/lib64/python2.7/json/encoder.py", line 408, in _iterencode_dict
    for chunk in chunks:
  File "/usr/lib64/python2.7/json/encoder.py", line 408, in _iterencode_dict
    for chunk in chunks:
  File "/usr/lib64/python2.7/json/encoder.py", line 313, in _iterencode_list
    yield buf + _encoder(value)
UnicodeDecodeError: 'utf8' codec can't decode byte 0x80 in position 12:
invalid start byte
ipa: ERROR: an internal error has occurred

Comment 2 Petr Vobornik 2014-11-28 11:51:13 UTC

I don't think this is a bug. 

-vv/-vvv options are used for CLI debugging and displaying this information in a console output is IMHO desired. The same happens in other commands, e.g., user-add --password. 

I didn't see the password saved in an actual log.

Did I miss something?

Comment 3 Steeve Goveas 2014-12-04 06:52:41 UTC

In this bug we need to remove the ipanttrustauthincoming/ipanttrustauthoutgoing
attributes before sending them to the client and fix the encoding error.

An upstream ticket has been opened for the encoding issue, since it affects more commands
https://fedorahosted.org/freeipa/ticket/4773

Comment 4 Petr Vobornik 2014-12-04 08:38:57 UTC

Upstream ticket:
https://fedorahosted.org/freeipa/ticket/4787

Comment 5 Petr Vobornik 2015-01-13 14:39:33 UTC

Upstream ticket:
https://fedorahosted.org/freeipa/ticket/4773

Comment 6 Petr Vobornik 2015-01-13 14:41:18 UTC

Fixed upstream:

removal of ipanttrustauthincoming/ipanttrustauthoutgoing attrs form ouput:

master:
https://fedorahosted.org/freeipa/changeset/b0f412177fd36e81e71bea63b8923825c7ab28dd
ipa-4-1:
https://fedorahosted.org/freeipa/changeset/333b899770762936372116ba472e42cabaaaecda


Encoding error fix:

master:
* a18ef90284f627bdde1e264e5e3db3a52031feec rpcclient: use json_encode_binary for verbose output
ipa-4-1:
* 872ba41c3b8ccc7beaaaf19e8a30f0caa8a1fa36 rpcclient: use json_encode_binary for verbose output

Comment 7 Petr Vobornik 2015-01-13 14:42:23 UTC

better links for the encoding fix:

master:
https://fedorahosted.org/freeipa/changeset/a18ef90284f627bdde1e264e5e3db3a52031feec
ipa-4-1:
https://fedorahosted.org/freeipa/changeset/872ba41c3b8ccc7beaaaf19e8a30f0caa8a1fa36

Comment 9 Steeve Goveas 2015-01-27 12:34:28 UTC

Verified in version
[root@vm-idm-019 ~]# rpm -q ipa-server 
ipa-server-4.1.0-16.el7.x86_64

[root@vm-idm-019 ~]# echo Secret123 | ipa -vvv trust-add adtest.qe --admin Administrator --password
ipa: INFO: trying https://vm-idm-019.ipaviews.test/ipa/session/json
ipa: INFO: Forwarding 'trust_add' to json server 'https://vm-idm-019.ipaviews.test/ipa/session/json'
ipa: INFO: Request: {
    "id": 0, 
    "method": "trust_add", 
    "params": [
        [
            "adtest.qe"
        ], 
        {
            "all": false, 
            "raw": false, 
            "realm_admin": "Administrator", 
            "realm_passwd": "Secret123", 
            "trust_type": "ad", 
            "version": "2.112"
        }
    ]
}
send: u'POST /ipa/session/json HTTP/1.1\r\nHost: vm-idm-019.ipaviews.test\r\nAccept-Encoding: gzip\r\nAccept-Language: en-us\r\nReferer: https://vm-idm-019.ipaviews.test/ipa/xml\r\nCookie: ipa_session=1e52dbba0c13c73806858a7e01ac2174;\r\nUser-Agent: xmlrpclib.py/1.0.1 (by www.pythonware.com)\r\nContent-Type: application/json\r\nContent-Length: 190\r\n\r\n{"params": [["adtest.qe"], {"all": false, "realm_passwd": "Secret123", "raw": false, "realm_admin": "Administrator", "version": "2.112", "trust_type": "ad"}], "method": "trust_add", "id": 0}'
reply: 'HTTP/1.1 401 Unauthorized\r\n'
header: Date: Tue, 27 Jan 2015 12:29:39 GMT
header: Server: Apache/2.4.6 (Red Hat Enterprise Linux) mod_auth_kerb/5.4 mod_nss/2.4.6 NSS/3.16.2.3 Basic ECC mod_wsgi/3.4 Python/2.7.5
header: Content-Length: 0
header: Content-Type: text/plain; charset=UTF-8
ipa: INFO: trying https://vm-idm-019.ipaviews.test/ipa/json
ipa: INFO: Forwarding 'trust_add' to json server 'https://vm-idm-019.ipaviews.test/ipa/json'
ipa: INFO: Request: {
    "id": 0, 
    "method": "trust_add", 
    "params": [
        [
            "adtest.qe"
        ], 
        {
            "all": false, 
            "raw": false, 
            "realm_admin": "Administrator", 
            "realm_passwd": "Secret123", 
            "trust_type": "ad", 
            "version": "2.112"
        }
    ]
}
send: u'POST /ipa/json HTTP/1.1\r\nHost: vm-idm-019.ipaviews.test\r\nAccept-Encoding: gzip\r\nAccept-Language: en-us\r\nReferer: https://vm-idm-019.ipaviews.test/ipa/xml\r\nAuthorization: negotiate YIIEkAYJKoZIhvcSAQICAQBuggR/MIIEe6ADAgEFoQMCAQ6iBwMFACAAAACjggORYYIDjTCCA4mgAwIBBaEPGw1JUEFWSUVXUy5URVNUoiswKaADAgEDoSIwIBsESFRUUBsYdm0taWRtLTAxOS5pcGF2aWV3cy50ZXN0o4IDQjCCAz6gAwIBEqEDAgECooIDMASCAywBHtLxShbPTDoTM872IDxYHOy6GLa1zxtyfnqANy1GOjnbCq9h2HXEJBsMAlfvhk85L1SDCo1S9BAtJI51XDyep64rb561wiUMi3Gg3HSLRXfVvrqSu5s2DflRw+JIbG0Jmt35KJWygYLRPyCnpJeTjxTLkFD39GrahkwYxNAlmXph2jcQc1UdJeWr4ePXfBFB9U+BA01QK91ogwjtuWJOFTghU4fSjl2Es1Z5tWtuvh2aS+mFR9DauK1ZZjle4iUZ4rrdNzlbN9ux1UC7Kda+CgTJRPzcPfI0vZgmpGfU7I/s5RPySKWWi4px/6z6I40ISgw3bWEYH9nuy8l1Wx4p5oCaZQ3FIqByYzREkHAIMVoW/XjS+X9ax8w3HC4U4k9E/YHQsJW3JLn089YfdaJw6OO7A5eGKSFmth9oCe9MSDQm0ntywRGee+cO7AwQyWRTWj7vkX/CVM9cAbXytjMpjmuuaGPrKJZEnKi3Q6i+nb2vTQi989vnmRhbKOwT+RrkbNln+/KIgWmOYsxvYW5rfQ/LLvm7MYfiRyJHY8sFT4skT4TsUCQsI/SQwU7rUV7WYPDZSBZfHIUeuE3wcUgzoJq/6won2C6BfNlVzIEB1uRltfxB+SeGPlWB6nb4nhel1xj0exvTmgPBVEVznHb5Ggd1zN35Z222jGr4S7ZYuc9H0rcZdWr5ykpRkHczuJLGj4Nv7vrP/vyDucG4Nb8aym1GDq4RKe/QgIVJxEQ2Um0QeFm4fGRUwnTj+WXeGSGd1cKcOrGBgSCsUuuxf8bK/ZDM71hbANWIm0KzZkP+sPYBYvOIRzVuJ7VjXHCJqQXieoIW5caNHTpRVok/BQYrIqxaK9sicEQODIeog3fp1eMB5vAfx0CYLVJoScoAZ8mwUszvjVBHrtF3O64GESsExcftnQ0zjIGJqXldfGY5HpxJ0r4g632fkkVvDMAzxCemUbCaqUa3yJIrhMMLPP2s2KtbZ+IlwD+bsY9LxqdwKSR5961pv2LM4ycD6chu6Cr7tVbcdClfCDrq+T3KrmrMQHkpsS0RyVoLfRByBAHqTQzY+zr8zHQs8XBMJKSB0DCBzaADAgESooHFBIHCNQhX5JTLpu2SCfB2Elz4tU4iD2LXmKCTA66/3RmEcCF+fmkyWWu57T1DyzAeLYx5IKYInXRTMPHl0cM4CLxnDi8tjtiWl3vieLU7uFoC6g9OxWdO6Cp91t0Sh7ydurhSGqMnBfRC+fNn/97iM3S7QFI3VW8MFv/FzlnemXW7IEhj2wsPlmEe61iCrvJTsk0gmr2UPIx7Gtyv5MCwsASugxwefrgVuOuZFw2QYn8ZvPw05TAT2nvAl+Znx6mvLkGQcVE=\r\nUser-Agent: xmlrpclib.py/1.0.1 (by www.pythonware.com)\r\nContent-Type: application/json\r\nContent-Length: 190\r\n\r\n{"params": [["adtest.qe"], {"all": false, "realm_passwd": "Secret123", "raw": false, "realm_admin": "Administrator", "version": "2.112", "trust_type": "ad"}], "method": "trust_add", "id": 0}'
reply: 'HTTP/1.1 200 Success\r\n'
header: Date: Tue, 27 Jan 2015 12:29:39 GMT
header: Server: Apache/2.4.6 (Red Hat Enterprise Linux) mod_auth_kerb/5.4 mod_nss/2.4.6 NSS/3.16.2.3 Basic ECC mod_wsgi/3.4 Python/2.7.5
header: Set-Cookie: ipa_session=0ca46d159d0b80c9bf3f465ce09e0efd; Domain=vm-idm-019.ipaviews.test; Path=/ipa; Expires=Tue, 27 Jan 2015 12:50:09 GMT; Secure; HttpOnly
header: WWW-Authenticate: Negotiate YIGZBgkqhkiG9xIBAgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKicQRvNQ1Cbfrc5ZUxr0rDTnwP6zclO5XfNDd2UMLHux5+Lg7xGFJekRyCtjJM6D7G9zyNiQz4eZzKyedWiybaIwGjP8vGLCwnTojhkFWu7RFCwtsbtGxNWBDllHxTq/ECdGQpbYuH1fvYUsAT/nPZDFlm
header: Vary: Accept-Encoding
header: Content-Encoding: gzip
header: Content-Length: 581
header: Content-Type: application/json; charset=utf-8
body: '{\n    "error": null, \n    "id": 0, \n    "principal": "admin", \n    "result": {\n        "result": {\n            "cn": [\n                "adtest.qe"\n            ], \n            "ipantflatname": [\n                "ADTEST"\n            ], \n            "ipantsecurityidentifier": [\n                "S-1-5-21-1796645600-2667531414-1194413864-1022"\n            ], \n            "ipantsidblacklistincoming": [\n                "S-1-5-20", \n                "S-1-5-3", \n                "S-1-5-2", \n                "S-1-5-1", \n                "S-1-5-7", \n                "S-1-5-6", \n                "S-1-5-5", \n                "S-1-5-4", \n                "S-1-5-9", \n                "S-1-5-8", \n                "S-1-5-17", \n                "S-1-5-16", \n                "S-1-5-15", \n                "S-1-5-14", \n                "S-1-5-13", \n                "S-1-5-12", \n                "S-1-5-11", \n                "S-1-5-10", \n                "S-1-3", \n                "S-1-2", \n                "S-1-1", \n                "S-'
body: '1-0", \n                "S-1-5-19", \n                "S-1-5-18"\n            ], \n            "ipantsidblacklistoutgoing": [\n                "S-1-5-20", \n                "S-1-5-3", \n                "S-1-5-2", \n                "S-1-5-1", \n                "S-1-5-7", \n                "S-1-5-6", \n                "S-1-5-5", \n                "S-1-5-4", \n                "S-1-5-9", \n                "S-1-5-8", \n                "S-1-5-17", \n                "S-1-5-16", \n                "S-1-5-15", \n                "S-1-5-14", \n                "S-1-5-13", \n                "S-1-5-12", \n                "S-1-5-11", \n                "S-1-5-10", \n                "S-1-3", \n                "S-1-2", \n                "S-1-1", \n                "S-1-0", \n                "S-1-5-19", \n                "S-1-5-18"\n            ], \n            "ipantsupportedencryptiontypes": [\n                "28"\n            ], \n            "ipanttrustattributes": [\n                "8"\n            ], \n            "ipanttrustdirection": [\n                "3'
body: '"\n            ], \n            "ipanttrusteddomainsid": [\n                "S-1-5-21-1910160501-511572375-3625658879"\n            ], \n            "ipanttrustpartner": [\n                "adtest.qe"\n            ], \n            "ipanttrustposixoffset": [\n                "0"\n            ], \n            "ipanttrusttype": [\n                "2"\n            ], \n            "objectclass": [\n                "top", \n                "ipaNTTrustedDomain", \n                "ipaIDobject"\n            ], \n            "trustdirection": [\n                "Two-way trust"\n            ], \n            "truststatus": [\n                "Established and verified"\n            ], \n            "trusttype": [\n                "Active Directory domain"\n            ], \n            "uidnumber": [\n                "1707800022"\n            ]\n        }, \n        "summary": "Added Active Directory trust for realm \\"adtest.qe\\"", \n        "value": "adtest.qe"\n    }, \n    "version": "4.1.0"\n}'
ipa: INFO: Response: {
    "error": null, 
    "id": 0, 
    "principal": "admin", 
    "result": {
        "result": {
            "cn": [
                "adtest.qe"
            ], 
            "ipantflatname": [
                "ADTEST"
            ], 
            "ipantsecurityidentifier": [
                "S-1-5-21-1796645600-2667531414-1194413864-1022"
            ], 
            "ipantsidblacklistincoming": [
                "S-1-5-20", 
                "S-1-5-3", 
                "S-1-5-2", 
                "S-1-5-1", 
                "S-1-5-7", 
                "S-1-5-6", 
                "S-1-5-5", 
                "S-1-5-4", 
                "S-1-5-9", 
                "S-1-5-8", 
                "S-1-5-17", 
                "S-1-5-16", 
                "S-1-5-15", 
                "S-1-5-14", 
                "S-1-5-13", 
                "S-1-5-12", 
                "S-1-5-11", 
                "S-1-5-10", 
                "S-1-3", 
                "S-1-2", 
                "S-1-1", 
                "S-1-0", 
                "S-1-5-19", 
                "S-1-5-18"
            ], 
            "ipantsidblacklistoutgoing": [
                "S-1-5-20", 
                "S-1-5-3", 
                "S-1-5-2", 
                "S-1-5-1", 
                "S-1-5-7", 
                "S-1-5-6", 
                "S-1-5-5", 
                "S-1-5-4", 
                "S-1-5-9", 
                "S-1-5-8", 
                "S-1-5-17", 
                "S-1-5-16", 
                "S-1-5-15", 
                "S-1-5-14", 
                "S-1-5-13", 
                "S-1-5-12", 
                "S-1-5-11", 
                "S-1-5-10", 
                "S-1-3", 
                "S-1-2", 
                "S-1-1", 
                "S-1-0", 
                "S-1-5-19", 
                "S-1-5-18"
            ], 
            "ipantsupportedencryptiontypes": [
                "28"
            ], 
            "ipanttrustattributes": [
                "8"
            ], 
            "ipanttrustdirection": [
                "3"
            ], 
            "ipanttrusteddomainsid": [
                "S-1-5-21-1910160501-511572375-3625658879"
            ], 
            "ipanttrustpartner": [
                "adtest.qe"
            ], 
            "ipanttrustposixoffset": [
                "0"
            ], 
            "ipanttrusttype": [
                "2"
            ], 
            "objectclass": [
                "top", 
                "ipaNTTrustedDomain", 
                "ipaIDobject"
            ], 
            "trustdirection": [
                "Two-way trust"
            ], 
            "truststatus": [
                "Established and verified"
            ], 
            "trusttype": [
                "Active Directory domain"
            ], 
            "uidnumber": [
                "1707800022"
            ]
        }, 
        "summary": "Added Active Directory trust for realm \"adtest.qe\"", 
        "value": "adtest.qe"
    }, 
    "version": "4.1.0"
}
--------------------------------------------------
Added Active Directory trust for realm "adtest.qe"
--------------------------------------------------
  Realm name: adtest.qe
  Domain NetBIOS name: ADTEST
  Domain Security Identifier: S-1-5-21-1910160501-511572375-3625658879
  SID blacklist incoming: S-1-5-20, S-1-5-3, S-1-5-2, S-1-5-1, S-1-5-7, S-1-5-6, S-1-5-5, S-1-5-4, S-1-5-9, S-1-5-8, S-1-5-17, S-1-5-16, S-1-5-15,
                          S-1-5-14, S-1-5-13, S-1-5-12, S-1-5-11, S-1-5-10, S-1-3, S-1-2, S-1-1, S-1-0, S-1-5-19, S-1-5-18
  SID blacklist outgoing: S-1-5-20, S-1-5-3, S-1-5-2, S-1-5-1, S-1-5-7, S-1-5-6, S-1-5-5, S-1-5-4, S-1-5-9, S-1-5-8, S-1-5-17, S-1-5-16, S-1-5-15,
                          S-1-5-14, S-1-5-13, S-1-5-12, S-1-5-11, S-1-5-10, S-1-3, S-1-2, S-1-1, S-1-0, S-1-5-19, S-1-5-18
  Trust direction: Two-way trust
  Trust type: Active Directory domain
  Trust status: Established and verified

Comment 11 errata-xmlrpc 2015-03-05 10:15:55 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0442.html

Note You need to log in before you can comment on or make changes to this bug.