Red Hat Bugzilla – Bug 1184149
DUA profile not available anonymously
Last modified: 2015-03-05 05:19:28 EST
This bug is created as a clone of upstream ticket: https://fedorahosted.org/freeipa/ticket/4850 The DUA project used to configure Solaris and HP/ux clients is not available anonymously. This is a regression from 3.x. The URI is cn=default,ou=profile,$SUFFIX. Tested using freeipa-server-4.1.2-1 on F-21 {{{ $ ldapsearch -LLL -x -b cn=default,ou=profile,dc=example,dc=com }}} In 3.x: {{{ $ ldapsearch -LLL -x -b cn=default,ou=profile,dc=example,dc=com dn: cn=default,ou=profile,dc=example,dc=com defaultServerList: grindle.example.com defaultSearchBase: dc=example,dc=com objectClass: top objectClass: DUAConfigProfile serviceSearchDescriptor: passwd:cn=users,cn=accounts,dc=example,dc=com serviceSearchDescriptor: group:cn=groups,cn=compat,dc=example,dc=com searchTimeLimit: 15 followReferrals: TRUE objectclassMap: shadow:shadowAccount=posixAccount bindTimeLimit: 5 authenticationMethod: none cn: default }}}
Fixed upstream master: https://fedorahosted.org/freeipa/changeset/0a7a8d66040f7a5f0e55da4b01e614dd9b569a00 ipa-4-1: https://fedorahosted.org/freeipa/changeset/b54b740f7903a0722930cc281ccb5a2bece45aef
reproduced: [root@rhel7-3 ~]# ldapsearch -LLL -x -b cn=default,ou=profile,dc=example,dc=com [root@rhel7-3 ~]# rpm -q ipa-server ipa-server-4.1.0-10.el7.x86_64
verified. Version :: ipa-server-4.1.0-16.el7.x86_64 Results :: [root@rhel7-2 ~]# ldapsearch -LLL -x -b cn=default,ou=profile,dc=example,dc=com dn: cn=default,ou=profile,dc=example,dc=com defaultServerList: rhel7-2.example.com defaultSearchBase: dc=example,dc=com objectClass: top objectClass: DUAConfigProfile serviceSearchDescriptor: passwd:cn=users,cn=accounts,dc=example,dc=com serviceSearchDescriptor: group:cn=groups,cn=compat,dc=example,dc=com searchTimeLimit: 15 followReferrals: TRUE objectclassMap: shadow:shadowAccount=posixAccount bindTimeLimit: 5 authenticationMethod: none cn: default
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-0442.html