Bug 1248396 - Internal error in DomainValidator.__search_in_dc
Internal error in DomainValidator.__search_in_dc
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: IPA Maintainers
Namita Soman
Depends On:
  Show dependency treegraph
Reported: 2015-07-30 04:32 EDT by Petr Vobornik
Modified: 2015-11-19 07:04 EST (History)
5 users (show)

See Also:
Fixed In Version: ipa-4.2.0-4.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2015-11-19 07:04:44 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Petr Vobornik 2015-07-30 04:32:04 EDT
This bug is created as a clone of upstream ticket:

The error manifests itself as part of idoverrideuser/group commands when invoked with AD users as arguments.

It's a regression from 4.1, present in 4.2.
Comment 1 Petr Vobornik 2015-07-30 04:34:44 EDT
Fixed upstream

  master: cf59981cc2c6bb13c286188aa27cb10a49ff4a5e
  ipa-4-2: fe3fa23e5f34219fda7cba182de50b5bd8074fb7
Comment 3 Sudhir Menon 2015-09-30 07:34:30 EDT
What i understand from the bug is that there is an error displayed when trusted ADusers are used as argument to ipa idoverrideuser/group command.
But is there a specific command from the one listed below with which this was seen or can you please provide me the steps? 

Comment 4 Tomas Babej 2015-09-30 07:50:48 EDT
Any of those commands would suffice, if invoked with AD trusted users. A good example is:

$ ipa idoverrideuser-add 'Default Trust View' Administrator@AD.TEST --uid 500
Comment 5 Sudhir Menon 2015-09-30 09:24:38 EDT
Verified using RHEL7.2 and Windows 2012 R2


Observations: Internal error in DomainValidator.__search_in_dc is not seen on the console when ad users are used as parameter to the idoverride user/group command.

1. [root@ipa01 ~]# ipa idoverrideuser-add 'Default Trust View' test11@test.in --uid 500
Added User ID override "test11@test.in"
  Anchor to override: test11@test.in
  UID: 500

2. [root@ipa01 ~]# ipa idoverrideuser-find 'Default Trust View' test11@test.in --uid 500
1 User ID override matched
  Anchor to override: test11@test.in
  UID: 500
Number of entries returned 1

3. [root@ipa01 ~]# ipa idoverrideuser-del 'Default Trust View' test11@test.in
Deleted User ID override "test11@test.in"

4. [root@ipa01 ~]# ipa idoverrideuser-show 'Default Trust View' test11@test.in
  Anchor to override: test11@test.in
  UID: 500

5. [root@ipa01 ~]# ipa idoverrideuser-mod 'Default Trust View' test11@test.in --uid=1555
Modified an User ID override "test11@test.in"
  Anchor to override: test11@test.in
  UID: 1555

6. [root@ipa01 ~]# ipa idoverridegroup-del 'Default Trust View' biggroup@test.in 
Deleted Group ID override "biggroup@test.in"

7. [root@ipa01 ~]# ipa idoverridegroup-add 'Default Trust View' biggroup@test.in 
Added Group ID override "biggroup@test.in"
  Anchor to override: biggroup@test.in

8. [root@ipa01 ~]# ipa idoverridegroup-mod 'Default Trust View' biggroup@test.in --gid=5343
Modified an Group ID override "biggroup@test.in"
  Anchor to override: biggroup@test.in
  GID: 5343

9. [root@ipa01 ~]# ipa idoverridegroup-show 'Default Trust View' biggroup@test.in
  Anchor to override: biggroup@test.in
  GID: 5343
Comment 6 errata-xmlrpc 2015-11-19 07:04:44 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.