RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1248396 - Internal error in DomainValidator.__search_in_dc
Summary: Internal error in DomainValidator.__search_in_dc
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.2
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: Namita Soman
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-07-30 08:32 UTC by Petr Vobornik
Modified: 2015-11-19 12:04 UTC (History)
5 users (show)

Fixed In Version: ipa-4.2.0-4.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-11-19 12:04:44 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:2362 0 normal SHIPPED_LIVE ipa bug fix and enhancement update 2015-11-19 10:40:46 UTC

Description Petr Vobornik 2015-07-30 08:32:04 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/5157

The error manifests itself as part of idoverrideuser/group commands when invoked with AD users as arguments.

It's a regression from 4.1, present in 4.2.
Comment 1 Petr Vobornik 2015-07-30 08:34:44 UTC 
Fixed upstream

  master: cf59981cc2c6bb13c286188aa27cb10a49ff4a5e
  ipa-4-2: fe3fa23e5f34219fda7cba182de50b5bd8074fb7
Comment 3 Sudhir Menon 2015-09-30 11:34:30 UTC 
Jan,
What i understand from the bug is that there is an error displayed when trusted ADusers are used as argument to ipa idoverrideuser/group command.
But is there a specific command from the one listed below with which this was seen or can you please provide me the steps? 

idoverridegroup-del 	
idoverridegroup-find 	
idoverridegroup-mod 	
idoverridegroup-show 	
idoverrideuser-add 	
idoverrideuser-del 	
idoverrideuser-find 	
idoverrideuser-mod 	
idoverrideuser-show
Comment 4 Tomas Babej 2015-09-30 11:50:48 UTC 
Any of those commands would suffice, if invoked with AD trusted users. A good example is:

$ ipa idoverrideuser-add 'Default Trust View' Administrator --uid 500
Comment 5 Sudhir Menon 2015-09-30 13:24:38 UTC 
Verified using RHEL7.2 and Windows 2012 R2

ipa-server-trust-ad-4.2.0-12.el7.x86_64
ipa-server-4.2.0-12.el7.x86_64
ipa-server-dns-4.2.0-12.el7.x86_64
sssd-1.13.0-35.el7.x86_64

Observations: Internal error in DomainValidator.__search_in_dc is not seen on the console when ad users are used as parameter to the idoverride user/group command.

1. [root@ipa01 ~]# ipa idoverrideuser-add 'Default Trust View' test11 --uid 500
---------------------------------------
Added User ID override "test11"
---------------------------------------
  Anchor to override: test11
  UID: 500

2. [root@ipa01 ~]# ipa idoverrideuser-find 'Default Trust View' test11 --uid 500
--------------------------
1 User ID override matched
--------------------------
  Anchor to override: test11
  UID: 500
----------------------------
Number of entries returned 1
----------------------------

3. [root@ipa01 ~]# ipa idoverrideuser-del 'Default Trust View' test11
-----------------------------------------
Deleted User ID override "test11"
-----------------------------------------

4. [root@ipa01 ~]# ipa idoverrideuser-show 'Default Trust View' test11
  Anchor to override: test11
  UID: 500


5. [root@ipa01 ~]# ipa idoverrideuser-mod 'Default Trust View' test11 --uid=1555
---------------------------------------------
Modified an User ID override "test11"
---------------------------------------------
  Anchor to override: test11
  UID: 1555

6. [root@ipa01 ~]# ipa idoverridegroup-del 'Default Trust View' biggroup 
--------------------------------------------
Deleted Group ID override "biggroup"
--------------------------------------------

7. [root@ipa01 ~]# ipa idoverridegroup-add 'Default Trust View' biggroup 
------------------------------------------
Added Group ID override "biggroup"
------------------------------------------
  Anchor to override: biggroup

8. [root@ipa01 ~]# ipa idoverridegroup-mod 'Default Trust View' biggroup --gid=5343
------------------------------------------------
Modified an Group ID override "biggroup"
------------------------------------------------
  Anchor to override: biggroup
  GID: 5343

9. [root@ipa01 ~]# ipa idoverridegroup-show 'Default Trust View' biggroup
  Anchor to override: biggroup
  GID: 5343
Comment 6 errata-xmlrpc 2015-11-19 12:04:44 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2362.html
Note You need to log in before you can comment on or make changes to this bug.