Bug 1284414 - ipa-otptoken-import fails on nonexistent ldap connection
Summary: ipa-otptoken-import fails on nonexistent ldap connection
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.2
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: Namita Soman
URL:
Whiteboard:
Keywords: Regression, ZStream
Depends On:
Blocks: 1284813
TreeView+ depends on / blocked
 
Reported: 2015-11-23 09:58 UTC by Jan Cholasta
Modified: 2016-11-04 05:41 UTC (History)
6 users (show)

(edit)
Clone Of:
: 1284813 (view as bug list)
(edit)
Last Closed: 2016-11-04 05:41:23 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:2404 normal SHIPPED_LIVE ipa bug fix and enhancement update 2016-11-03 13:56:18 UTC

Description Jan Cholasta 2015-11-23 09:58:41 UTC
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/5475

{{{
$ sudo ipa-otptoken-import ~/freeipa/ipatests/test_ipaserver/data/full.xml output
Error adding token: no context.ldap2_140252530250192 in thread 'MainThread'
The ipa-otptoken-import command was successful
}}}

Comment 1 Jan Cholasta 2015-11-23 09:59:31 UTC
This is a regression in RHEL 7.2.

Comment 2 Martin Kosek 2015-11-23 10:02:31 UTC
High severity - functionality is not working any more.

Comment 8 Varun Mylaraiah 2016-07-25 21:14:07 UTC
Verified

[root@master ~]# rpm -qa ipa-server
ipa-server-4.4.0-3.el7.x86_64

[root@master ~]# ipa otptoken-find --all
--------------------
0 OTP tokens matched
--------------------
----------------------------
Number of entries returned 0
----------------------------

[root@master ~]# cat pskc1.xml
<?xml version="1.0" encoding="UTF-8"?>
<KeyContainer Version="1.0"
    Id="exampleID1"
    xmlns="urn:ietf:params:xml:ns:keyprov:pskc">
    <KeyPackage>
        <DeviceInfo>
            <Manufacturer>Manufacturer</Manufacturer>
            <SerialNo>987654321</SerialNo>
            <UserId>DC=example-bank,DC=net</UserId>
        </DeviceInfo>
        <CryptoModuleInfo>
            <Id>CM_ID_001</Id>
        </CryptoModuleInfo>
        <Key Id="12345678"
            Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:hotp">
            <Issuer>Issuer</Issuer>
            <AlgorithmParameters>
                <ResponseFormat Length="8" Encoding="DECIMAL"/>
            </AlgorithmParameters>
            <Data>
                <Secret>
                    <PlainValue>MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=
                    </PlainValue>
                </Secret>
                <Counter>
                    <PlainValue>0</PlainValue>
                </Counter>
            </Data>
            <UserId>UID=jsmith,DC=example-bank,DC=net</UserId>
        </Key>
    </KeyPackage>
</KeyContainer>

[root@master ~]# ipa-otptoken-import pskc1.xml output.xml
Added token: 12345678
The ipa-otptoken-import command was successful

[root@master ~]# ipa otptoken-find --all
-------------------
1 OTP token matched
-------------------
  dn: ipatokenuniqueid=12345678,cn=otp,dc=testrelm,dc=test
  Unique ID: 12345678
  Type: HOTP
  Owner: admin
  Manager: admin
  Vendor: Manufacturer
  Serial: 987654321
  Key: MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=
  Algorithm: sha1
  Digits: 8
  Counter: 0
  objectclass: ipatokenhotp, top, ipatoken
----------------------------
Number of entries returned 1
----------------------------

[root@master ~]# cat output.xml 
<KeyContainer xmlns="urn:ietf:params:xml:ns:keyprov:pskc" Version="1.0" Id="exampleID1">
    </KeyContainer>

Comment 10 errata-xmlrpc 2016-11-04 05:41:23 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2404.html


Note You need to log in before you can comment on or make changes to this bug.