Bug 1286781 - ipa-nis-manage does not update ldap with all NIS maps
ipa-nis-manage does not update ldap with all NIS maps
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa (Show other bugs)
All Linux
urgent Severity urgent
: rc
: ---
Assigned To: IPA Maintainers
Namita Soman
: Regression, TestBlocker, ZStream
Depends On:
Blocks: 1298098
  Show dependency treegraph
Reported: 2015-11-30 12:46 EST by Scott Poore
Modified: 2016-11-04 01:41 EDT (History)
8 users (show)

See Also:
Fixed In Version: ipa-4.2.0-16.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1298098 (view as bug list)
Last Closed: 2016-11-04 01:41:48 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:2404 normal SHIPPED_LIVE ipa bug fix and enhancement update 2016-11-03 09:56:18 EDT

  None (edit)
Description Scott Poore 2015-11-30 12:46:59 EST
Description of problem:

NIS maps are not being added when ipa-nis-manage is run on a freshly installed IPA server.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.  ipa-server-install
2.  ipa-nis-manage enable
3.  systemctl restart dirsrv.target
4.  ldapsearch -H ldapi://%2fvar%2frun%2fslapd-TESTRELM-TEST.socket -b cn=NIS\ Server,cn=plugins,cn=config dn

Actual results:
Only see a couple maps listed.  Do not see passwd, group, or netgroup maps.

[root@rhel7-1 ~]# ipa-nis-manage enable
Directory Manager password: 

Enabling plugin
This setting will not take effect until you restart Directory Server.
The portmap service may need to be started.
[root@rhel7-1 ~]# systemctl restart dirsrv.target

[root@rhel7-1 ~]# ldapsearch -xLLL -D "cn=Directory Manager" -w Secret123 -b "cn=NIS Server,cn=plugins,cn=config" dn
dn: cn=NIS Server,cn=plugins,cn=config

dn: nis-domain=testrelm.test+nis-map=ethers.byaddr,cn=NIS Server,cn=plugins,cn

dn: nis-domain=testrelm.test+nis-map=ethers.byname,cn=NIS Server,cn=plugins,cn

Expected results:
Should see all expected maps.

Additional info:
Comment 1 Scott Poore 2015-11-30 12:58:58 EST
Alexander helped me with a workaround for this one:

ipa-nis-manage disable
systemctl stop dirsrv.target
cp /etc/dirsrv/slapd-$SUFFIX/dse.ldif /root/dse.ldif.backup.pre-workaround
vi /etc/dirsrv/slapd-$SUFFIX/dse.ldif
# remove all NIS plugin entries
systemctl start dirsrv.target
ipa-nis-manage enable
systemctl restart dirsrv.target

Now you should be able to see the missing NIS maps.

Alexander explained the problem as ipa-nis-manage not handling the case where its configuration is not fully populated.
Comment 2 Petr Vobornik 2015-12-02 08:17:15 EST
Upstream ticket:
Comment 6 Martin Kosek 2016-01-12 11:00:31 EST
Upgrade breakage - high prio/sev.
Comment 10 Scott Poore 2016-07-14 18:20:17 EDT

Version ::


Results ::

[root@rhel7-1 ~]# ipa-nis-manage enable
Directory Manager password: 

Enabling plugin
This setting will not take effect until you restart Directory Server.
The rpcbind service may need to be started.

[root@rhel7-1 ~]# service rpcbind restart
Redirecting to /bin/systemctl restart  rpcbind.service

[root@rhel7-1 ~]# systemctl restart dirsrv@EXAMPLE-COM.service

[root@rhel7-1 ~]# ypcat -d example.com -h $(hostname) passwd

[root@rhel7-1 ~]# rpm -q ipa-server

[root@rhel7-1 ~]# ldapsearch -H ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket -b cn=NIS\ Server,cn=plugins,cn=config dn
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
# extended LDIF
# LDAPv3
# base <cn=NIS Server,cn=plugins,cn=config> with scope subtree
# filter: (objectclass=*)
# requesting: dn 

# NIS Server, plugins, config
dn: cn=NIS Server,cn=plugins,cn=config

# example.com + ethers.byaddr, NIS Server, plugins, config
dn: nis-domain=example.com+nis-map=ethers.byaddr,cn=NIS Server,cn=plugins,cn=c

# example.com + ethers.byname, NIS Server, plugins, config
dn: nis-domain=example.com+nis-map=ethers.byname,cn=NIS Server,cn=plugins,cn=c

# example.com + group.bygid, NIS Server, plugins, config
dn: nis-domain=example.com+nis-map=group.bygid,cn=NIS Server,cn=plugins,cn=con

# example.com + group.byname, NIS Server, plugins, config
dn: nis-domain=example.com+nis-map=group.byname,cn=NIS Server,cn=plugins,cn=co

# example.com + netgroup, NIS Server, plugins, config
dn: nis-domain=example.com+nis-map=netgroup,cn=NIS Server,cn=plugins,cn=config

# example.com + netid.byname, NIS Server, plugins, config
dn: nis-domain=example.com+nis-map=netid.byname,cn=NIS Server,cn=plugins,cn=co

# example.com + passwd.byname, NIS Server, plugins, config
dn: nis-domain=example.com+nis-map=passwd.byname,cn=NIS Server,cn=plugins,cn=c

# example.com + passwd.byuid, NIS Server, plugins, config
dn: nis-domain=example.com+nis-map=passwd.byuid,cn=NIS Server,cn=plugins,cn=co

# search result
search: 3
result: 0 Success

# numResponses: 10
# numEntries: 9

[root@rhel7-1 ~]#
Comment 12 errata-xmlrpc 2016-11-04 01:41:48 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.