Bug 1286781 - ipa-nis-manage does not update ldap with all NIS maps
Summary: ipa-nis-manage does not update ldap with all NIS maps
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.2
Hardware: All
OS: Linux
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: Namita Soman
Depends On:
Blocks: 1298098
TreeView+ depends on / blocked
Reported: 2015-11-30 17:46 UTC by Scott Poore
Modified: 2019-12-16 05:08 UTC (History)
8 users (show)

Fixed In Version: ipa-4.2.0-16.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1298098 (view as bug list)
Last Closed: 2016-11-04 05:41:48 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:2404 0 normal SHIPPED_LIVE ipa bug fix and enhancement update 2016-11-03 13:56:18 UTC

Description Scott Poore 2015-11-30 17:46:59 UTC
Description of problem:

NIS maps are not being added when ipa-nis-manage is run on a freshly installed IPA server.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.  ipa-server-install
2.  ipa-nis-manage enable
3.  systemctl restart dirsrv.target
4.  ldapsearch -H ldapi://%2fvar%2frun%2fslapd-TESTRELM-TEST.socket -b cn=NIS\ Server,cn=plugins,cn=config dn

Actual results:
Only see a couple maps listed.  Do not see passwd, group, or netgroup maps.

[root@rhel7-1 ~]# ipa-nis-manage enable
Directory Manager password: 

Enabling plugin
This setting will not take effect until you restart Directory Server.
The portmap service may need to be started.
[root@rhel7-1 ~]# systemctl restart dirsrv.target

[root@rhel7-1 ~]# ldapsearch -xLLL -D "cn=Directory Manager" -w Secret123 -b "cn=NIS Server,cn=plugins,cn=config" dn
dn: cn=NIS Server,cn=plugins,cn=config

dn: nis-domain=testrelm.test+nis-map=ethers.byaddr,cn=NIS Server,cn=plugins,cn

dn: nis-domain=testrelm.test+nis-map=ethers.byname,cn=NIS Server,cn=plugins,cn

Expected results:
Should see all expected maps.

Additional info:

Comment 1 Scott Poore 2015-11-30 17:58:58 UTC
Alexander helped me with a workaround for this one:

ipa-nis-manage disable
systemctl stop dirsrv.target
cp /etc/dirsrv/slapd-$SUFFIX/dse.ldif /root/dse.ldif.backup.pre-workaround
vi /etc/dirsrv/slapd-$SUFFIX/dse.ldif
# remove all NIS plugin entries
systemctl start dirsrv.target
ipa-nis-manage enable
systemctl restart dirsrv.target

Now you should be able to see the missing NIS maps.

Alexander explained the problem as ipa-nis-manage not handling the case where its configuration is not fully populated.

Comment 2 Petr Vobornik 2015-12-02 13:17:15 UTC
Upstream ticket:

Comment 6 Martin Kosek 2016-01-12 16:00:31 UTC
Upgrade breakage - high prio/sev.

Comment 10 Scott Poore 2016-07-14 22:20:17 UTC

Version ::


Results ::

[root@rhel7-1 ~]# ipa-nis-manage enable
Directory Manager password: 

Enabling plugin
This setting will not take effect until you restart Directory Server.
The rpcbind service may need to be started.

[root@rhel7-1 ~]# service rpcbind restart
Redirecting to /bin/systemctl restart  rpcbind.service

[root@rhel7-1 ~]# systemctl restart dirsrv@EXAMPLE-COM.service

[root@rhel7-1 ~]# ypcat -d example.com -h $(hostname) passwd

[root@rhel7-1 ~]# rpm -q ipa-server

[root@rhel7-1 ~]# ldapsearch -H ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket -b cn=NIS\ Server,cn=plugins,cn=config dn
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
# extended LDIF
# LDAPv3
# base <cn=NIS Server,cn=plugins,cn=config> with scope subtree
# filter: (objectclass=*)
# requesting: dn 

# NIS Server, plugins, config
dn: cn=NIS Server,cn=plugins,cn=config

# example.com + ethers.byaddr, NIS Server, plugins, config
dn: nis-domain=example.com+nis-map=ethers.byaddr,cn=NIS Server,cn=plugins,cn=c

# example.com + ethers.byname, NIS Server, plugins, config
dn: nis-domain=example.com+nis-map=ethers.byname,cn=NIS Server,cn=plugins,cn=c

# example.com + group.bygid, NIS Server, plugins, config
dn: nis-domain=example.com+nis-map=group.bygid,cn=NIS Server,cn=plugins,cn=con

# example.com + group.byname, NIS Server, plugins, config
dn: nis-domain=example.com+nis-map=group.byname,cn=NIS Server,cn=plugins,cn=co

# example.com + netgroup, NIS Server, plugins, config
dn: nis-domain=example.com+nis-map=netgroup,cn=NIS Server,cn=plugins,cn=config

# example.com + netid.byname, NIS Server, plugins, config
dn: nis-domain=example.com+nis-map=netid.byname,cn=NIS Server,cn=plugins,cn=co

# example.com + passwd.byname, NIS Server, plugins, config
dn: nis-domain=example.com+nis-map=passwd.byname,cn=NIS Server,cn=plugins,cn=c

# example.com + passwd.byuid, NIS Server, plugins, config
dn: nis-domain=example.com+nis-map=passwd.byuid,cn=NIS Server,cn=plugins,cn=co

# search result
search: 3
result: 0 Success

# numResponses: 10
# numEntries: 9

[root@rhel7-1 ~]#

Comment 12 errata-xmlrpc 2016-11-04 05:41:48 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.