Hide Forgot
Description of problem: NIS maps are not being added when ipa-nis-manage is run on a freshly installed IPA server. Version-Release number of selected component (if applicable): ipa-server-4.2.0-15.el7_2.3.x86_64 How reproducible: always Steps to Reproduce: 1. ipa-server-install 2. ipa-nis-manage enable 3. systemctl restart dirsrv.target 4. ldapsearch -H ldapi://%2fvar%2frun%2fslapd-TESTRELM-TEST.socket -b cn=NIS\ Server,cn=plugins,cn=config dn Actual results: Only see a couple maps listed. Do not see passwd, group, or netgroup maps. [root@rhel7-1 ~]# ipa-nis-manage enable Directory Manager password: Enabling plugin This setting will not take effect until you restart Directory Server. The portmap service may need to be started. [root@rhel7-1 ~]# systemctl restart dirsrv.target [root@rhel7-1 ~]# ldapsearch -xLLL -D "cn=Directory Manager" -w Secret123 -b "cn=NIS Server,cn=plugins,cn=config" dn dn: cn=NIS Server,cn=plugins,cn=config dn: nis-domain=testrelm.test+nis-map=ethers.byaddr,cn=NIS Server,cn=plugins,cn =config dn: nis-domain=testrelm.test+nis-map=ethers.byname,cn=NIS Server,cn=plugins,cn =config Expected results: Should see all expected maps. Additional info:
Alexander helped me with a workaround for this one: ipa-nis-manage disable systemctl stop dirsrv.target cp /etc/dirsrv/slapd-$SUFFIX/dse.ldif /root/dse.ldif.backup.pre-workaround vi /etc/dirsrv/slapd-$SUFFIX/dse.ldif # remove all NIS plugin entries systemctl start dirsrv.target ipa-nis-manage enable systemctl restart dirsrv.target Now you should be able to see the missing NIS maps. Alexander explained the problem as ipa-nis-manage not handling the case where its configuration is not fully populated.
Upstream ticket: https://fedorahosted.org/freeipa/ticket/5507
Fixed upstream master: https://fedorahosted.org/freeipa/changeset/1d56665fd2ed7025131793bb4b0cda35b12bba9f ipa-4-3: https://fedorahosted.org/freeipa/changeset/aeafae40084798725b7ea99c86497c13567e10e8 ipa-4-2: https://fedorahosted.org/freeipa/changeset/98a86d0efb5e3ecdc38eb51bf0e64dda52365a6d
Upgrade breakage - high prio/sev.
Verified. Version :: ipa-server-4.4.0-2.1.el7.x86_64 Results :: [root@rhel7-1 ~]# ipa-nis-manage enable Directory Manager password: Enabling plugin This setting will not take effect until you restart Directory Server. The rpcbind service may need to be started. [root@rhel7-1 ~]# service rpcbind restart Redirecting to /bin/systemctl restart rpcbind.service [root@rhel7-1 ~]# systemctl restart dirsrv@EXAMPLE-COM.service [root@rhel7-1 ~]# ypcat -d example.com -h $(hostname) passwd admin:*:137000000:137000000:Administrator:/home/admin:/bin/bash [root@rhel7-1 ~]# rpm -q ipa-server ipa-server-4.4.0-2.1.el7.x86_64 [root@rhel7-1 ~]# ldapsearch -H ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket -b cn=NIS\ Server,cn=plugins,cn=config dn SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 # extended LDIF # # LDAPv3 # base <cn=NIS Server,cn=plugins,cn=config> with scope subtree # filter: (objectclass=*) # requesting: dn # # NIS Server, plugins, config dn: cn=NIS Server,cn=plugins,cn=config # example.com + ethers.byaddr, NIS Server, plugins, config dn: nis-domain=example.com+nis-map=ethers.byaddr,cn=NIS Server,cn=plugins,cn=c onfig # example.com + ethers.byname, NIS Server, plugins, config dn: nis-domain=example.com+nis-map=ethers.byname,cn=NIS Server,cn=plugins,cn=c onfig # example.com + group.bygid, NIS Server, plugins, config dn: nis-domain=example.com+nis-map=group.bygid,cn=NIS Server,cn=plugins,cn=con fig # example.com + group.byname, NIS Server, plugins, config dn: nis-domain=example.com+nis-map=group.byname,cn=NIS Server,cn=plugins,cn=co nfig # example.com + netgroup, NIS Server, plugins, config dn: nis-domain=example.com+nis-map=netgroup,cn=NIS Server,cn=plugins,cn=config # example.com + netid.byname, NIS Server, plugins, config dn: nis-domain=example.com+nis-map=netid.byname,cn=NIS Server,cn=plugins,cn=co nfig # example.com + passwd.byname, NIS Server, plugins, config dn: nis-domain=example.com+nis-map=passwd.byname,cn=NIS Server,cn=plugins,cn=c onfig # example.com + passwd.byuid, NIS Server, plugins, config dn: nis-domain=example.com+nis-map=passwd.byuid,cn=NIS Server,cn=plugins,cn=co nfig # search result search: 3 result: 0 Success # numResponses: 10 # numEntries: 9 [root@rhel7-1 ~]#
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2404.html