Bug 1354381 - ipa trust-add with raw option gives internal error.
Summary: ipa trust-add with raw option gives internal error.
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.3
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: Kaleem
: 1266080 (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 2016-07-11 08:23 UTC by Sudhir Menon
Modified: 2016-11-04 05:57 UTC (History)
3 users (show)

Fixed In Version: ipa-4.4.0-3.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2016-11-04 05:57:09 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:2404 0 normal SHIPPED_LIVE ipa bug fix and enhancement update 2016-11-03 13:56:18 UTC

Description Sudhir Menon 2016-07-11 08:23:58 UTC
Description of problem:ipa trust-add with raw option gives internal error.

Version-Release number of selected component (if applicable):

How reproducible: Always

Steps to Reproduce:
1. install ipa-server
2. run ipa-adtrust-install
3. now establish external trust with --raw option

Actual results:
[root@server samba]# ipa trust-add --type='ad' --range-type='ipa-ad-trust' --two-way=true --external=true  --raw
Realm name: pne.qe
Active Directory domain administrator: administrator
Active Directory domain administrator's password: 
ipa: ERROR: an internal error has occurred

===cat /var/log/httpd/error_log===
[Mon Jul 11 13:43:28.568276 2016] [:error] [pid 15623] ipa: INFO: [jsonserver_kerb] admin@TESTRELM.TEST: trust_add/1(u'pne.qe', trust_type=u'ad', realm_admin=u'administrator', realm_passwd=u'********', range_type=u'ipa-ad-trust', bidirectional=True, external=True, all=True, raw=True, version=u'2.210'): KeyError
[Mon Jul 11 13:43:36.015919 2016] [:error] [pid 15624] ipa: INFO: [jsonserver_kerb] admin@TESTRELM.TEST: trust_find/1(None, version=u'2.210'): SUCCESS
[Mon Jul 11 13:44:40.087057 2016] [:error] [pid 15623] ipa: INFO: [jsonserver_kerb] admin@TESTRELM.TEST: trust_del/1((u'pne.qe',), version=u'2.210'): SUCCESS
[Mon Jul 11 13:46:29.644247 2016] [:error] [pid 15624] ipa: ERROR: non-public: KeyError: 'ipanttrusttype'
[Mon Jul 11 13:46:29.644275 2016] [:error] [pid 15624] Traceback (most recent call last):
[Mon Jul 11 13:46:29.644287 2016] [:error] [pid 15624]   File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 352, in wsgi_execute
[Mon Jul 11 13:46:29.644289 2016] [:error] [pid 15624]     result = self.Command[name](*args, **options)
[Mon Jul 11 13:46:29.644291 2016] [:error] [pid 15624]   File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 447, in __call__
[Mon Jul 11 13:46:29.644294 2016] [:error] [pid 15624]     return self.__do_call(*args, **options)
[Mon Jul 11 13:46:29.644296 2016] [:error] [pid 15624]   File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 475, in __do_call
[Mon Jul 11 13:46:29.644298 2016] [:error] [pid 15624]     ret = self.run(*args, **options)
[Mon Jul 11 13:46:29.644299 2016] [:error] [pid 15624]   File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 797, in run
[Mon Jul 11 13:46:29.644301 2016] [:error] [pid 15624]     return self.execute(*args, **options)
[Mon Jul 11 13:46:29.644303 2016] [:error] [pid 15624]   File "/usr/lib/python2.7/site-packages/ipaserver/plugins/trust.py", line 767, in execute
[Mon Jul 11 13:46:29.644305 2016] [:error] [pid 15624]     result['result']['ipanttrusttype'][0], attributes)]
[Mon Jul 11 13:46:29.644307 2016] [:error] [pid 15624] KeyError: 'ipanttrusttype'

Expected results:
Although the trust gets established properly without any issues, we need to fix the internal error displayed on the console.

Additional info:

Comment 2 Petr Vobornik 2016-07-12 15:48:43 UTC
Upstream ticket:

Comment 3 Jan Cholasta 2016-07-21 11:02:03 UTC
Fixed upstream

Comment 5 Sudhir Menon 2016-07-25 14:28:21 UTC
Traceback message is no more seen in httpd/error log, also there is no error on the console.

Verified using ipa-server-trust-ad-4.4.0-3.el7.x86_64

[root@vm92 httpd]# ipa trust-add --type='ad' --range-type='ipa-ad-trust' --two-way=true --external=true  --raw
Realm name: pne.qe
Active Directory domain administrator: Administrator
Active Directory domain administrator's password: 
Added Active Directory trust for realm "pne.qe"
  cn: pne.qe
  ipantflatname: PNE
  ipanttrusteddomainsid: S-1-5-21-3912719521-1967590360-1136226524

[Mon Jul 25 19:50:54.639589 2016] [:error] [pid 19782] ipa: INFO: Checking DNS domain pne.qe., please wait ...
[Mon Jul 25 19:51:00.137490 2016] [:error] [pid 19782] ipa: INFO: [jsonserver_kerb] admin@IPA73.TEST: dnsforwardzone_add/1(u'pne.qe', idnsforwarders=(u'',), idnsforwardpolicy=u'only', version=u'2.211'): SUCCESS
[Mon Jul 25 19:55:25.704703 2016] [:error] [pid 19783] ipa: INFO: [jsonserver_kerb] admin@IPA73.TEST: trust_add/1(u'pne.qe', trust_type=u'ad', realm_admin=u'Administrator', realm_passwd=u'********', range_type=u'ipa-ad-trust', bidirectional=True, external=True, raw=True, version=u'2.211'): SUCCESS

Comment 6 Martin Babinsky 2016-09-21 15:25:17 UTC
*** Bug 1266080 has been marked as a duplicate of this bug. ***

Comment 8 errata-xmlrpc 2016-11-04 05:57:09 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.