Description of problem: In the context of IPA, when adding auser, views and idviewoverrides following ldapsearches with scope base for the entry fail Version-Release number of selected component (if applicable): How reproducible: With IPA systematically Steps to Reproduce: 1: Install an IPA server 2. Perform teh following operations ipa user-add --first Fx --last Lx userx ipa idview-add view_x ipa idoverrideuser-add view_x userx 3. restart DS (not always required) 4. do a base search conn=11 op=5 SRCH base="ipaanchoruuid=:IPA:..................,cn=view_x,cn=views,cn=accounts,dc=abc,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com" scope=0 filter="(objectClass=*)" attrs="ipaSshPubKey uid loginShell * uidNumber ipaAnchorUUID gidNumber gecos homeDirectory ipaOriginalUid description aci" conn=11 op=5 RESULT err=32 tag=101 nentries=0 etime=0 Actual results: the searches for the Expected results: search should return one entry Additional info:
*** Bug 1356139 has been marked as a duplicate of this bug. ***
Tested on RHEL73 using ipa-server-4.4.0-11.el7.x86_64 [root@master ~]# ipa user-add --first Fx --last Lx userx ------------------ Added user "userx" ------------------ User login: userx First name: Fx Last name: Lx Full name: Fx Lx Display name: Fx Lx Initials: FL Home directory: /home/userx GECOS: Fx Lx Login shell: /bin/sh Principal name: userx Principal alias: userx Email address: userx UID: 539000001 GID: 539000001 Password: False Member of groups: ipausers Kerberos keys available: False [root@master ~]# ipa idview-add view_x ---------------------- Added ID View "view_x" ---------------------- ID View Name: view_x [root@master ~]# ipa idoverrideuser-add view_x userx ------------------------------ Added User ID override "userx" ------------------------------ Anchor to override: userx [root@master ~]# ldapsearch -x -D "cn=Directory Manager" -b "cn=views,cn=accounts,dc=test-relm,dc=test" -W Enter LDAP Password: # extended LDIF # # LDAPv3 # base <cn=views,cn=accounts,dc=test-relm,dc=test> with scope subtree # filter: (objectclass=*) # requesting: ALL # # views, accounts, test-relm.test dn: cn=views,cn=accounts,dc=test-relm,dc=test objectClass: nsContainer objectClass: top cn: views # view_x, views, accounts, test-relm.test dn: cn=view_x,cn=views,cn=accounts,dc=test-relm,dc=test objectClass: ipaIDView objectClass: top objectClass: nsContainer cn: view_x # :IPA:test-relm.test:1f7d4202-7c06-11e6-a2a0-525400e715b1, view_x, views, acco unts, test-relm.test dn: ipaanchoruuid=:IPA:test-relm.test:1f7d4202-7c06-11e6-a2a0-525400e715b1,cn= view_x,cn=views,cn=accounts,dc=test-relm,dc=test objectClass: ipaOverrideAnchor objectClass: top objectClass: ipaUserOverride objectClass: ipasshuser objectClass: ipaSshGroupOfPubKeys ipaOriginalUid: userx ipaAnchorUUID:: OklQQTp0ZXN0LXJlbG0udGVzdDoxZjdkNDIwMi03YzA2LTExZTYtYTJhMC01Mj U0MDBlNzE1YjE= # search result search: 2 result: 0 Success # numResponses: 4 # numEntries: 3
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2471.html