Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 1442932 - ipa restore fails to restore IPA user
ipa restore fails to restore IPA user
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa (Show other bugs)
7.4
Unspecified Unspecified
medium Severity unspecified
: rc
: ---
Assigned To: IPA Maintainers
Abhijeet Kasurde
: Regression
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-04-18 02:45 EDT by Abhijeet Kasurde
Modified: 2017-08-01 05:48 EDT (History)
7 users (show)

See Also:
Fixed In Version: ipa-4.5.0-9.el7
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-08-01 05:48:56 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
console.log (3.77 KB, text/plain)
2017-04-18 02:48 EDT, Abhijeet Kasurde
no flags Details
console.log (14.76 KB, text/plain)
2017-05-03 05:06 EDT, Abhijeet Kasurde
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:2304 normal SHIPPED_LIVE ipa bug fix and enhancement update 2017-08-01 08:41:35 EDT

  None (edit)
Description Abhijeet Kasurde 2017-04-18 02:45:56 EDT
Description of problem:
ipa restore fails to restore IPA user after restoring backup which contains specified IPA User.

Version-Release number of selected component (if applicable):
# rpm -qa ipa-server selinux-policy 389-ds-base pki-server
selinux-policy-3.13.1-142.el7.100.noarch
ipa-server-4.5.0-6.el7.x86_64
pki-server-10.4.1-1.el7.noarch
389-ds-base-1.3.6.1-7.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1. Install IPA server on fresh installation
2. Create a IPA user
3. Take a full backup of IPA server
4. Uninstall IPA server 
5. Restore backup using ipa-restore
6. Check if user exists

Actual results:
IPA User not found

Expected results:
IPA user should be available
Comment 3 Abhijeet Kasurde 2017-04-18 02:48 EDT
Created attachment 1272225 [details]
console.log
Comment 4 Petr Vobornik 2017-04-18 07:44:19 EDT
Is the test correct? 

The user is added with:

[root@ipaserver01 ~]# echo Password | ipa user-add --first testuser1 --last testuser1 testuser1 --password

but checked with:

[root@ipaserver01 ~]# ipa user-find f@TESTRELM.TEST

which is completely different user
Comment 5 Abhijeet Kasurde 2017-04-18 08:49:45 EDT
(In reply to Petr Vobornik from comment #4)
> Is the test correct? 
> 
> The user is added with:
> 
> [root@ipaserver01 ~]# echo Password | ipa user-add --first testuser1 --last
> testuser1 testuser1 --password
> 
> but checked with:
> 
> [root@ipaserver01 ~]# ipa user-find f@TESTRELM.TEST
> 
> which is completely different user

My bad. I meant to say 

[root@ipaserver01 ~]# ipa user-find testuser1@TESTRELM.TEST
Comment 10 Petr Vobornik 2017-04-21 06:18:36 EDT
Tried, backup and restore. It works for me, but I encountered other issue after backup which looks like bug 1436642 - user find ended with "RuntimeError: maximum recursion depth exceeded in cmp".

After 
# systemctl restart gssproxy
# systemctl restart httpd.service
# kdestroy -A
# kinit admin

User find returned expected output (test user was there).

# rpm -q ipa-server gssproxy mod_auth_gssapi
ipa-server-4.5.0-7.el7.x86_64
gssproxy-0.7.0-3.el7.x86_64
mod_auth_gssapi-1.5.1-2.el7.x86_64
Comment 12 Petr Vobornik 2017-04-26 12:41:48 EDT
Upstream ticket:
https://pagure.io/freeipa/issue/6902
Comment 15 Abhijeet Kasurde 2017-05-03 05:05:14 EDT
Verified using IPA server :: ipa-server-4.5.0-9.el7.x86_64

Marking BZ as verified.
Comment 16 Abhijeet Kasurde 2017-05-03 05:06 EDT
Created attachment 1275850 [details]
console.log
Comment 17 errata-xmlrpc 2017-08-01 05:48:56 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2304

Note You need to log in before you can comment on or make changes to this bug.