Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 1883467 - Add --use-ldaps option to adcli update as well
Summary: Add --use-ldaps option to adcli update as well
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: adcli
Version: 8.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: 8.0
Assignee: Sumit Bose
QA Contact: shridhar
URL:
Whiteboard: sync-to-jira
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-09-29 10:18 UTC by Sumit Bose
Modified: 2021-05-18 14:57 UTC (History)
2 users (show)

Fixed In Version: adcli-0.8.2-8.el8
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-05-18 14:57:22 UTC
Type: Bug
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2021:1638 0 None None None 2021-05-18 14:57:29 UTC

Description Sumit Bose 2020-09-29 10:18:51 UTC
Description of problem:

All other sub-commands already support the --use-ldaps option, adcli update should allow this option as well.

Comment 7 shridhar 2020-11-20 07:53:51 UTC
tested with : 

Join the client to AD:
-------------------------

:: [ 14:16:38 ] :: [  BEGIN   ] :: Join computer to AD :: actually running 'echo -n weareawesome2012! | LANG=C LDAPTLS_CACERT=/etc/openldap/certs/ad_cert.pem adcli join --use-ldaps --verbose --stdin-password -U Administrator --host-fqdn=ci-vm-10-0-139-.ad.baseos.qe --domain ad.baseos.qe --domain-realm AD.BASEOS.QE'
 * Using fully qualified name: ci-vm-10-0-139-.ad.baseos.qe
 * Using domain name: ad.baseos.qe
 * Calculated computer account name from fqdn: CI-VM-10-0-139-
 * Using domain realm: ad.baseos.qe
 * Discovering domain controllers: _ldap._tcp.ad.baseos.qe
 * Sending NetLogon ping to domain controller: sec-ad1.ad.baseos.qe
 * Sending NetLogon ping to domain controller: sec-ad1.ad.baseos.qe
[........]
 * Added the entries to the keytab: host/ci-vm-10-0-139-.ad.baseos.qe@AD.BASEOS.QE: FILE:/etc/krb5.keytab
 * Cleared old entries from keytab: FILE:/etc/krb5.keytab
 * Added the entries to the keytab: RestrictedKrbHost/CI-VM-10-0-139-@AD.BASEOS.QE: FILE:/etc/krb5.keytab
 * Cleared old entries from keytab: FILE:/etc/krb5.keytab
 * Added the entries to the keytab: RestrictedKrbHost/ci-vm-10-0-139-.ad.baseos.qe@AD.BASEOS.QE: FILE:/etc/krb5.keytab
:: [ 14:16:46 ] :: [   PASS   ] :: Join computer to AD (Expected 0, got 0)


with previous version: adcli-0.8.2-7.el8.x86_64
-------------------------------------------------

:: [ 02:34:00 ] :: [  BEGIN   ] :: Running 'adcli update --use-ldaps -C --verbose --description='modified by shridhar with update --use-ldaps' --domain='ad.baseos.qe''
update: unrecognized option '--use-ldaps'
usage: adcli update

  -D, --domain=<...>        active directory domain name
  -S, --domain-controller=<...>
                            domain controller to connect to
  -H, --host-fqdn=<...>     override the fully qualified domain name of the
                            local machine
  -K, --host-keytab=<...>   filename for the host kerberos keytab
  -N, --computer-name=<...> override the netbios short name of the local
                            machine
  -C, --login-ccache=<...>  kerberos credential cache file which contains
                            ticket to used to connect to the domain
  -V, --service-name=<...>  additional service name for a kerberos
                            service principal to be created on the account
  --os-name=<...>           the computer operating system name
  --os-version=<...>        the computer operating system version
  --os-service-pack=<...>   the computer operating system service pack
  --user-principal=<...>    add an authentication principal to the account
  --computer-password-lifetime=<...>
                            lifetime of the host accounts password in days
  --trusted-for-delegation=<...>
                            set/unset the TRUSTED_FOR_DELEGATION flag
                            in the userAccountControl attribute
  --add-service-principal=<...>
                            add the given service principal to the account
                            
  --remove-service-principal=<...>
                            remove the given service principal from the account
                            
  --description=<...>       add a description to the account
                            
  --show-details            show information about joining the domain after
                            a successful join
  --show-password           show computer account password after a
                            successful join
  --add-samba-data          add domain SID and computer account password
                            to the Samba specific configuration database
  --samba-data-tool         Absolute path to the tool used for add-samba-data
  -v, --verbose             show verbose progress and failure messages



------------------------------------------------------------------------------
           After update of adcli
------------------------------------------------------------------------------

[root@ci-vm-10-0-139- tmp.D9Q6phXGl3]# rpm -q adcli
adcli-0.8.2-8.el8.x86_64


3]# adcli update --use-ldaps -C --verbose --description='modified xyzxyzxyz' --domain='ad.baseos.qe'
 * Found realm in keytab: AD.BASEOS.QE
 * Found computer name in keytab: CI-VM-10-0-139-
 * Found service principal in keytab: host/CI-VM-10-0-139-
 * Found service principal in keytab: host/ci-vm-10-0-139-.ad.baseos.qe
 * Found host qualified name in keytab: ci-vm-10-0-139-.ad.baseos.qe
 * Found service principal in keytab: RestrictedKrbHost/CI-VM-10-0-139-
 * Found service principal in keytab: RestrictedKrbHost/ci-vm-10-0-139-.ad.baseos.qe
 * Using domain name: ad.baseos.qe
 * Using computer account name: CI-VM-10-0-139-
 * Using domain realm: ad.baseos.qe
 * Discovering domain controllers: _ldap._tcp.ad.baseos.qe
 * Sending NetLogon ping to domain controller: sec-ad1.ad.baseos.qe
 * Sending NetLogon ping to domain controller: sec-ad1.ad.baseos.qe
 * Received NetLogon info from: sec-ad1.ad.baseos.qe
 * Using LDAPS to connect to sec-ad1.ad.baseos.qe
 * Wrote out krb5.conf snippet to /tmp/adcli-krb5-MZtB2e/krb5.d/adcli-krb5-conf-8ZpmNX
 * Using GSSAPI for SASL bind
 * Looked up short domain name: AD
 * Looked up domain SID: S-1-5-21-3917357665-4280980005-1639201238
 * Using fully qualified name: ci-vm-10-0-139-.ad.baseos.qe
 * Using domain name: ad.baseos.qe
 * Using computer account name: CI-VM-10-0-139-
 * Using domain realm: ad.baseos.qe
 * Using fully qualified name: ci-vm-10-0-139-.ad.baseos.qe
 * Enrolling computer name: CI-VM-10-0-139-
 * Generated 120 character computer password
 * Using keytab: FILE:/etc/krb5.keytab
 * Found computer account for CI-VM-10-0-139-$ at: CN=CI-VM-10-0-139-,CN=Computers,DC=ad,DC=baseos,DC=qe
 * Retrieved kvno '2' for computer account in directory: CN=CI-VM-10-0-139-,CN=Computers,DC=ad,DC=baseos,DC=qe
 * Password not too old, no change needed
 * Sending NetLogon ping to domain controller: sec-ad1.ad.baseos.qe
 * Sending NetLogon ping to domain controller: sec-ad1.ad.baseos.qe
 * Received NetLogon info from: sec-ad1.ad.baseos.qe
 * Modifying computer account: description
 * Checking RestrictedKrbHost/ci-vm-10-0-139-.ad.baseos.qe
 *    Added RestrictedKrbHost/ci-vm-10-0-139-.ad.baseos.qe
 * Checking RestrictedKrbHost/CI-VM-10.
.
.
.

-0-139-
 *    Added RestrictedKrbHost/CI-VM-10-0-139-
 * Checking host/ci-vm-10-0-139-.ad.baseos.qe
 *    Added host/ci-vm-10-0-139-.ad.baseos.qe
 * Checking host/CI-VM-10-0-139-
 *    Added host/CI-VM-10-0-139-
[root@ci-vm-10-0-139- tmp.D9Q6phXGl3]# ldapsearch -x -H ldaps://sec-ad1.ad.baseos.qe -b 'cn=computers,dc=ad,dc=baseos,dc=qe' -D 'Administrator@AD.BASEOS.QE' -w 'weareawesome2012!' 'cn=ci-vm-10-0-139-' 'description'
# extended LDIF
#
# LDAPv3
# base <cn=computers,dc=ad,dc=baseos,dc=qe> with scope subtree
# filter: cn=ci-vm-10-0-139-
# requesting: description 
#

# CI-VM-10-0-139-, Computers, ad.baseos.qe
dn: CN=CI-VM-10-0-139-,CN=Computers,DC=ad,DC=baseos,DC=qe
description: modified xyzxyzxyz

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1


]# adcli update --use-ldaps -C --verbose --os-name='random os' --domain='ad.baseos.qe'
 * Found realm in keytab: AD.BASEOS.QE
 * Found computer name in keytab: CI-VM-10-0-139-
[......]
 * Sending NetLogon ping to domain controller: sec-ad1.ad.baseos.qe
 * Received NetLogon info from: sec-ad1.ad.baseos.qe
 * Modifying computer account: operatingSystem
 * Checking RestrictedKrbHost/ci-vm-10-0-139-.ad.baseos.qe
 *    Added RestrictedKrbHost/ci-vm-10-0-139-.ad.baseos.qe
 * Checking RestrictedKrbHost/CI-VM-10-0-139-
 *    Added RestrictedKrbHost/CI-VM-10-0-139-
 * Checking host/ci-vm-10-0-139-.ad.baseos.qe
 *    Added host/ci-vm-10-0-139-.ad.baseos.qe
 * Checking host/CI-VM-10-0-139-
 *    Added host/CI-VM-10-0-139-


]# ldapsearch -x -H ldaps://sec-ad1.ad.baseos.qe -b 'cn=computers,dc=ad,dc=baseos,dc=qe' -D 'Administrator@AD.BASEOS.QE' -w 'weareawesome2012!' 'cn=ci-vm-10-0-139-' 'operatingSystem'
# extended LDIF
#
# LDAPv3
# base <cn=computers,dc=ad,dc=baseos,dc=qe> with scope subtree
# filter: cn=ci-vm-10-0-139-
# requesting: operatingSystem 
#

# CI-VM-10-0-139-, Computers, ad.baseos.qe
dn: CN=CI-VM-10-0-139-,CN=Computers,DC=ad,DC=baseos,DC=qe
operatingSystem: random os

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1


Marking verified.

Comment 8 shridhar 2020-11-30 14:59:22 UTC

:: [ 09:47:35 ] :: [   PASS   ] :: Command 'cat /etc/openldap/certs/ad_cert.pem' (Expected 0, got 0)
:: [ 09:47:35 ] :: [   LOG    ] :: Add rule for dropping port TCP 389
:: [ 09:47:35 ] :: [  BEGIN   ] :: Running 'iptables -A OUTPUT -p tcp --destination-port 389 -j DROP'
:: [ 09:47:35 ] :: [   PASS   ] :: Command 'iptables -A OUTPUT -p tcp --destination-port 389 -j DROP' (Expected 0, got 0)
:: [ 09:47:35 ] :: [  BEGIN   ] :: Running 'iptables-save'
# Generated by iptables-save v1.8.4 on Mon Nov 30 09:47:35 2020
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A OUTPUT -p tcp -m tcp --dport 389 -j DROP
COMMIT
# Completed on Mon Nov 30 09:47:35 2020
:: [ 09:47:35 ] :: [   PASS   ] :: Command 'iptables-save' (Expected 0, got 0)
:: [ 09:47:35 ] :: [  BEGIN   ] :: Join computer to AD :: actually running 'echo -n weareawesome2012! | LANG=C LDAPTLS_CACERT=/etc/openldap/certs/ad_cert.pem adcli join --use-ldaps --verbose --stdin-password -U Administrator --host-fqdn=ci-vm-10-0-139-.ad.baseos.qe --domain ad.baseos.qe --domain-realm AD.BASEOS.QE'
 * Using fully qualified name: ci-vm-10-0-139-.ad.baseos.qe
 * Using domain name: ad.baseos.qe
 * Calculated computer account name from fqdn: CI-VM-10-0-139-
 * Using domain realm: ad.baseos.qe
 * Discovering domain controllers: _ldap._tcp.ad.baseos.qe
 * Sending NetLogon ping to domain controller: sec-ad1.ad.baseos.qe
 * Sending NetLogon ping to domain controller: sec-ad1.ad.baseos.qe
 * Received NetLogon info from: sec-ad1.ad.baseos.qe
 * Using LDAPS to connect to sec-ad1.ad.baseos.qe
 * Wrote out krb5.conf snippet to /tmp/adcli-krb5-RxRKlZ/krb5.d/adcli-krb5-conf-30Q9hY
 * Authenticated as user: Administrator@AD.BASEOS.QE
 * Using GSSAPI for SASL bind
 * Looked up short domain name: AD
 * Looked up domain SID: S-1-5-21-3917357665-4280980005-1639201238
 * Using fully qualified name: ci-vm-10-0-139-.ad.baseos.qe
 * Using domain name: ad.baseos.qe
 * Using computer account name: CI-VM-10-0-139-
 * Using domain realm: ad.baseos.qe
 * Calculated computer account name from fqdn: CI-VM-10-0-139-
 * Generated 120 character computer password
 * Using keytab: FILE:/etc/krb5.keytab
 * Computer account for CI-VM-10-0-139-$ does not exist
 * Found well known computer container at: CN=Computers,DC=ad,DC=baseos,DC=qe
 * Calculated computer account: CN=CI-VM-10-0-139-,CN=Computers,DC=ad,DC=baseos,DC=qe
 * Encryption type [16] not permitted.
 * Encryption type [23] not permitted.
 * Encryption type [3] not permitted.
 * Encryption type [1] not permitted.
 * Created computer account: CN=CI-VM-10-0-139-,CN=Computers,DC=ad,DC=baseos,DC=qe
 * Sending NetLogon ping to domain controller: sec-ad1.ad.baseos.qe
 * Sending NetLogon ping to domain controller: sec-ad1.ad.baseos.qe
 * Received NetLogon info from: sec-ad1.ad.baseos.qe
 * Set computer password
 * Retrieved kvno '2' for computer account in directory: CN=CI-VM-10-0-139-,CN=Computers,DC=ad,DC=baseos,DC=qe
 * Checking RestrictedKrbHost/ci-vm-10-0-139-.ad.baseos.qe
 *    Added RestrictedKrbHost/ci-vm-10-0-139-.ad.baseos.qe
 * Checking RestrictedKrbHost/CI-VM-10-0-139-
 *    Added RestrictedKrbHost/CI-VM-10-0-139-
 * Checking host/ci-vm-10-0-139-.ad.baseos.qe
 *    Added host/ci-vm-10-0-139-.ad.baseos.qe
 * Checking host/CI-VM-10-0-139-
 *    Added host/CI-VM-10-0-139-
 * Discovered which keytab salt to use
 * Added the entries to the keytab: CI-VM-10-0-139-$@AD.BASEOS.QE: FILE:/etc/krb5.keytab
 * Added the entries to the keytab: host/CI-VM-10-0-139-@AD.BASEOS.QE: FILE:/etc/krb5.keytab
 * Added the entries to the keytab: host/ci-vm-10-0-139-.ad.baseos.qe@AD.BASEOS.QE: FILE:/etc/krb5.keytab
 * Added the entries to the keytab: RestrictedKrbHost/CI-VM-10-0-139-@AD.BASEOS.QE: FILE:/etc/krb5.keytab
 * Added the entries to the keytab: RestrictedKrbHost/ci-vm-10-0-139-.ad.baseos.qe@AD.BASEOS.QE: FILE:/etc/krb5.keytab
:: [ 09:47:44 ] :: [   PASS   ] :: Join computer to AD (Expected 0, got 0)
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 20s
::   Assertions: 14 good, 0 bad
::   RESULT: PASS (Setup)


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   adcli update --use-ldaps
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

[root@ci-vm-10-0-139- tmp.3KZf7y112N]# vim /etc/yum.repos.d/rhel.repo 
[root@ci-vm-10-0-139- tmp.3KZf7y112N]# rpm -q adcli
adcli-0.8.2-7.el8.x86_64
[root@ci-vm-10-0-139- tmp.3KZf7y112N]# dnf info adcli
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.

rhel                                                                                                                                                                                15 kB/s | 2.8 kB     00:00    
rhel                                                                                                                                                                               7.0 MB/s | 2.3 MB     00:00    
rhel-AppStream                                                                                                                                                                      21 kB/s | 3.2 kB     00:00    
Installed Packages
Name         : adcli
Version      : 0.8.2
Release      : 7.el8
Architecture : x86_64
Size         : 271 k
Source       : adcli-0.8.2-7.el8.src.rpm
Repository   : @System
From repo    : rhel-updates
Summary      : Active Directory enrollment
URL          : http://cgit.freedesktop.org/realmd/adcli
License      : LGPLv2+
Description  : adcli is a tool for joining an Active Directory domain using
             : standard LDAP and Kerberos calls.

Available Packages
Name         : adcli
Version      : 0.8.2
Release      : 8.el8
Architecture : x86_64
Size         : 114 k
Source       : adcli-0.8.2-8.el8.src.rpm
Repository   : rhel1
Summary      : Active Directory enrollment
URL          : http://cgit.freedesktop.org/realmd/adcli
License      : LGPLv2+
Description  : adcli is a tool for joining an Active Directory domain using
             : standard LDAP and Kerberos calls.

[root@ci-vm-10-0-139- tmp.3KZf7y112N]# vim /etc/yum.repos.d/rhel.repo 
[root@ci-vm-10-0-139- tmp.3KZf7y112N]# dnf update adcli
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.

Last metadata expiration check: 0:00:22 ago on Mon 30 Nov 2020 09:53:28 AM EST.
Dependencies resolved.
===================================================================================================================================================================================================================
 Package                                          Architecture                                      Version                                                 Repository                                        Size
===================================================================================================================================================================================================================
Upgrading:
 adcli                                            x86_64                                            0.8.2-8.el8                                             rhel1                                            114 k

Transaction Summary
===================================================================================================================================================================================================================
Upgrade  1 Package

Total download size: 114 k
Is this ok [y/N]: y
Downloading Packages:
adcli-0.8.2-8.el8.x86_64.rpm                                                                                                                                                       858 kB/s | 114 kB     00:00    
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                                                              838 kB/s | 114 kB     00:00     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                                                           1/1 
  Upgrading        : adcli-0.8.2-8.el8.x86_64                                                                                                                                                                  1/2 
  Running scriptlet: adcli-0.8.2-8.el8.x86_64                                                                                                                                                                  1/2 
  Cleanup          : adcli-0.8.2-7.el8.x86_64                                                                                                                                                                  2/2 
  Running scriptlet: adcli-0.8.2-7.el8.x86_64                                                                                                                                                                  2/2 
  Verifying        : adcli-0.8.2-8.el8.x86_64                                                                                                                                                                  1/2 
  Verifying        : adcli-0.8.2-7.el8.x86_64                                                                                                                                                                  2/2 
Installed products updated.

Upgraded:
  adcli-0.8.2-8.el8.x86_64                                                                                                                                                                                         

Complete!
[root@ci-vm-10-0-139- tmp.3KZf7y112N]# exit
:: [ 09:53:57 ] :: [  BEGIN   ] :: Running 'echo -n Pass2012! | kinit Amy-admin@AD.BASEOS.QE'
Password for Amy-admin@AD.BASEOS.QE: 
:: [ 09:54:00 ] :: [   PASS   ] :: Command 'echo -n Pass2012! | kinit Amy-admin@AD.BASEOS.QE' (Expected 0, got 0)
:: [ 09:54:00 ] :: [  BEGIN   ] :: Running 'adcli update --use-ldaps -C --verbose --description='modified by shridhar with update --use-ldaps' --domain='ad.baseos.qe''
 * Found realm in keytab: AD.BASEOS.QE
 * Found computer name in keytab: CI-VM-10-0-139-
 * Found service principal in keytab: host/CI-VM-10-0-139-
 * Found service principal in keytab: host/ci-vm-10-0-139-.ad.baseos.qe
 * Found host qualified name in keytab: ci-vm-10-0-139-.ad.baseos.qe
 * Found service principal in keytab: RestrictedKrbHost/CI-VM-10-0-139-
 * Found service principal in keytab: RestrictedKrbHost/ci-vm-10-0-139-.ad.baseos.qe
 * Using domain name: ad.baseos.qe
 * Using computer account name: CI-VM-10-0-139-
 * Using domain realm: ad.baseos.qe
 * Discovering domain controllers: _ldap._tcp.ad.baseos.qe
 * Sending NetLogon ping to domain controller: sec-ad1.ad.baseos.qe
 * Sending NetLogon ping to domain controller: sec-ad1.ad.baseos.qe
 * Received NetLogon info from: sec-ad1.ad.baseos.qe
 * Using LDAPS to connect to sec-ad1.ad.baseos.qe
 * Wrote out krb5.conf snippet to /tmp/adcli-krb5-o6VPUj/krb5.d/adcli-krb5-conf-e8Ottt
 * Using GSSAPI for SASL bind
 * Looked up short domain name: AD
 * Looked up domain SID: S-1-5-21-3917357665-4280980005-1639201238
 * Using fully qualified name: ci-vm-10-0-139-.ad.baseos.qe
 * Using domain name: ad.baseos.qe
 * Using computer account name: CI-VM-10-0-139-
 * Using domain realm: ad.baseos.qe
 * Using fully qualified name: ci-vm-10-0-139-.ad.baseos.qe
 * Enrolling computer name: CI-VM-10-0-139-
 * Generated 120 character computer password
 * Using keytab: FILE:/etc/krb5.keytab
 * Found computer account for CI-VM-10-0-139-$ at: CN=CI-VM-10-0-139-,CN=Computers,DC=ad,DC=baseos,DC=qe
 * Retrieved kvno '2' for computer account in directory: CN=CI-VM-10-0-139-,CN=Computers,DC=ad,DC=baseos,DC=qe
 * Password not too old, no change needed
 * Sending NetLogon ping to domain controller: sec-ad1.ad.baseos.qe
 * Sending NetLogon ping to domain controller: sec-ad1.ad.baseos.qe
 * Received NetLogon info from: sec-ad1.ad.baseos.qe
 * Modifying computer account: description
 * Checking RestrictedKrbHost/ci-vm-10-0-139-.ad.baseos.qe
 *    Added RestrictedKrbHost/ci-vm-10-0-139-.ad.baseos.qe
 * Checking RestrictedKrbHost/CI-VM-10-0-139-
 *    Added RestrictedKrbHost/CI-VM-10-0-139-
 * Checking host/ci-vm-10-0-139-.ad.baseos.qe
 *    Added host/ci-vm-10-0-139-.ad.baseos.qe
 * Checking host/CI-VM-10-0-139-
 *    Added host/CI-VM-10-0-139-
:: [ 09:54:05 ] :: [   PASS   ] :: Command 'adcli update --use-ldaps -C --verbose --description='modified by shridhar with update --use-ldaps' --domain='ad.baseos.qe'' (Expected 0, got 0)
:: [ 09:54:06 ] :: [  BEGIN   ] :: Running 'ldapsearch -x -H ldaps://sec-ad1.ad.baseos.qe -D Amy-admin@ad.baseos.qe -w Pass2012! -b 'cn=computers,dc=ad,dc=baseos,dc=qe' "cn=CI-VM-10-0-139-" description |grep -i 'modified by shridhar''
description: modified by shridhar with update --use-ldaps
:: [ 09:54:07 ] :: [   PASS   ] :: Command 'ldapsearch -x -H ldaps://sec-ad1.ad.baseos.qe -D Amy-admin@ad.baseos.qe -w Pass2012! -b 'cn=computers,dc=ad,dc=baseos,dc=qe' "cn=CI-VM-10-0-139-" description |grep -i 'modified by shridhar'' (Expected 0, got 0)
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 383s
::   Assertions: 3 good, 0 bad
::   RESULT: PASS (adcli update --use-ldaps)



marking verified

Comment 10 errata-xmlrpc 2021-05-18 14:57:22 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (adcli bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:1638


Note You need to log in before you can comment on or make changes to this bug.