1883467 – Add --use-ldaps option to adcli update as well

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1883467 - Add --use-ldaps option to adcli update as well

Summary: Add --use-ldaps option to adcli update as well

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	adcli
Sub Component:
Version:	8.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	8.0
Assignee:	Sumit Bose
QA Contact:	shridhar
Docs Contact:
URL:
Whiteboard:	sync-to-jira
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-09-29 10:18 UTC by Sumit Bose
Modified:	2021-05-18 14:57 UTC (History)
CC List:	2 users (show)
Fixed In Version:	adcli-0.8.2-8.el8
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-05-18 14:57:22 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2021:1638	0	None	None	None	2021-05-18 14:57:29 UTC

Description Sumit Bose 2020-09-29 10:18:51 UTC

Description of problem:

All other sub-commands already support the --use-ldaps option, adcli update should allow this option as well.

Comment 2 Sumit Bose 2020-10-20 12:03:52 UTC

Upstream:
 - https://gitlab.freedesktop.org/realmd/adcli/-/commit/76ca1e6737742208d83e016d43a3379e378f8d90

Comment 7 shridhar 2020-11-20 07:53:51 UTC

tested with : 

Join the client to AD:
-------------------------

:: [ 14:16:38 ] :: [  BEGIN   ] :: Join computer to AD :: actually running 'echo -n weareawesome2012! | LANG=C LDAPTLS_CACERT=/etc/openldap/certs/ad_cert.pem adcli join --use-ldaps --verbose --stdin-password -U Administrator --host-fqdn=ci-vm-10-0-139-.ad.baseos.qe --domain ad.baseos.qe --domain-realm AD.BASEOS.QE'
 * Using fully qualified name: ci-vm-10-0-139-.ad.baseos.qe
 * Using domain name: ad.baseos.qe
 * Calculated computer account name from fqdn: CI-VM-10-0-139-
 * Using domain realm: ad.baseos.qe
 * Discovering domain controllers: _ldap._tcp.ad.baseos.qe
 * Sending NetLogon ping to domain controller: sec-ad1.ad.baseos.qe
 * Sending NetLogon ping to domain controller: sec-ad1.ad.baseos.qe
[........]
 * Added the entries to the keytab: host/ci-vm-10-0-139-.ad.baseos.qe.QE: FILE:/etc/krb5.keytab
 * Cleared old entries from keytab: FILE:/etc/krb5.keytab
 * Added the entries to the keytab: RestrictedKrbHost/CI-VM-10-0-139-.QE: FILE:/etc/krb5.keytab
 * Cleared old entries from keytab: FILE:/etc/krb5.keytab
 * Added the entries to the keytab: RestrictedKrbHost/ci-vm-10-0-139-.ad.baseos.qe.QE: FILE:/etc/krb5.keytab
:: [ 14:16:46 ] :: [   PASS   ] :: Join computer to AD (Expected 0, got 0)


with previous version: adcli-0.8.2-7.el8.x86_64
-------------------------------------------------

:: [ 02:34:00 ] :: [  BEGIN   ] :: Running 'adcli update --use-ldaps -C --verbose --description='modified by shridhar with update --use-ldaps' --domain='ad.baseos.qe''
update: unrecognized option '--use-ldaps'
usage: adcli update

  -D, --domain=<...>        active directory domain name
  -S, --domain-controller=<...>
                            domain controller to connect to
  -H, --host-fqdn=<...>     override the fully qualified domain name of the
                            local machine
  -K, --host-keytab=<...>   filename for the host kerberos keytab
  -N, --computer-name=<...> override the netbios short name of the local
                            machine
  -C, --login-ccache=<...>  kerberos credential cache file which contains
                            ticket to used to connect to the domain
  -V, --service-name=<...>  additional service name for a kerberos
                            service principal to be created on the account
  --os-name=<...>           the computer operating system name
  --os-version=<...>        the computer operating system version
  --os-service-pack=<...>   the computer operating system service pack
  --user-principal=<...>    add an authentication principal to the account
  --computer-password-lifetime=<...>
                            lifetime of the host accounts password in days
  --trusted-for-delegation=<...>
                            set/unset the TRUSTED_FOR_DELEGATION flag
                            in the userAccountControl attribute
  --add-service-principal=<...>
                            add the given service principal to the account
                            
  --remove-service-principal=<...>
                            remove the given service principal from the account
                            
  --description=<...>       add a description to the account
                            
  --show-details            show information about joining the domain after
                            a successful join
  --show-password           show computer account password after a
                            successful join
  --add-samba-data          add domain SID and computer account password
                            to the Samba specific configuration database
  --samba-data-tool         Absolute path to the tool used for add-samba-data
  -v, --verbose             show verbose progress and failure messages



------------------------------------------------------------------------------
           After update of adcli
------------------------------------------------------------------------------

[root@ci-vm-10-0-139- tmp.D9Q6phXGl3]# rpm -q adcli
adcli-0.8.2-8.el8.x86_64


3]# adcli update --use-ldaps -C --verbose --description='modified xyzxyzxyz' --domain='ad.baseos.qe'
 * Found realm in keytab: AD.BASEOS.QE
 * Found computer name in keytab: CI-VM-10-0-139-
 * Found service principal in keytab: host/CI-VM-10-0-139-
 * Found service principal in keytab: host/ci-vm-10-0-139-.ad.baseos.qe
 * Found host qualified name in keytab: ci-vm-10-0-139-.ad.baseos.qe
 * Found service principal in keytab: RestrictedKrbHost/CI-VM-10-0-139-
 * Found service principal in keytab: RestrictedKrbHost/ci-vm-10-0-139-.ad.baseos.qe
 * Using domain name: ad.baseos.qe
 * Using computer account name: CI-VM-10-0-139-
 * Using domain realm: ad.baseos.qe
 * Discovering domain controllers: _ldap._tcp.ad.baseos.qe
 * Sending NetLogon ping to domain controller: sec-ad1.ad.baseos.qe
 * Sending NetLogon ping to domain controller: sec-ad1.ad.baseos.qe
 * Received NetLogon info from: sec-ad1.ad.baseos.qe
 * Using LDAPS to connect to sec-ad1.ad.baseos.qe
 * Wrote out krb5.conf snippet to /tmp/adcli-krb5-MZtB2e/krb5.d/adcli-krb5-conf-8ZpmNX
 * Using GSSAPI for SASL bind
 * Looked up short domain name: AD
 * Looked up domain SID: S-1-5-21-3917357665-4280980005-1639201238
 * Using fully qualified name: ci-vm-10-0-139-.ad.baseos.qe
 * Using domain name: ad.baseos.qe
 * Using computer account name: CI-VM-10-0-139-
 * Using domain realm: ad.baseos.qe
 * Using fully qualified name: ci-vm-10-0-139-.ad.baseos.qe
 * Enrolling computer name: CI-VM-10-0-139-
 * Generated 120 character computer password
 * Using keytab: FILE:/etc/krb5.keytab
 * Found computer account for CI-VM-10-0-139-$ at: CN=CI-VM-10-0-139-,CN=Computers,DC=ad,DC=baseos,DC=qe
 * Retrieved kvno '2' for computer account in directory: CN=CI-VM-10-0-139-,CN=Computers,DC=ad,DC=baseos,DC=qe
 * Password not too old, no change needed
 * Sending NetLogon ping to domain controller: sec-ad1.ad.baseos.qe
 * Sending NetLogon ping to domain controller: sec-ad1.ad.baseos.qe
 * Received NetLogon info from: sec-ad1.ad.baseos.qe
 * Modifying computer account: description
 * Checking RestrictedKrbHost/ci-vm-10-0-139-.ad.baseos.qe
 *    Added RestrictedKrbHost/ci-vm-10-0-139-.ad.baseos.qe
 * Checking RestrictedKrbHost/CI-VM-10.
.
.
.

-0-139-
 *    Added RestrictedKrbHost/CI-VM-10-0-139-
 * Checking host/ci-vm-10-0-139-.ad.baseos.qe
 *    Added host/ci-vm-10-0-139-.ad.baseos.qe
 * Checking host/CI-VM-10-0-139-
 *    Added host/CI-VM-10-0-139-
[root@ci-vm-10-0-139- tmp.D9Q6phXGl3]# ldapsearch -x -H ldaps://sec-ad1.ad.baseos.qe -b 'cn=computers,dc=ad,dc=baseos,dc=qe' -D 'Administrator.QE' -w 'weareawesome2012!' 'cn=ci-vm-10-0-139-' 'description'
# extended LDIF
#
# LDAPv3
# base <cn=computers,dc=ad,dc=baseos,dc=qe> with scope subtree
# filter: cn=ci-vm-10-0-139-
# requesting: description 
#

# CI-VM-10-0-139-, Computers, ad.baseos.qe
dn: CN=CI-VM-10-0-139-,CN=Computers,DC=ad,DC=baseos,DC=qe
description: modified xyzxyzxyz

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1


]# adcli update --use-ldaps -C --verbose --os-name='random os' --domain='ad.baseos.qe'
 * Found realm in keytab: AD.BASEOS.QE
 * Found computer name in keytab: CI-VM-10-0-139-
[......]
 * Sending NetLogon ping to domain controller: sec-ad1.ad.baseos.qe
 * Received NetLogon info from: sec-ad1.ad.baseos.qe
 * Modifying computer account: operatingSystem
 * Checking RestrictedKrbHost/ci-vm-10-0-139-.ad.baseos.qe
 *    Added RestrictedKrbHost/ci-vm-10-0-139-.ad.baseos.qe
 * Checking RestrictedKrbHost/CI-VM-10-0-139-
 *    Added RestrictedKrbHost/CI-VM-10-0-139-
 * Checking host/ci-vm-10-0-139-.ad.baseos.qe
 *    Added host/ci-vm-10-0-139-.ad.baseos.qe
 * Checking host/CI-VM-10-0-139-
 *    Added host/CI-VM-10-0-139-


]# ldapsearch -x -H ldaps://sec-ad1.ad.baseos.qe -b 'cn=computers,dc=ad,dc=baseos,dc=qe' -D 'Administrator.QE' -w 'weareawesome2012!' 'cn=ci-vm-10-0-139-' 'operatingSystem'
# extended LDIF
#
# LDAPv3
# base <cn=computers,dc=ad,dc=baseos,dc=qe> with scope subtree
# filter: cn=ci-vm-10-0-139-
# requesting: operatingSystem 
#

# CI-VM-10-0-139-, Computers, ad.baseos.qe
dn: CN=CI-VM-10-0-139-,CN=Computers,DC=ad,DC=baseos,DC=qe
operatingSystem: random os

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1


Marking verified.

Comment 8 shridhar 2020-11-30 14:59:22 UTC


:: [ 09:47:35 ] :: [   PASS   ] :: Command 'cat /etc/openldap/certs/ad_cert.pem' (Expected 0, got 0)
:: [ 09:47:35 ] :: [   LOG    ] :: Add rule for dropping port TCP 389
:: [ 09:47:35 ] :: [  BEGIN   ] :: Running 'iptables -A OUTPUT -p tcp --destination-port 389 -j DROP'
:: [ 09:47:35 ] :: [   PASS   ] :: Command 'iptables -A OUTPUT -p tcp --destination-port 389 -j DROP' (Expected 0, got 0)
:: [ 09:47:35 ] :: [  BEGIN   ] :: Running 'iptables-save'
# Generated by iptables-save v1.8.4 on Mon Nov 30 09:47:35 2020
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A OUTPUT -p tcp -m tcp --dport 389 -j DROP
COMMIT
# Completed on Mon Nov 30 09:47:35 2020
:: [ 09:47:35 ] :: [   PASS   ] :: Command 'iptables-save' (Expected 0, got 0)
:: [ 09:47:35 ] :: [  BEGIN   ] :: Join computer to AD :: actually running 'echo -n weareawesome2012! | LANG=C LDAPTLS_CACERT=/etc/openldap/certs/ad_cert.pem adcli join --use-ldaps --verbose --stdin-password -U Administrator --host-fqdn=ci-vm-10-0-139-.ad.baseos.qe --domain ad.baseos.qe --domain-realm AD.BASEOS.QE'
 * Using fully qualified name: ci-vm-10-0-139-.ad.baseos.qe
 * Using domain name: ad.baseos.qe
 * Calculated computer account name from fqdn: CI-VM-10-0-139-
 * Using domain realm: ad.baseos.qe
 * Discovering domain controllers: _ldap._tcp.ad.baseos.qe
 * Sending NetLogon ping to domain controller: sec-ad1.ad.baseos.qe
 * Sending NetLogon ping to domain controller: sec-ad1.ad.baseos.qe
 * Received NetLogon info from: sec-ad1.ad.baseos.qe
 * Using LDAPS to connect to sec-ad1.ad.baseos.qe
 * Wrote out krb5.conf snippet to /tmp/adcli-krb5-RxRKlZ/krb5.d/adcli-krb5-conf-30Q9hY
 * Authenticated as user: Administrator.QE
 * Using GSSAPI for SASL bind
 * Looked up short domain name: AD
 * Looked up domain SID: S-1-5-21-3917357665-4280980005-1639201238
 * Using fully qualified name: ci-vm-10-0-139-.ad.baseos.qe
 * Using domain name: ad.baseos.qe
 * Using computer account name: CI-VM-10-0-139-
 * Using domain realm: ad.baseos.qe
 * Calculated computer account name from fqdn: CI-VM-10-0-139-
 * Generated 120 character computer password
 * Using keytab: FILE:/etc/krb5.keytab
 * Computer account for CI-VM-10-0-139-$ does not exist
 * Found well known computer container at: CN=Computers,DC=ad,DC=baseos,DC=qe
 * Calculated computer account: CN=CI-VM-10-0-139-,CN=Computers,DC=ad,DC=baseos,DC=qe
 * Encryption type [16] not permitted.
 * Encryption type [23] not permitted.
 * Encryption type [3] not permitted.
 * Encryption type [1] not permitted.
 * Created computer account: CN=CI-VM-10-0-139-,CN=Computers,DC=ad,DC=baseos,DC=qe
 * Sending NetLogon ping to domain controller: sec-ad1.ad.baseos.qe
 * Sending NetLogon ping to domain controller: sec-ad1.ad.baseos.qe
 * Received NetLogon info from: sec-ad1.ad.baseos.qe
 * Set computer password
 * Retrieved kvno '2' for computer account in directory: CN=CI-VM-10-0-139-,CN=Computers,DC=ad,DC=baseos,DC=qe
 * Checking RestrictedKrbHost/ci-vm-10-0-139-.ad.baseos.qe
 *    Added RestrictedKrbHost/ci-vm-10-0-139-.ad.baseos.qe
 * Checking RestrictedKrbHost/CI-VM-10-0-139-
 *    Added RestrictedKrbHost/CI-VM-10-0-139-
 * Checking host/ci-vm-10-0-139-.ad.baseos.qe
 *    Added host/ci-vm-10-0-139-.ad.baseos.qe
 * Checking host/CI-VM-10-0-139-
 *    Added host/CI-VM-10-0-139-
 * Discovered which keytab salt to use
 * Added the entries to the keytab: CI-VM-10-0-139-$@AD.BASEOS.QE: FILE:/etc/krb5.keytab
 * Added the entries to the keytab: host/CI-VM-10-0-139-.QE: FILE:/etc/krb5.keytab
 * Added the entries to the keytab: host/ci-vm-10-0-139-.ad.baseos.qe.QE: FILE:/etc/krb5.keytab
 * Added the entries to the keytab: RestrictedKrbHost/CI-VM-10-0-139-.QE: FILE:/etc/krb5.keytab
 * Added the entries to the keytab: RestrictedKrbHost/ci-vm-10-0-139-.ad.baseos.qe.QE: FILE:/etc/krb5.keytab
:: [ 09:47:44 ] :: [   PASS   ] :: Join computer to AD (Expected 0, got 0)
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 20s
::   Assertions: 14 good, 0 bad
::   RESULT: PASS (Setup)


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   adcli update --use-ldaps
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

[root@ci-vm-10-0-139- tmp.3KZf7y112N]# vim /etc/yum.repos.d/rhel.repo 
[root@ci-vm-10-0-139- tmp.3KZf7y112N]# rpm -q adcli
adcli-0.8.2-7.el8.x86_64
[root@ci-vm-10-0-139- tmp.3KZf7y112N]# dnf info adcli
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.

rhel                                                                                                                                                                                15 kB/s | 2.8 kB     00:00    
rhel                                                                                                                                                                               7.0 MB/s | 2.3 MB     00:00    
rhel-AppStream                                                                                                                                                                      21 kB/s | 3.2 kB     00:00    
Installed Packages
Name         : adcli
Version      : 0.8.2
Release      : 7.el8
Architecture : x86_64
Size         : 271 k
Source       : adcli-0.8.2-7.el8.src.rpm
Repository   : @System
From repo    : rhel-updates
Summary      : Active Directory enrollment
URL          : http://cgit.freedesktop.org/realmd/adcli
License      : LGPLv2+
Description  : adcli is a tool for joining an Active Directory domain using
             : standard LDAP and Kerberos calls.

Available Packages
Name         : adcli
Version      : 0.8.2
Release      : 8.el8
Architecture : x86_64
Size         : 114 k
Source       : adcli-0.8.2-8.el8.src.rpm
Repository   : rhel1
Summary      : Active Directory enrollment
URL          : http://cgit.freedesktop.org/realmd/adcli
License      : LGPLv2+
Description  : adcli is a tool for joining an Active Directory domain using
             : standard LDAP and Kerberos calls.

[root@ci-vm-10-0-139- tmp.3KZf7y112N]# vim /etc/yum.repos.d/rhel.repo 
[root@ci-vm-10-0-139- tmp.3KZf7y112N]# dnf update adcli
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.

Last metadata expiration check: 0:00:22 ago on Mon 30 Nov 2020 09:53:28 AM EST.
Dependencies resolved.
===================================================================================================================================================================================================================
 Package                                          Architecture                                      Version                                                 Repository                                        Size
===================================================================================================================================================================================================================
Upgrading:
 adcli                                            x86_64                                            0.8.2-8.el8                                             rhel1                                            114 k

Transaction Summary
===================================================================================================================================================================================================================
Upgrade  1 Package

Total download size: 114 k
Is this ok [y/N]: y
Downloading Packages:
adcli-0.8.2-8.el8.x86_64.rpm                                                                                                                                                       858 kB/s | 114 kB     00:00    
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                                                              838 kB/s | 114 kB     00:00     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                                                           1/1 
  Upgrading        : adcli-0.8.2-8.el8.x86_64                                                                                                                                                                  1/2 
  Running scriptlet: adcli-0.8.2-8.el8.x86_64                                                                                                                                                                  1/2 
  Cleanup          : adcli-0.8.2-7.el8.x86_64                                                                                                                                                                  2/2 
  Running scriptlet: adcli-0.8.2-7.el8.x86_64                                                                                                                                                                  2/2 
  Verifying        : adcli-0.8.2-8.el8.x86_64                                                                                                                                                                  1/2 
  Verifying        : adcli-0.8.2-7.el8.x86_64                                                                                                                                                                  2/2 
Installed products updated.

Upgraded:
  adcli-0.8.2-8.el8.x86_64                                                                                                                                                                                         

Complete!
[root@ci-vm-10-0-139- tmp.3KZf7y112N]# exit
:: [ 09:53:57 ] :: [  BEGIN   ] :: Running 'echo -n Pass2012! | kinit Amy-admin.QE'
Password for Amy-admin.QE: 
:: [ 09:54:00 ] :: [   PASS   ] :: Command 'echo -n Pass2012! | kinit Amy-admin.QE' (Expected 0, got 0)
:: [ 09:54:00 ] :: [  BEGIN   ] :: Running 'adcli update --use-ldaps -C --verbose --description='modified by shridhar with update --use-ldaps' --domain='ad.baseos.qe''
 * Found realm in keytab: AD.BASEOS.QE
 * Found computer name in keytab: CI-VM-10-0-139-
 * Found service principal in keytab: host/CI-VM-10-0-139-
 * Found service principal in keytab: host/ci-vm-10-0-139-.ad.baseos.qe
 * Found host qualified name in keytab: ci-vm-10-0-139-.ad.baseos.qe
 * Found service principal in keytab: RestrictedKrbHost/CI-VM-10-0-139-
 * Found service principal in keytab: RestrictedKrbHost/ci-vm-10-0-139-.ad.baseos.qe
 * Using domain name: ad.baseos.qe
 * Using computer account name: CI-VM-10-0-139-
 * Using domain realm: ad.baseos.qe
 * Discovering domain controllers: _ldap._tcp.ad.baseos.qe
 * Sending NetLogon ping to domain controller: sec-ad1.ad.baseos.qe
 * Sending NetLogon ping to domain controller: sec-ad1.ad.baseos.qe
 * Received NetLogon info from: sec-ad1.ad.baseos.qe
 * Using LDAPS to connect to sec-ad1.ad.baseos.qe
 * Wrote out krb5.conf snippet to /tmp/adcli-krb5-o6VPUj/krb5.d/adcli-krb5-conf-e8Ottt
 * Using GSSAPI for SASL bind
 * Looked up short domain name: AD
 * Looked up domain SID: S-1-5-21-3917357665-4280980005-1639201238
 * Using fully qualified name: ci-vm-10-0-139-.ad.baseos.qe
 * Using domain name: ad.baseos.qe
 * Using computer account name: CI-VM-10-0-139-
 * Using domain realm: ad.baseos.qe
 * Using fully qualified name: ci-vm-10-0-139-.ad.baseos.qe
 * Enrolling computer name: CI-VM-10-0-139-
 * Generated 120 character computer password
 * Using keytab: FILE:/etc/krb5.keytab
 * Found computer account for CI-VM-10-0-139-$ at: CN=CI-VM-10-0-139-,CN=Computers,DC=ad,DC=baseos,DC=qe
 * Retrieved kvno '2' for computer account in directory: CN=CI-VM-10-0-139-,CN=Computers,DC=ad,DC=baseos,DC=qe
 * Password not too old, no change needed
 * Sending NetLogon ping to domain controller: sec-ad1.ad.baseos.qe
 * Sending NetLogon ping to domain controller: sec-ad1.ad.baseos.qe
 * Received NetLogon info from: sec-ad1.ad.baseos.qe
 * Modifying computer account: description
 * Checking RestrictedKrbHost/ci-vm-10-0-139-.ad.baseos.qe
 *    Added RestrictedKrbHost/ci-vm-10-0-139-.ad.baseos.qe
 * Checking RestrictedKrbHost/CI-VM-10-0-139-
 *    Added RestrictedKrbHost/CI-VM-10-0-139-
 * Checking host/ci-vm-10-0-139-.ad.baseos.qe
 *    Added host/ci-vm-10-0-139-.ad.baseos.qe
 * Checking host/CI-VM-10-0-139-
 *    Added host/CI-VM-10-0-139-
:: [ 09:54:05 ] :: [   PASS   ] :: Command 'adcli update --use-ldaps -C --verbose --description='modified by shridhar with update --use-ldaps' --domain='ad.baseos.qe'' (Expected 0, got 0)
:: [ 09:54:06 ] :: [  BEGIN   ] :: Running 'ldapsearch -x -H ldaps://sec-ad1.ad.baseos.qe -D Amy-admin.qe -w Pass2012! -b 'cn=computers,dc=ad,dc=baseos,dc=qe' "cn=CI-VM-10-0-139-" description |grep -i 'modified by shridhar''
description: modified by shridhar with update --use-ldaps
:: [ 09:54:07 ] :: [   PASS   ] :: Command 'ldapsearch -x -H ldaps://sec-ad1.ad.baseos.qe -D Amy-admin.qe -w Pass2012! -b 'cn=computers,dc=ad,dc=baseos,dc=qe' "cn=CI-VM-10-0-139-" description |grep -i 'modified by shridhar'' (Expected 0, got 0)
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 383s
::   Assertions: 3 good, 0 bad
::   RESULT: PASS (adcli update --use-ldaps)



marking verified

Comment 10 errata-xmlrpc 2021-05-18 14:57:22 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (adcli bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:1638

Note You need to log in before you can comment on or make changes to this bug.