Description of problem:
Users show as disabled in IdM Web UI
Version-Release number of selected component (if applicable):
Always reproducible using following steps
Steps to Reproduce:
1. ipa-server-install --http-cert-file ... --dirsrv-cert-file ... --ca-cert-file ...
2. login to web ui, maybe create some users
3. view users
Users end up showing as disabled, unable to reset password, no checkbox under "User authentication types", often errors about saving changes or reverting when changes weren't made.
None of that nonsense...
1453 except errors.NotFound:
1454 # if ra_options:
1455 # raise
1456 return result, False, complete
The issue has already been reported upstream in ticket 8203, and can be reproduced.
Install RHEL 7.9 ipa server in CA-less mode.
Create a user: kinit admin; ipa user-add idmuser --first idm --last user --user-auth-type otp
In the WebUI navigate to the user info, the User Authentication Type box for OTP is not checked and the fields related to password policy are not editable/visible.
Similar issue on RHEL 8: https://bugzilla.redhat.com/show_bug.cgi?id=1835853
I tried searching upstream but possibly used the wrong words. I can see if the cert.py patch applies here.
It is already fixed in upstream:
I applied the upstream commit eb8cb4d to my system with ipa-server-4.6.8-5.el7 and it does fix this issue.
Verified manually (automation pending) using ipa-server-4.6.8-5.el7_9.4.x86_64 on RHEL7.9z.
1. # created certificates for ca-less install
2. ipa-server-install --http-cert-file /tmp/nssdb/server.p12 --dirsrv-cert-file /tmp/nssdb/server.p12 --http-pin $PIN --dirsrv-pin $PIN --domain dom-$(hostname -f) --realm DOM-$(hostname -f | tr '[:lower:]' '[:upper:]') -a $PASS -p $PASS --no-pkinit -U
3. kinit admin; ipa user-add idmuser --first idm --last user --user-auth-type otp
4. # login to WebUI
5. check user idmuser -> user is enabled, all authentication attributes are correctly selected, it's possible to reset password
6. create new users from WebUI -> all are enabled, it's possible to reset their passwords
See attached screenshots.
Coverage flag will be updated when automation is finished.
Created attachment 1757105 [details]
user list showing the users created are enabled
Created attachment 1757106 [details]
user edit window showing correct attributes
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (Moderate: ipa security and bug fix update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.