Bug 654117
| Summary: | ipa config-mod --defaultgroup should accept 8bit char | ||
|---|---|---|---|
| Product: | [Retired] freeIPA | Reporter: | Yi Zhang <yzhang> |
| Component: | ipa-server | Assignee: | Jan Zeleny <jzeleny> |
| Status: | CLOSED ERRATA | QA Contact: | Chandrasekar Kannan <ckannan> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 2.0 | CC: | benl, dpal, jgalipea, jzeleny |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | freeipa-2.0.0-1.fc15 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-03-28 09:30:46 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Yi Zhang
2010-11-16 22:15:33 UTC
In addition to above behave, I just observed this one: IPA reports internal error but allow new user to be created. This indicates there might be another bug. When verify this bug, please don't forget do this test as well -- reminding for myself :) [yi@works4me tools]$ ipa user-add test123435 --first=test --last=22333 --email=thisisme ipa: ERROR: an internal error has occurred [yi@works4me tools]$ [yi@works4me tools]$ ipa user-add test123435 --first=test --last=22333 --email=thisisme ipa: ERROR: This entry already exists [yi@works4me tools]$ ipa user-find test123435 -------------- 1 user matched -------------- User login: test123435 First name: test Last name: 22333 Home directory: /home/test123435 Login shell: /bin/sh ---------------------------- Number of entries returned 1 ---------------------------- [yi@works4me tools]$ ipa user-find test123435 --all --raw -------------- 1 user matched -------------- dn: uid=test123435,cn=users,cn=accounts,dc=sjc,dc=redhat,dc=com uid: test123435 givenname: test sn: 22333 homedirectory: /home/test123435 gecos: test123435 loginshell: /bin/sh krbprincipalname: test123435.COM mail: thisisme uidnumber: 1539722900 cn: test 22333 gidnumber: 1539722900 ipauniqueid: 1620b9a6-f1d7-11df-a7eb-5254001a2a53 mepmanagedentry: cn=test123435,cn=groups,cn=accounts,dc=sjc,dc=redhat,dc=com objectclass: top objectclass: person objectclass: organizationalperson objectclass: inetorgperson objectclass: inetuser objectclass: posixaccount objectclass: krbprincipalaux objectclass: krbticketpolicyaux objectclass: radiusprofile objectclass: ipaobject objectclass: mepOriginEntry ---------------------------- Number of entries returned 1 ---------------------------- [yi@works4me tools]$ I just tested this issue with exactly the same data you provided and I get another error message:
ipa: ERROR: no such entry
When trying to add user to group 6üP, ipa asks the DS for the group record. During this operation the group id is correct, but the group doesn't exist. Also the right group name is stored in the config record in LDAP, so I guess the issue with encoding must have been fixed already and what I see is a result of group 6üP not existing.
To complicate things a little more I tried to set the default user group to 6üP and I tried to add that group. That failed with this message:
>>> Gettext('Group name', domain='ipa', localedir=None): may only include letters, numbers, _, -, . and $
The question now is what to do with this inconsistency and is it even worth the effort?
If it does not blow up as described we should close this issue and document that the default group configured in cn=config in LDAP must contain group with only valid characters. I do not think it is worth fixing the inconsistency that can be created by adding wrong data. Agreed. Patch is already in the mailing list. I'm going to leave the bug open until the patch is accepted, so we can keep track of the patch. Two patches are in master now - the first one documents the requirement and the second one checks if the group exists. |