Description of problem: Adding additional host's CN is successful with ipa host-mod --addattr and should not be allowed. Version-Release number of selected component (if applicable): ipa-server-1.91-0.2010113023git20b1e0a.fc13.i686 ipa-admintools-1.91-0.2010113023git20b1e0a.fc13.i686 How reproducible: always Steps to Reproduce: 1. add a new host ipa host-add mytest.testrelm 2. add an additional cn ipa host-mod --addattr cn=mytest2.testrelm mytest.testrelm 3. ipa host-show --all mytestrelm Actual results: adding additional cn is successful # ipa host-show --all mytest.testrelm dn: fqdn=mytest.testrelm,cn=computers,cn=accounts,dc=testrelm Host name: mytest.testrelm Principal name: host/mytest.testrelm@TESTRELM Keytab: False Managed by: mytest.testrelm cn: mytest.testrelm, mytest2.testrelm ipauniqueid: 95a1d49c-18d5-11e0-bbc2-000c29a992d9 objectclass: ipaobject, nshost, ipahost, pkiuser, ipaservice, krbprincipalaux, krbprincipal, top serverhostname: mytest Expected results: ipa: ERROR: cn: Only one value allowed. Additional info:
I do not think this is a valid test case. cn is not a part of the host object so adding cn attribute should be allowed.I think this is functions as designed.
Then the CLI and UI should deny the operation with a valid error message ... like ... ipa: ERROR: attribute cn not allowed
https://fedorahosted.org/freeipa/ticket/706
master: 86fe47b87df4e503e9d1d4c6cf6be62b5cbab685
Verified version: ipa-server-2.0.0-13.20110228T1743zgit99d6e08.el6.x86_64 ipa-admintools-2.0.0-13.20110228T1743zgit99d6e08.el6.x86_64 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: ipa-host-cli-32: Negative - setattr and addattr on cn :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ---------------------------- Added host "mytest.testrelm" ---------------------------- Host name: mytest.testrelm Principal name: host/mytest.testrelm@TESTRELM Managed by: mytest.testrelm :: [15:20:14] :: Adding new host mytest.testrelm successful with force option. :: [15:20:14] :: Executing: ipa host-mod --setattr cn=mytest2.testrelm mytest.testrelm ipa: ERROR: Insufficient access: cn is immutable :: [15:20:17] :: "ipa host-mod --setattr cn=mytest2.testrelm mytest.testrelm" failed as expected. :: [15:20:20] :: Error message as expected: ipa: ERROR: Insufficient access: cn is immutable :: [ PASS ] :: Verify expected error message for --setattr. :: [15:20:21] :: Executing: ipa host-mod --addattr cn=mytest3.testrelm mytest.testrelm ipa: ERROR: Insufficient access: cn is immutable :: [15:20:24] :: "ipa host-mod --addattr cn=mytest3.testrelm mytest.testrelm" failed as expected. :: [15:20:27] :: Error message as expected: ipa: ERROR: Insufficient access: cn is immutable :: [ PASS ] :: Verify expected error message for --addattr.