743071 – duplicate hostgroup and netgroup

Bug 743071 - duplicate hostgroup and netgroup

Summary: duplicate hostgroup and netgroup

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	freeIPA
Classification:	Retired
Component:	ipa-server
Sub Component:
Version:	2.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Assignee:	Rob Crittenden
QA Contact:	Chandrasekar Kannan
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	743253
TreeView+	depends on / blocked

Reported:	2011-10-03 18:39 UTC by Sigbjorn Lie
Modified:	2015-01-04 23:51 UTC (History)
CC List:	5 users (show)
Fixed In Version:	freeipa-2.1.4-5.fc16
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	743253 (view as bug list)
Environment:
Last Closed:	2012-03-28 09:28:16 UTC
Embargoed:

Attachments	(Terms of Use)

Description Sigbjorn Lie 2011-10-03 18:39:00 UTC

Description of problem:
When a host group is added having the same name as an existing netgroup, the host group is allowed to be created, thus creating an error and making the Host Group tab in the webui inaccessible with the following error:

Error: IPA Error 4027
The search criteria was not specific enough. Expected 1 and found 2.
Version-Release number of selected component (if applicable):



How reproducible:
Every time

Steps to Reproduce:
1. Create a netgroup with a certain name, ex: "all"
2. Create a hostgroup with a certain name, ex: "all"
3.
  
Actual results:
The host group tab in the webui is now inaccessible

Expected results:
Error message displayed about duplicate name OR the webui to handle the duplicate group name. Using the CLI to remove the duplicate host group resolves the issue.

Additional info:

Comment 1 Rob Crittenden 2011-10-03 18:54:41 UTC

Upstream ticket:
https://fedorahosted.org/freeipa/ticket/1914

Comment 2 Jenny Severance 2011-10-04 11:37:19 UTC

I was able to reproduce this with ipa-server-2.1.1-101.20111003T0058zgitaaa7c05.el6.x86_64

Comment 3 Martin Kosek 2011-10-04 12:13:23 UTC

For NIS compatibility sake, for every created hostgroup, a relevant netgroup is created. This can be checked via netgroup-show or directly in LDAP (cn=ng,cn=alt,$SUFFIX).

This is the reason why there cannot be a hostgroup and netgroup with the same name. This is what I get in this scenario:

# ipa hostgroup-add foo --desc=bar
---------------------
Added hostgroup "foo"
---------------------
  Host-group: foo
  Description: bar

# ipa netgroup-find
-------------------
0 netgroups matched
-------------------
----------------------------
Number of entries returned 0
----------------------------

# ipa netgroup-show foo
  Netgroup name: foo
  Description: ipaNetgroup foo
  NIS domain name: idm.lab.bos.redhat.com
  Member Hostgroup: foo

# ipa netgroup-add foo --desc=bar2
ipa: ERROR: Constraint violation: Another entry with the same attribute value already exists (attribute: "cn")

I wasn't even able to add a netgroup with the same name.

There is also a relevant fix for "The search criteria was not specific enough" already pushed upstream, which should help:

https://bugzilla.redhat.com/show_bug.cgi?id=740830

Comment 4 Rob Crittenden 2011-10-07 02:40:10 UTC

Fixed upstream

master: a85bb7fa9e5a03b391d684e2850bfe4663f94e21

ipa-2-1: 92dbd68677b3166ebb8897c5fac7d6a142226ac1

Comment 5 Martin Kosek 2011-10-17 15:13:45 UTC

The following commit also fixed an error message when a duplicate hostgroup was being added.


master: https://fedorahosted.org/freeipa/changeset/99d938152fbef41f2d48d4088e5ba39bc820e9de
ipa-2-1: https://fedorahosted.org/freeipa/changeset/5a3268fc7d731232844eb9391be722db2179f24c

Note You need to log in before you can comment on or make changes to this bug.