Description of problem: When a host group is added having the same name as an existing netgroup, the host group is allowed to be created, thus creating an error and making the Host Group tab in the webui inaccessible with the following error: Error: IPA Error 4027 The search criteria was not specific enough. Expected 1 and found 2. Version-Release number of selected component (if applicable): How reproducible: Every time Steps to Reproduce: 1. Create a netgroup with a certain name, ex: "all" 2. Create a hostgroup with a certain name, ex: "all" 3. Actual results: The host group tab in the webui is now inaccessible Expected results: Error message displayed about duplicate name OR the webui to handle the duplicate group name. Using the CLI to remove the duplicate host group resolves the issue. Additional info:
Upstream ticket: https://fedorahosted.org/freeipa/ticket/1914
I was able to reproduce this with ipa-server-2.1.1-101.20111003T0058zgitaaa7c05.el6.x86_64
For NIS compatibility sake, for every created hostgroup, a relevant netgroup is created. This can be checked via netgroup-show or directly in LDAP (cn=ng,cn=alt,$SUFFIX). This is the reason why there cannot be a hostgroup and netgroup with the same name. This is what I get in this scenario: # ipa hostgroup-add foo --desc=bar --------------------- Added hostgroup "foo" --------------------- Host-group: foo Description: bar # ipa netgroup-find ------------------- 0 netgroups matched ------------------- ---------------------------- Number of entries returned 0 ---------------------------- # ipa netgroup-show foo Netgroup name: foo Description: ipaNetgroup foo NIS domain name: idm.lab.bos.redhat.com Member Hostgroup: foo # ipa netgroup-add foo --desc=bar2 ipa: ERROR: Constraint violation: Another entry with the same attribute value already exists (attribute: "cn") I wasn't even able to add a netgroup with the same name. There is also a relevant fix for "The search criteria was not specific enough" already pushed upstream, which should help: https://bugzilla.redhat.com/show_bug.cgi?id=740830
Fixed upstream master: a85bb7fa9e5a03b391d684e2850bfe4663f94e21 ipa-2-1: 92dbd68677b3166ebb8897c5fac7d6a142226ac1
The following commit also fixed an error message when a duplicate hostgroup was being added. master: https://fedorahosted.org/freeipa/changeset/99d938152fbef41f2d48d4088e5ba39bc820e9de ipa-2-1: https://fedorahosted.org/freeipa/changeset/5a3268fc7d731232844eb9391be722db2179f24c