Hide Forgot
+++ This bug was initially created as a clone of Bug #743071 +++ Description of problem: When a host group is added having the same name as an existing netgroup, the host group is allowed to be created, thus creating an error and making the Host Group tab in the webui inaccessible with the following error: Error: IPA Error 4027 The search criteria was not specific enough. Expected 1 and found 2. Version-Release number of selected component (if applicable): How reproducible: Every time Steps to Reproduce: 1. Create a netgroup with a certain name, ex: "all" 2. Create a hostgroup with a certain name, ex: "all" 3. Actual results: The host group tab in the webui is now inaccessible Expected results: Error message displayed about duplicate name OR the webui to handle the duplicate group name. Using the CLI to remove the duplicate host group resolves the issue. Additional info: --- Additional comment from rcritten@redhat.com on 2011-10-03 14:54:41 EDT --- Upstream ticket: https://fedorahosted.org/freeipa/ticket/1914 --- Additional comment from jgalipea@redhat.com on 2011-10-04 07:37:19 EDT --- I was able to reproduce this with ipa-server-2.1.1-101.20111003T0058zgitaaa7c05.el6.x86_64
additional information : # ipa hostgroup-find ipa: ERROR: The search criteria was not specific enough. Expected 1 and found 2. # ipa netgroup-del test ipa: ERROR: The search criteria was not specific enough. Expected 1 and found 2.
Fixed upstream: master: a85bb7fa9e5a03b391d684e2850bfe4663f94e21 ipa-2-1: 92dbd68677b3166ebb8897c5fac7d6a142226ac1
This fix is causing a regression : :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: ipa-hostgroup-cli-23: Add duplicate host group :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: Executing: ipa hostgroup-add --desc=test hostgrp1 :: [ LOG ] :: "ipa hostgroup-add --desc=test hostgrp1" failed as expected. :: [ LOG ] :: ERROR: Message not as expected. GOT: ipa: ERROR: netgroup with name hostgrp1 already exists EXP: ipa: ERROR: host group with name hostgrp1 already exists :: [ FAIL ] :: Verify expected error message. (Expected 0, got 1) :: [ LOG ] :: Duration: 6s :: [ LOG ] :: Assertions: 0 good, 1 bad :: [ FAIL ] :: RESULT: ipa-hostgroup-cli-23: Add duplicate host group Should be checking to see if a duplicate hostgroup exists first and then check for a netgroup - only if Netgroup Plugin is enabled. version tested : ipa-server-2.1.2-100.20111014T0057zgit16fc9f8.el6.x86_64
Fixed upstream: master: https://fedorahosted.org/freeipa/changeset/99d938152fbef41f2d48d4088e5ba39bc820e9de ipa-2-1: https://fedorahosted.org/freeipa/changeset/5a3268fc7d731232844eb9391be722db2179f24c Just a note: The netgroup/hostgroup collision checks are run in all cases, we don't test if netgroup plugin is enabled/disabled. This is a precausion. If user enables the plugin again, he would get into trouble if he had colliding hostgroups/netgroups. We wanted to play on the safe side here.
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Cause: Due to compatibility with NIS when a hostgroup is added, a netgroup with the same name is added. However, when the hostgroup is created, it is not checked if there is not a netgroup with the same name already which may have been added separately (without a hostgroup). Consequence: Hostgroup is created but the netgroup cannot be added and user is not notified about this event. This can lead to unexpected and surprising behavior. Fix: When a hostgroup is added, IPA server checks first if the netgroup name is free and refuses to add hostgroup otherwise Result: New hostgroups cannot get into conflict with existing netgroups.
[root@decepticons ~]# ipa netgroup-add test Description: test --------------------- Added netgroup "test" --------------------- Netgroup name: test Description: test NIS domain name: lab.eng.pnq.redhat.com IPA unique ID: c6354608-05dc-11e1-90bc-525400f56e2e [root@decepticons ~]# ipa hostgroup-add test Description: test ipa: ERROR: netgroup with name "test" already exists. Hostgroups and netgroups share a common namespace [root@decepticons ~]# [root@decepticons ~]# ipa hostgroup-add test2 Description: test2 ----------------------- Added hostgroup "test2" ----------------------- Host-group: test2 Description: test2 [root@decepticons ~]# ipa netgroup-add test2 Description: test2 ipa: ERROR: netgroup with name "test2" already exists [root@decepticons ~]# WebUI works as expected and regression failure as in comment #5 not detected: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: ipa-hostgroup-cli-23: Add duplicate host group :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [14:58:13] :: Executing: ipa hostgroup-add --desc=test hostgrp1 ipa: ERROR: host group with name "hostgrp1" already exists :: [14:58:14] :: "ipa hostgroup-add --desc=test hostgrp1" failed as expected. :: [14:58:16] :: Error message as expected: ipa: ERROR: host group with name hostgrp1 already exists :: [ PASS ] :: Verify expected error message. 'a3e07589-5cac-469f-981d-797db909df4a' ipa-hostgroup-cli-23 result: PASS metric: 0 Log: /tmp/beakerlib-3401817/journal.txt Info: Searching AVC errors produced since 1319741893.51 (Thu Oct 27 14:58:13 2011) Searching logs... Info: No AVC messages found. Writing to /mnt/testarea/tmp.AQhtw9 : AvcLog: /mnt/testarea/tmp.AQhtw9 Verified in version: [root@decepticons ~]# rpm -qi ipa-server | head Name : ipa-server Relocations: (not relocatable) Version : 2.1.3 Vendor: Red Hat, Inc. Release : 8.el6 Build Date: Wed 02 Nov 2011 03:21:27 AM IST Install Date: Thu 03 Nov 2011 10:13:53 AM IST Build Host: x86-012.build.bos.redhat.com Group : System Environment/Base Source RPM: ipa-2.1.3-8.el6.src.rpm Size : 3381421 License: GPLv3+ Signature : (none) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> URL : http://www.freeipa.org/ Summary : The IPA authentication server [root@decepticons ~]#
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2011-1533.html