Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Cause: When ipa-client-install tries to autodiscover IPA server in its domain, it does not use any timeout when a server is found and is being checked
Consequence: If the found server is unresponsive during the autodiscovery, the whole ipa-client-install gets stuck
Fix: A 30 second timeout is added to ipa-client-install autodiscovery server check
Result: ipa-client-install reports autodiscovery failure when the tested checked server is unresponsive and lets user set IPA server address manually
Description of problem:
When ipa-client-install is run, it autodiscovers for existing LDAP servers and checks if it is a valid IPA server. During the process, it tries to download ca.crt. If the discovered target is unresponsive, ipa-client-install hangs and does not let user to override the autodiscovered server/domain.
Version-Release number of selected component (if applicable):
ipa-client-2.1.1-101.20111004T0103zgita013597.el6.x86_64
How reproducible:
Have an LDAP server with proper _ldap._tcp DNS SRV records in client domain and which would not return ca.crt (in my test it was ldap.corp.redhat.com) and run ipa-client-install.
Steps to Reproduce:
1. Have the LDAP server with DNS SRV records as described
2. Run ipa-client-install without --server or --domain options
Actual results:
ipa-client-install hangs:
# ipa-client-install -d
root : DEBUG /usr/sbin/ipa-client-install was invoked with options: {'conf_ntp': True, 'domain': None, 'uninstall': False, 'force': False, 'sssd': True, 'krb5_offline_passwords': True, 'hostname': None, 'permit': False, 'server': None, 'prompt_password': False, 'mkhomedir': False, 'dns_updates': False, 'debug': True, 'on_master': False, 'ntp_server': None, 'realm_name': None, 'unattended': None, 'principal': None}
root : DEBUG missing options might be asked for interactively later
root : DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
root : DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
root : DEBUG [ipadnssearchldap(idm.lab.bos.redhat.com)]
root : DEBUG [ipadnssearchldap(lab.bos.redhat.com)]
root : DEBUG [ipadnssearchldap(bos.redhat.com)]
root : DEBUG [ipadnssearchldap(redhat.com)]
root : DEBUG [ipadnssearchkrb]
root : DEBUG [ipacheckldap]
Expected results:
ipa-client-install should timeout, inform the user that the autodiscovery has failed and let user enter his IPA server (which obviously does not have proper DNS SRV records)
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
New Contents:
Cause: When ipa-client-install tries to autodiscover IPA server in its domain, it does not use any timeout when a server is found and is being checked
Consequence: If the found server is unresponsive during the autodiscovery, the whole ipa-client-install gets stuck
Fix: A 30 second timeout is added to ipa-client-install autodiscovery server check
Result: ipa-client-install reports autodiscovery failure when the tested checked server is unresponsive and lets user set IPA server address manually
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
http://rhn.redhat.com/errata/RHSA-2011-1533.html
Description of problem: When ipa-client-install is run, it autodiscovers for existing LDAP servers and checks if it is a valid IPA server. During the process, it tries to download ca.crt. If the discovered target is unresponsive, ipa-client-install hangs and does not let user to override the autodiscovered server/domain. Version-Release number of selected component (if applicable): ipa-client-2.1.1-101.20111004T0103zgita013597.el6.x86_64 How reproducible: Have an LDAP server with proper _ldap._tcp DNS SRV records in client domain and which would not return ca.crt (in my test it was ldap.corp.redhat.com) and run ipa-client-install. Steps to Reproduce: 1. Have the LDAP server with DNS SRV records as described 2. Run ipa-client-install without --server or --domain options Actual results: ipa-client-install hangs: # ipa-client-install -d root : DEBUG /usr/sbin/ipa-client-install was invoked with options: {'conf_ntp': True, 'domain': None, 'uninstall': False, 'force': False, 'sssd': True, 'krb5_offline_passwords': True, 'hostname': None, 'permit': False, 'server': None, 'prompt_password': False, 'mkhomedir': False, 'dns_updates': False, 'debug': True, 'on_master': False, 'ntp_server': None, 'realm_name': None, 'unattended': None, 'principal': None} root : DEBUG missing options might be asked for interactively later root : DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' root : DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' root : DEBUG [ipadnssearchldap(idm.lab.bos.redhat.com)] root : DEBUG [ipadnssearchldap(lab.bos.redhat.com)] root : DEBUG [ipadnssearchldap(bos.redhat.com)] root : DEBUG [ipadnssearchldap(redhat.com)] root : DEBUG [ipadnssearchkrb] root : DEBUG [ipacheckldap] Expected results: ipa-client-install should timeout, inform the user that the autodiscovery has failed and let user enter his IPA server (which obviously does not have proper DNS SRV records)