Bug 782566 - Unable to unset permission memberof
Summary: Unable to unset permission memberof
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ipa
Version: 6.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Rob Crittenden
QA Contact: IDM QE LIST
URL:
Whiteboard:
: 783543 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-01-17 17:46 UTC by Dmitri Pal
Modified: 2012-06-20 13:29 UTC (History)
4 users (show)

Fixed In Version: ipa-2.2.0-1.el6
Doc Type: Bug Fix
Doc Text:
No documentation needed.
Clone Of:
Environment:
Last Closed: 2012-06-20 13:29:18 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2012:0819 0 normal SHIPPED_LIVE ipa bug fix and enhancement update 2012-06-19 20:34:17 UTC

Description Dmitri Pal 2012-01-17 17:46:55 UTC
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/2255

Modifying permission memberof to empty will generate an internal error.

See the following permission:
{{{
# ipa permission-add test --permission=all --memberof=editors --type=user
-----------------------
Added permission "test"
-----------------------
  Permission name: test
  Permissions: all
  Type: user
  Member of group: editors
}}}

Modifying the memberof to another value works fine:
{{{
# ipa permission-mod test --memberof=ipausers
--------------------------
Modified permission "test"
--------------------------
  Permission name: test
  Permissions: all
  Type: user
  Member of group: ipausers
}}}

Modifying memberof to empty fails:
{{{
# ipa permission-mod test --memberof=
ipa: ERROR: an internal error has occurred
}}}

Here is the stack trace from /var/log/httpd/error_log:
{{{
ipa: ERROR: non-public: AttributeError: 'NoneType' object has no attribute 'find'
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 229, in wsgi_execute
    result = self.Command[name](*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 438, in __call__
    ret = self.run(*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 696, in run
    return self.execute(*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/plugins/baseldap.py", line 1106, in execute
    ldap, dn, entry_attrs, attrs_list, *keys, **options
  File "/usr/lib/python2.7/site-packages/ipalib/plugins/permission.py", line 299, in pre_callback
    raise e
AttributeError: 'NoneType' object has no attribute 'find'
ipa: INFO: admin: permission_mod(u'test', memberof=None, rights=False, all=False, raw=False, version=u'2.20'): AttributeError
}}}

Comment 2 Martin Kosek 2012-02-09 13:01:06 UTC
*** Bug 783543 has been marked as a duplicate of this bug. ***

Comment 5 Martin Kosek 2012-04-20 10:55:11 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
No documentation needed.

Comment 6 Namita Soman 2012-04-26 12:28:18 UTC
Verified using ipa-server-2.2.0-11.el6.x86_64

# ipa permission-show ManageHost
  Permission name: ManageHost
  Permissions: write
  Attributes: nshostlocation
  Member of group: admins
  Subtree: ldap:///cn=computers,cn=accounts,dc=testrelm,dc=com

# ipa permission-mod ManageHost --memberof=
-----------------------------------
Modified permission "ManageHost"
-----------------------------------
  Permission name: ManageHost
  Permissions: write
  Attributes: nshostlocation
  Subtree: ldap:///cn=computers,cn=accounts,dc=testrelm,dc=com

Comment 8 errata-xmlrpc 2012-06-20 13:29:18 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0819.html


Note You need to log in before you can comment on or make changes to this bug.