Hide Forgot
This bug is created as a clone of upstream ticket: https://fedorahosted.org/freeipa/ticket/2255 Modifying permission memberof to empty will generate an internal error. See the following permission: {{{ # ipa permission-add test --permission=all --memberof=editors --type=user ----------------------- Added permission "test" ----------------------- Permission name: test Permissions: all Type: user Member of group: editors }}} Modifying the memberof to another value works fine: {{{ # ipa permission-mod test --memberof=ipausers -------------------------- Modified permission "test" -------------------------- Permission name: test Permissions: all Type: user Member of group: ipausers }}} Modifying memberof to empty fails: {{{ # ipa permission-mod test --memberof= ipa: ERROR: an internal error has occurred }}} Here is the stack trace from /var/log/httpd/error_log: {{{ ipa: ERROR: non-public: AttributeError: 'NoneType' object has no attribute 'find' Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 229, in wsgi_execute result = self.Command[name](*args, **options) File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 438, in __call__ ret = self.run(*args, **options) File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 696, in run return self.execute(*args, **options) File "/usr/lib/python2.7/site-packages/ipalib/plugins/baseldap.py", line 1106, in execute ldap, dn, entry_attrs, attrs_list, *keys, **options File "/usr/lib/python2.7/site-packages/ipalib/plugins/permission.py", line 299, in pre_callback raise e AttributeError: 'NoneType' object has no attribute 'find' ipa: INFO: admin: permission_mod(u'test', memberof=None, rights=False, all=False, raw=False, version=u'2.20'): AttributeError }}}
Fixed upstream: master: https://fedorahosted.org/freeipa/changeset/616d543a54833a1fde6b0098d91ac0f4e14f7a57 ipa-2-2: https://fedorahosted.org/freeipa/changeset/93a1a3805369048f87e4328f421e156c8ebac07f
*** Bug 783543 has been marked as a duplicate of this bug. ***
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: No documentation needed.
Verified using ipa-server-2.2.0-11.el6.x86_64 # ipa permission-show ManageHost Permission name: ManageHost Permissions: write Attributes: nshostlocation Member of group: admins Subtree: ldap:///cn=computers,cn=accounts,dc=testrelm,dc=com # ipa permission-mod ManageHost --memberof= ----------------------------------- Modified permission "ManageHost" ----------------------------------- Permission name: ManageHost Permissions: write Attributes: nshostlocation Subtree: ldap:///cn=computers,cn=accounts,dc=testrelm,dc=com
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0819.html