Hide Forgot
Description of problem: # ipa config-mod --userobjectclasses="top, person, organizationalperson, inetorgperson, inetuser, posixaccount, krbprincipalaux, krbticketpolicyaux, ipaobject, ipasshuser, sambasamaccount" ipa: ERROR: invalid 'ipauserobjectclasses': user default attribute sshpubkeyfp would not be allowed! Version-Release number of selected component (if applicable): ipa-server-2.2.0-101.20120215T0856zgit578669d.el6.x86_64 How reproducible: Steps to Reproduce: 1. attempt to add an additional user object class to ipa configuration (see description) 2. 3. Actual results: ipa: ERROR: invalid 'ipauserobjectclasses': user default attribute sshpubkeyfp would not be allowed! Expected results: object class added and any new user added would have attributes from this objectclass available Additional info:
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: Add additional allowed user object class :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ipa: ERROR: invalid 'ipauserobjectclasses': user default attribute sshpubkeyfp would not be allowed! :: [ FAIL ] :: Add additional allowed objectclass (Expected 0, got 1) :: [ FAIL ] :: User object classes not as expected.
Upstream ticket: https://fedorahosted.org/freeipa/ticket/2406
Fixed upstream: master: https://fedorahosted.org/freeipa/changeset/ac47b1ca6e902d52e9791f427d3b6f193cbb56b6 ipa-2-2: https://fedorahosted.org/freeipa/changeset/74bec83a1b3767fa6807d3f4a2018db0e874abe2
verified :: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: Add additional allowed user object class :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ PASS ] :: Add additional allowed objectclass :: [ PASS ] :: Additional user objectclass successfully added. :: [ PASS ] :: Running 'ipa config-mod --delattr=ipauserobjectclasses=sambasamaccount' :: [ LOG ] :: Duration: 5s :: [ LOG ] :: Assertions: 3 good, 0 bad :: [ PASS ] :: RESULT: Add additional allowed user object class version:: ipa-server-2.2.0-4.el6.x86_64
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Tech note not needed - limited impact.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0819.html