Hide Forgot
Description of problem: [root@dhcp-187-17 ipa-config]# ipa config-show | grep Certificate Certificate Subject base: O=TESTRELM.COM [root@dhcp-187-17 ipa-config]# ipa config-mod --addattr=ipacertificatesubjectbase=O=DOMAIN.COM Maximum username length: 32 Home directory base: /home Default shell: /bin/sh Default users group: ipausers Default e-mail domain: blah Search time limit: 2 Search size limit: 100 User search fields: uid,givenname,sn,telephonenumber,ou,title Group search fields: cn,description Enable migration mode: FALSE Certificate Subject base: O=TESTRELM.COM, O=DOMAIN.COM Password Expiration Notification (days): 4 Password plugin features: AllowLMhash SELinux user map order: guest_u:s0$xguest_u:s0$user_u:s0-s0:c0.c1023$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023 Default SELinux user: guest_u:s0 [root@dhcp-187-17 ipa-config]# ipa config-show | grep Certificate Certificate Subject base: O=TESTRELM.COM, O=DOMAIN.COM :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: ipaconfig_addaddtr negative test - ipacertificatesubjectbase only one cn allowed - :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [09:26:29] :: Executing: ipa config-mod --addattr=ipacertificatesubjectbase=O=DOMAIN.COM Maximum username length: 32 Home directory base: /home Default shell: /bin/sh Default users group: ipausers Default e-mail domain: blah Search time limit: 2 Search size limit: 100 User search fields: uid,givenname,sn,telephonenumber,ou,title Group search fields: cn,description Enable migration mode: FALSE Certificate Subject base: O=TESTRELM.COM, O=DOMAIN.COM Password Expiration Notification (days): 4 Password plugin features: AllowLMhash SELinux user map order: guest_u:s0$xguest_u:s0$user_u:s0-s0:c0.c1023$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023 Default SELinux user: guest_u:s0 :: [09:26:31] :: ERROR: Expected "ipa config-mod --addattr=ipacertificatesubjectbase=O=DOMAIN.COM" to fail. :: [ FAIL ] :: Verify expected error message. (Expected 0, got 1) Version-Release number of selected component (if applicable): ipa-server-2.2.0-101.20120215T0856zgit578669d.el6.x86_64 How reproducible: always Steps to Reproduce: 1. see description 2. 3. Actual results: Expected results: Additional info:
Upstream ticket: https://fedorahosted.org/freeipa/ticket/2408
fixed upstream master: 8a7d7aaf810503befc174ce0465a08d086e47b91 ipa-2-2: 241955e4ce34f491168237f5a06bcb98daf22a5a
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: No documentation needed.
verified :: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: ipaconfig_addaddtr negative test - ipacertificatesubjectbase only one allowed :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: Executing: ipa config-mod --addattr=ipacertificatesubjectbase=O=DOMAIN.COM :: [ LOG ] :: "ipa config-mod --addattr=ipacertificatesubjectbase=O=DOMAIN.COM" failed as expected. :: [ PASS ] :: Error message as expected: ipa: ERROR: ipacertificatesubjectbase: Only one value allowed. :: [ PASS ] :: Verify expected error message. :: [ LOG ] :: Duration: 8s :: [ LOG ] :: Assertions: 2 good, 0 bad :: [ PASS ] :: RESULT: ipaconfig_addaddtr negative test - ipacertificatesubjectbase only one allowed version :: ipa-server-2.2.0-13.el6.i686
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0819.html