Hide Forgot
Description of problem: Specifying a basedn starting at sublevel ou ipa migrate-ds --user-container="BostonUsers" --base-dn="ou=People,dc=example,dc=com" --with-compat ldap://dhcp-187-227.bos.redhat.com:389 ipa: ERROR: cannot connect to u'http://dhcp-186-147.testrelm.com/ipa/xml': Internal Server Error Attempting a migration for users in a sub OU of ou=People httpd error log: [Mon Mar 19 15:50:48 2012] [error] ipa: INFO: admin: migrate_ds(u'ldap://dhcp-187-227.bos.redhat.com:389', u'********', binddn=u'cn=directory manager', usercontainer=u'ou=people', groupcontainer=u'ou=groups', userobjectclass=(u'person',), groupobjectclass=(u'groupOfUniqueNames', u'groupOfNames'), userignoreobjectclass=None, userignoreattribute=None, groupignoreobjectclass=None, groupignoreattribute=None, groupoverwritegid=False, schema=u'RFC2307bis', continue=False, basedn=u'ou=People,dc=example,dc=com', compat=True, exclude_groups=None, exclude_users=None): NotFound [Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147] mod_wsgi (pid=10480): Exception occurred processing WSGI script '/usr/share/ipa/wsgi.py'. [Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147] Traceback (most recent call last): [Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147] File "/usr/share/ipa/wsgi.py", line 49, in application [Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147] return api.Backend.wsgi_dispatch(environ, start_response) [Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147] File "/usr/lib/python2.6/site-packages/ipaserver/rpcserver.py", line 229, in __call__ [Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147] return self.route(environ, start_response) [Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147] File "/usr/lib/python2.6/site-packages/ipaserver/rpcserver.py", line 241, in route [Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147] return app(environ, start_response) [Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147] File "/usr/lib/python2.6/site-packages/ipaserver/rpcserver.py", line 411, in __call__ [Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147] response = super(xmlserver, self).__call__(environ, start_response) [Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147] File "/usr/lib/python2.6/site-packages/ipaserver/rpcserver.py", line 356, in __call__ [Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147] response = self.wsgi_execute(environ) [Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147] File "/usr/lib/python2.6/site-packages/ipaserver/rpcserver.py", line 315, in wsgi_execute [Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147] result = self.Command[name](*args, **options) [Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147] File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 438, in __call__ [Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147] ret = self.run(*args, **options) [Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147] File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 696, in run [Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147] return self.execute(*args, **options) [Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147] File "/usr/lib/python2.6/site-packages/ipalib/plugins/migration.py", line 697, in execute [Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147] ldap, config, ds_ldap, ds_base_dn, options [Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147] File "/usr/lib/python2.6/site-packages/ipalib/plugins/migration.py", line 562, in migrate [Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147] search_refs=True # migrated DS may contain search references [Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147] File "/usr/lib/python2.6/site-packages/ipalib/encoder.py", line 190, in new_f [Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147] return f(*new_args, **kwargs) [Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147] File "/usr/lib/python2.6/site-packages/ipalib/encoder.py", line 201, in new_f [Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147] return args[0].decode(f(*args, **kwargs)) [Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147] File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", line 701, in find_entries [Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147] base_dn = self.normalize_dn(base_dn) [Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147] File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", line 503, in normalize_dn [Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147] rdns = explode_dn(dn) [Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147] File "/usr/lib64/python2.6/site-packages/ldap/dn.py", line 79, in explode_dn [Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147] dn_decomp = str2dn(dn,flags) [Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147] File "/usr/lib64/python2.6/site-packages/ldap/dn.py", line 53, in str2dn [Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147] return ldap.functions._ldap_function_call(_ldap.str2dn,dn,flags) [Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147] File "/usr/lib64/python2.6/site-packages/ldap/functions.py", line 57, in _ldap_function_call [Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147] result = func(*args,**kwargs) [Mon Mar 19 15:51:13 2012] [error] [client 10.16.186.147] DECODING_ERROR Version-Release number of selected component (if applicable): ipa-server-2.2.0-4.el6.x86_64 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
--user-container="BostonUsers" is not a valid RDN, but we certainly should not crash but rather report a user-friendly error. I'll open an upstream ticket.
Upstream ticket: https://fedorahosted.org/freeipa/ticket/2555
automated tests :: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: bz804807 Internal Server Error specifying invalid RDN for container - User Container :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: EXECUTING: echo Secret123 | ipa migrate-ds --user-container="BostonUsers" --group-container="ou=BostonGroups" --base-dn="ou=Boston,dc=example,dc=com" ldap://dhcp-187-227.bos.redhat.com:389 :: [ FAIL ] :: https://bugzilla.redhat.com/show_bug.cgi?id=804807 :: [ LOG ] :: Duration: 3s :: [ LOG ] :: Assertions: 0 good, 1 bad :: [ FAIL ] :: RESULT: bz804807 Internal Server Error specifying invalid RDN for container - User Container :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: bz804807 Internal Server Error specifying invalid RDN for container - Group Container :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: EXECUTING: echo Secret123 | ipa migrate-ds --user-container="ou=BostonUsers" --group-container="BostonGroups" --base-dn="ou=Boston,dc=example,dc=com" ldap://dhcp-187-227.bos.redhat.com:389 :: [ FAIL ] :: https://bugzilla.redhat.com/show_bug.cgi?id=804807 :: [ LOG ] :: Duration: 3s :: [ LOG ] :: Assertions: 0 good, 1 bad :: [ FAIL ] :: RESULT: bz804807 Internal Server Error specifying invalid RDN for container - Group Container
Fixed upstream: master: https://fedorahosted.org/freeipa/changeset/d317c2a0d1114cb0c53c9a333538f579624e4a9b ipa-2-2: https://fedorahosted.org/freeipa/changeset/46391e99561be0213ff90273c4fef5827f76cd07
verified :: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: bz804807 Internal Server Error specifying invalid RDN for container - User Container :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: EXECUTING: echo Secret123 | ipa migrate-ds --user-container="BostonUsers" --group-container="ou=BostonGroups" --base-dn="ou=Boston,dc=example,dc=com" ldap://qe-blade-11.testrelm.com:389 :: [ PASS ] :: Internal Server Error bz804807 fixed - User Container :: [ LOG ] :: Duration: 4s :: [ LOG ] :: Assertions: 1 good, 0 bad :: [ PASS ] :: RESULT: bz804807 Internal Server Error specifying invalid RDN for container - User Container :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: bz804807 Internal Server Error specifying invalid RDN for container - Group Container :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: EXECUTING: echo Secret123 | ipa migrate-ds --user-container="ou=BostonUsers" --group-container="BostonGroups" --base-dn="ou=Boston,dc=example,dc=com" ldap://qe-blade-11.testrelm.com:389 :: [ PASS ] :: Internal Server Error bz804807 fixed - Group Container :: [ LOG ] :: Duration: 1s :: [ LOG ] :: Assertions: 1 good, 0 bad :: [ PASS ] :: RESULT: bz804807 Internal Server Error specifying invalid RDN for container - Group Container version :: ipa-server-2.2.0-11.el6.i686
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: No documentation needed.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0819.html