Bug 893827 - ipa permission-find using valid targetgroup throws internal error
ipa permission-find using valid targetgroup throws internal error
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ipa (Show other bugs)
6.4
Unspecified Unspecified
high Severity medium
: rc
: ---
Assigned To: Rob Crittenden
Namita Soman
: Regression
Depends On:
Blocks: 895654
  Show dependency treegraph
 
Reported: 2013-01-09 20:29 EST by Namita Soman
Modified: 2013-08-19 10:17 EDT (History)
3 users (show)

See Also:
Fixed In Version: ipa-3.0.0-21.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-02-21 04:32:03 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Namita Soman 2013-01-09 20:29:42 EST
Description of problem:

in 6.3:
# ipa permission-find --targetgroup=ipausers --all
--------------------
1 permission matched
--------------------
  dn: cn=add user to default group,cn=permissions,cn=pbac,dc=testrelm,dc=com
  Permission name: Add user to default group
  Permissions: write
  Attributes: member
  Target group: ipausers
  Granted to Privilege: User Administrators
  memberindirect: cn=user
                  administrators,cn=privileges,cn=pbac,dc=testrelm,dc=com,
                  cn=user administrator,cn=roles,cn=accounts,dc=testrelm,dc=com
  objectclass: top, groupofnames, ipapermission
----------------------------
Number of entries returned 1
----------------------------

in 6.4:
# ipa permission-find --targetgroup=ipausers --all
ipa: ERROR: an internal error has occurred

# ipa permission-show "Add user to default group" --all
  dn: cn=Add user to default group,cn=permissions,cn=pbac,dc=testrelm,dc=com
  Permission name: Add user to default group
  Permissions: write
  Attributes: member
  Target group: ipausers
  Granted to Privilege: User Administrators
  objectclass: top, groupofnames, ipapermission

Version-Release number of selected component (if applicable):
ipa-server-3.0.0-19.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1. ipa permission-find --targetgroup=ipausers --all

  
Actual results:
ipa: ERROR: an internal error has occurred


Expected results:
List permission "Add user to default group" where target group is ipauser

Additional info:
From /var/log/httpd/error_log:

[Wed Jan 09 20:25:59 2013] [error] ipa: ERROR: non-public: TypeError: 'in <string>' requires string as left operand, not DN
[Wed Jan 09 20:25:59 2013] [error] Traceback (most recent call last):
[Wed Jan 09 20:25:59 2013] [error]   File "/usr/lib/python2.6/site-packages/ipaserver/rpcserver.py", line 334, in wsgi_execute
[Wed Jan 09 20:25:59 2013] [error]     result = self.Command[name](*args, **options)
[Wed Jan 09 20:25:59 2013] [error]   File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 435, in __call__
[Wed Jan 09 20:25:59 2013] [error]     ret = self.run(*args, **options)
[Wed Jan 09 20:25:59 2013] [error]   File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 747, in run
[Wed Jan 09 20:25:59 2013] [error]     return self.execute(*args, **options)
[Wed Jan 09 20:25:59 2013] [error]   File "/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py", line 1893, in execute
[Wed Jan 09 20:25:59 2013] [error]     truncated = callback(self, ldap, entries, truncated, *args, **options)
[Wed Jan 09 20:25:59 2013] [error]   File "/usr/lib/python2.6/site-packages/ipalib/plugins/permission.py", line 457, in post_callback
[Wed Jan 09 20:25:59 2013] [error]     aciresults = self.api.Command.aci_find(*args, **opts)
[Wed Jan 09 20:25:59 2013] [error]   File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 435, in __call__
[Wed Jan 09 20:25:59 2013] [error]     ret = self.run(*args, **options)
[Wed Jan 09 20:25:59 2013] [error]   File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 747, in run
[Wed Jan 09 20:25:59 2013] [error]     return self.execute(*args, **options)
[Wed Jan 09 20:25:59 2013] [error]   File "/usr/lib/python2.6/site-packages/ipalib/plugins/aci.py", line 818, in execute
[Wed Jan 09 20:25:59 2013] [error]     if api.env.container_group in target:
[Wed Jan 09 20:25:59 2013] [error] TypeError: 'in <string>' requires string as left operand, not DN
[Wed Jan 09 20:25:59 2013] [error] ipa: INFO: admin@TESTRELM.COM: permission_find(None, targetgroup=u'ipausers', all=True, raw=False, version=u'2.46', pkey_only=False): TypeError
Comment 2 Martin Kosek 2013-01-10 05:55:52 EST
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/3335
Comment 8 Namita Soman 2013-01-14 09:51:09 EST
Verified using ipa-server-3.0.0-21.el6.x86_64

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ipa-permission-cli-1050 - find permission - --targetgroup (bz 893827)
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [09:29:16] ::  Executing: ipa permission-find --targetgroup=ipausers --all
:: [09:29:16] ::  Searching for permissions: Add user to default group
Permission name: Add user to default group
:: [09:29:16] ::  Permission Add user to default group found as expected.
:: [   PASS   ] :: Verify permissions are found for --targetgroup=ipausers
'c1197d08-2511-4559-953f-29df04e2d6a1'
ipa-permission-cli-1050-find-permission-targetgroup-bz-893827- result: PASS
Comment 10 errata-xmlrpc 2013-02-21 04:32:03 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0528.html

Note You need to log in before you can comment on or make changes to this bug.