Bug 915745 – Entire 60basev3 schema is not included in update file, other errors

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 915745 - Entire 60basev3 schema is not included in update file, other errors

Summary:	Entire 60basev3 schema is not included in update file, other errors

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	ipa (Show other bugs)
Sub Component:
Version:	6.5
Hardware:	Unspecified Unspecified

Priority	urgent Severity high
Target Milestone:	rc
Target Release:	---
Assigned To:	Martin Kosek
QA Contact:	Namita Soman
Docs Contact:

URL:
Whiteboard:
Keywords:	ZStream

Depends On:	910902
Blocks:	916535
	Show dependency tree / graph

Reported:	2013-02-26 07:35 EST by Martin Kosek
Modified:	2013-11-21 15:51 EST (History)
CC List:	7 users (show)

See Also:
Fixed In Version:	ipa-3.0.0-27.el6
Doc Type:	Bug Fix
Doc Text:	Update files, used when upgrading Identity Management server to a higher version, did not contain one new Directory Server schema attributeType (ipaExternalMember) and an objectClass (ipaExternalGroup). Consequently, Identity Management servers, which were updated from a previous version that did not have this attributeType and objectClass in its base installation, missed the attributeType and objectClass in its schema. Both command-line interface (CLI) commands using these schema elements and Web UI as a whole did not function properly. This update adds the missing objectClass and attributeType to the Identity Management update files. Currently, Directory Server schema is updated during the Identity Management update process, and CLI commands and the Web UI function normally.
Story Points:	---
Clone Of:	910902
Environment:
Last Closed:	2013-11-21 15:51:27 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2013:1651	normal	SHIPPED_LIVE	ipa bug fix and enhancement update	2013-11-20 19:39:40 EST

Groups: None (edit)

Description Martin Kosek 2013-02-26 07:35:48 EST

+++ This bug was initially created as a clone of Bug #910902 +++

This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/3398

In a very brief look I found a number of attributes and objectclasses in 60basev3.ldif that are not in an associated update file. The updates are split between 10-60basev3.update and 60-trusts.update.

missing attributes
 * ipaExternalMember

missing objectclasses
 * ipaExternalGroup

The definition for ipaNTFlatName has a misspelled ORDERING in both the 60basev3.ldif and the update file.

--- Additional comment from Namita Soman on 2013-02-13 15:53:53 EST ---

QE will install ipa 2.1, add objects, upgrade to ipa 3.0 and verify UI is accessible. Is that a good test?

--- Additional comment from Rob Crittenden on 2013-02-14 08:55:00 EST ---

Yes, that should be sufficient.

--- Additional comment from xdong on 2013-02-14 14:03:18 EST ---

Created attachment 697340 [details]
updated from ipa-server-2.1.3-9.el6.x86_64

--- Additional comment from xdong on 2013-02-14 14:05:05 EST ---

Created attachment 697341 [details]
updated to ipa-server-3.0.0-26.el6_4.x86_64 ,WebUI shows error prompt

--- Additional comment from Rob Crittenden on 2013-02-15 09:14:16 EST ---

If you look at /var/log/httpd/error_log you'll see whether you're getting the sam backtrace as originally reported (related to missing ipaExternalMember)

--- Additional comment from xdong on 2013-02-21 16:10:30 EST ---

[Thu Feb 21 15:59:59 2013] [error] ipa: ERROR: non-public: KeyError: 'ipaExternalGroup'
[Thu Feb 21 15:59:59 2013] [error] Traceback (most recent call last):
[Thu Feb 21 15:59:59 2013] [error]   File "/usr/lib/python2.6/site-packages/ipaserver/rpcserver.py", line 334, in wsgi_execute
[Thu Feb 21 15:59:59 2013] [error]     result = self.Command[name](*args, **options)
[Thu Feb 21 15:59:59 2013] [error]   File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 435, in __call__
[Thu Feb 21 15:59:59 2013] [error]     ret = self.run(*args, **options)
[Thu Feb 21 15:59:59 2013] [error]   File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 747, in run
[Thu Feb 21 15:59:59 2013] [error]     return self.execute(*args, **options)
[Thu Feb 21 15:59:59 2013] [error]   File "/usr/lib/python2.6/site-packages/ipalib/plugins/internal.py", line 119, in execute
[Thu Feb 21 15:59:59 2013] [error]     (o.name, json_serialize(o)) for o in self.api.Object()
[Thu Feb 21 15:59:59 2013] [error]   File "/usr/lib/python2.6/site-packages/ipalib/plugins/internal.py", line 119, in <genexpr>
[Thu Feb 21 15:59:59 2013] [error]     (o.name, json_serialize(o)) for o in self.api.Object()
[Thu Feb 21 15:59:59 2013] [error]   File "/usr/lib/python2.6/site-packages/ipalib/util.py", line 55, in json_serialize
[Thu Feb 21 15:59:59 2013] [error]     return json_serialize(obj.__json__())
[Thu Feb 21 15:59:59 2013] [error]   File "/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py", line 644, in __json__
[Thu Feb 21 15:59:59 2013] [error]     attrs = self.api.Backend.ldap2.schema.attribute_types(objectclasses)
[Thu Feb 21 15:59:59 2013] [error]   File "/usr/lib64/python2.6/site-packages/ldap/schema/subentry.py", line 277, in attribute_types
[Thu Feb 21 15:59:59 2013] [error]     object_class = self.sed[ObjectClass][object_class_oid]
[Thu Feb 21 15:59:59 2013] [error] KeyError: 'ipaExternalGroup'
[Thu Feb 21 15:59:59 2013] [error] ipa: INFO: admin@LAB.BOS.REDHAT.COM: json_metadata(None, None, object=u'all'): KeyError

--- Additional comment from Martin Kosek on 2013-02-22 07:36:27 EST ---

Fixed upstream:
master: https://fedorahosted.org/freeipa/changeset/49beb8cd3a752322285aa21a94306f7b99bcfae8
ipa-3-1: https://fedorahosted.org/freeipa/changeset/fd1cfd38e2cf0b9b8730f6d68c9fc3283a0872a1
ipa-3-0: https://fedorahosted.org/freeipa/changeset/d6a92b2dece5908eec94b8394ee611a497916648

The missing attributeType and objectClasse is now added to update file. It also replaces misspelled ipant* attributeTypes ORDERING value on new install and upgrades.

--- Additional comment from Martin Kosek on 2013-02-26 03:54:09 EST ---

Upstream ticket reopened, moving to ASSIGNED.

Comment 1 Martin Kosek 2013-02-27 06:55:54 EST

Regression (schema parsing error messages) fixed upstream:

master: https://fedorahosted.org/freeipa/changeset/4a6f3cac29d0cbc119b32a4ed41efdeac13791e5
ipa-3-1: https://fedorahosted.org/freeipa/changeset/6832218a6afb38265044b2f0dd6633163bf0e11d
ipa-3-0: https://fedorahosted.org/freeipa/changeset/9c00258f7a4b7f10d83c8f13d2c7508a6820a79b

Comment 4 Xiyang Dong 2013-03-04 13:56:56 EST

verified in ipa-server-3.0.0-26.el6_4.2.x86_64

Steps to reproduce:
1.updated 6.2 -> 6.3 -> 6.4

The error didn't show up.All WebUI elements work fine.

Comment 6 Scott Poore 2013-09-05 18:34:09 EDT

Verified from cli.

Version ::

ipa-server-3.0.0-34.el6.x86_64

Automated Test Results ::

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ipa_upgrade_bz915745 - Entire 60basev3 schema is not included in update file, other errors
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 17:32:53 ] ::  Checking Web UI
:: [ 17:32:53 ] ::  Prepare json query in file
:: [ 17:32:53 ] ::  Getting Session ID with:  curl -v --negotiate -u: https://rhel6-1.testrelm.com/ipa/session/login_kerberos --cacert /etc/ipa/ca.crt
:: [   PASS   ] :: Running 'curl  -H "Content-Type:application/json" -H "Referer: https://rhel6-1.testrelm.com/ipa/xml" -H "Accept:application/json"  -H "Accept-Language:en" --cacert /etc/ipa/ca.crt -d  @/tmp/jsoninput -X POST -b "ipa_session=c6c089a2715a830e6573bb3580edfcb1; httponly; Path=/ipa; secure" https://rhel6-1.testrelm.com/ipa/session/json > /tmp/tmpout1 2>&1' (Expected 0, got 0)
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
122   420    0   420    0    69   2935    482 --:--:-- --:--:-- --:--:--  3162
{
    "error": null, 
    "id": null, 
    "principal": "admin@TESTRELM.COM", 
    "result": {
        "count": 1, 
        "result": [
            {
                "dn": "uid=admin,cn=users,cn=accounts,dc=testrelm,dc=com", 
                "uid": [
                    "admin"
                ]
            }
        ], 
        "summary": "1 user matched", 
        "truncated": false
    }, 
    "version": "3.0.0"
}:: [   PASS   ] :: Running 'cat /tmp/tmpout1' (Expected 0, got 0)
:: [   PASS   ] :: File '/tmp/tmpout1' should contain 'uid=admin.*dc=testrelm,dc=com' 
:: [   PASS   ] :: File '/usr/share/ipa/updates/10-60basev3.update' should contain 'ipaExternalMember' 
:: [   PASS   ] :: BZ 915745 not found

Comment 8 errata-xmlrpc 2013-11-21 15:51:27 EST

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1651.html

Note You need to log in before you can comment on or make changes to this bug.