Bug 915745 - Entire 60basev3 schema is not included in update file, other errors
Entire 60basev3 schema is not included in update file, other errors
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ipa (Show other bugs)
6.5
Unspecified Unspecified
urgent Severity high
: rc
: ---
Assigned To: Martin Kosek
Namita Soman
: ZStream
Depends On: 910902
Blocks: 916535
  Show dependency treegraph
 
Reported: 2013-02-26 07:35 EST by Martin Kosek
Modified: 2013-11-21 15:51 EST (History)
7 users (show)

See Also:
Fixed In Version: ipa-3.0.0-27.el6
Doc Type: Bug Fix
Doc Text:
Update files, used when upgrading Identity Management server to a higher version, did not contain one new Directory Server schema attributeType (ipaExternalMember) and an objectClass (ipaExternalGroup). Consequently, Identity Management servers, which were updated from a previous version that did not have this attributeType and objectClass in its base installation, missed the attributeType and objectClass in its schema. Both command-line interface (CLI) commands using these schema elements and Web UI as a whole did not function properly. This update adds the missing objectClass and attributeType to the Identity Management update files. Currently, Directory Server schema is updated during the Identity Management update process, and CLI commands and the Web UI function normally.
Story Points: ---
Clone Of: 910902
Environment:
Last Closed: 2013-11-21 15:51:27 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Martin Kosek 2013-02-26 07:35:48 EST
+++ This bug was initially created as a clone of Bug #910902 +++

This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/3398

In a very brief look I found a number of attributes and objectclasses in 60basev3.ldif that are not in an associated update file. The updates are split between 10-60basev3.update and 60-trusts.update.

missing attributes
 * ipaExternalMember

missing objectclasses
 * ipaExternalGroup

The definition for ipaNTFlatName has a misspelled ORDERING in both the 60basev3.ldif and the update file.

--- Additional comment from Namita Soman on 2013-02-13 15:53:53 EST ---

QE will install ipa 2.1, add objects, upgrade to ipa 3.0 and verify UI is accessible. Is that a good test?

--- Additional comment from Rob Crittenden on 2013-02-14 08:55:00 EST ---

Yes, that should be sufficient.

--- Additional comment from xdong on 2013-02-14 14:03:18 EST ---

Created attachment 697340 [details]
updated from ipa-server-2.1.3-9.el6.x86_64

--- Additional comment from xdong on 2013-02-14 14:05:05 EST ---

Created attachment 697341 [details]
updated to ipa-server-3.0.0-26.el6_4.x86_64 ,WebUI shows error prompt

--- Additional comment from Rob Crittenden on 2013-02-15 09:14:16 EST ---

If you look at /var/log/httpd/error_log you'll see whether you're getting the sam backtrace as originally reported (related to missing ipaExternalMember)

--- Additional comment from xdong on 2013-02-21 16:10:30 EST ---

[Thu Feb 21 15:59:59 2013] [error] ipa: ERROR: non-public: KeyError: 'ipaExternalGroup'
[Thu Feb 21 15:59:59 2013] [error] Traceback (most recent call last):
[Thu Feb 21 15:59:59 2013] [error]   File "/usr/lib/python2.6/site-packages/ipaserver/rpcserver.py", line 334, in wsgi_execute
[Thu Feb 21 15:59:59 2013] [error]     result = self.Command[name](*args, **options)
[Thu Feb 21 15:59:59 2013] [error]   File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 435, in __call__
[Thu Feb 21 15:59:59 2013] [error]     ret = self.run(*args, **options)
[Thu Feb 21 15:59:59 2013] [error]   File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 747, in run
[Thu Feb 21 15:59:59 2013] [error]     return self.execute(*args, **options)
[Thu Feb 21 15:59:59 2013] [error]   File "/usr/lib/python2.6/site-packages/ipalib/plugins/internal.py", line 119, in execute
[Thu Feb 21 15:59:59 2013] [error]     (o.name, json_serialize(o)) for o in self.api.Object()
[Thu Feb 21 15:59:59 2013] [error]   File "/usr/lib/python2.6/site-packages/ipalib/plugins/internal.py", line 119, in <genexpr>
[Thu Feb 21 15:59:59 2013] [error]     (o.name, json_serialize(o)) for o in self.api.Object()
[Thu Feb 21 15:59:59 2013] [error]   File "/usr/lib/python2.6/site-packages/ipalib/util.py", line 55, in json_serialize
[Thu Feb 21 15:59:59 2013] [error]     return json_serialize(obj.__json__())
[Thu Feb 21 15:59:59 2013] [error]   File "/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py", line 644, in __json__
[Thu Feb 21 15:59:59 2013] [error]     attrs = self.api.Backend.ldap2.schema.attribute_types(objectclasses)
[Thu Feb 21 15:59:59 2013] [error]   File "/usr/lib64/python2.6/site-packages/ldap/schema/subentry.py", line 277, in attribute_types
[Thu Feb 21 15:59:59 2013] [error]     object_class = self.sed[ObjectClass][object_class_oid]
[Thu Feb 21 15:59:59 2013] [error] KeyError: 'ipaExternalGroup'
[Thu Feb 21 15:59:59 2013] [error] ipa: INFO: admin@LAB.BOS.REDHAT.COM: json_metadata(None, None, object=u'all'): KeyError

--- Additional comment from Martin Kosek on 2013-02-22 07:36:27 EST ---

Fixed upstream:
master: https://fedorahosted.org/freeipa/changeset/49beb8cd3a752322285aa21a94306f7b99bcfae8
ipa-3-1: https://fedorahosted.org/freeipa/changeset/fd1cfd38e2cf0b9b8730f6d68c9fc3283a0872a1
ipa-3-0: https://fedorahosted.org/freeipa/changeset/d6a92b2dece5908eec94b8394ee611a497916648

The missing attributeType and objectClasse is now added to update file. It also replaces misspelled ipant* attributeTypes ORDERING value on new install and upgrades.

--- Additional comment from Martin Kosek on 2013-02-26 03:54:09 EST ---

Upstream ticket reopened, moving to ASSIGNED.
Comment 4 Xiyang Dong 2013-03-04 13:56:56 EST
verified in ipa-server-3.0.0-26.el6_4.2.x86_64

Steps to reproduce:
1.updated 6.2 -> 6.3 -> 6.4

The error didn't show up.All WebUI elements work fine.
Comment 6 Scott Poore 2013-09-05 18:34:09 EDT
Verified from cli.

Version ::

ipa-server-3.0.0-34.el6.x86_64

Automated Test Results ::

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ipa_upgrade_bz915745 - Entire 60basev3 schema is not included in update file, other errors
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 17:32:53 ] ::  Checking Web UI
:: [ 17:32:53 ] ::  Prepare json query in file
:: [ 17:32:53 ] ::  Getting Session ID with:  curl -v --negotiate -u: https://rhel6-1.testrelm.com/ipa/session/login_kerberos --cacert /etc/ipa/ca.crt
:: [   PASS   ] :: Running 'curl  -H "Content-Type:application/json" -H "Referer: https://rhel6-1.testrelm.com/ipa/xml" -H "Accept:application/json"  -H "Accept-Language:en" --cacert /etc/ipa/ca.crt -d  @/tmp/jsoninput -X POST -b "ipa_session=c6c089a2715a830e6573bb3580edfcb1; httponly; Path=/ipa; secure" https://rhel6-1.testrelm.com/ipa/session/json > /tmp/tmpout1 2>&1' (Expected 0, got 0)
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
122   420    0   420    0    69   2935    482 --:--:-- --:--:-- --:--:--  3162
{
    "error": null, 
    "id": null, 
    "principal": "admin@TESTRELM.COM", 
    "result": {
        "count": 1, 
        "result": [
            {
                "dn": "uid=admin,cn=users,cn=accounts,dc=testrelm,dc=com", 
                "uid": [
                    "admin"
                ]
            }
        ], 
        "summary": "1 user matched", 
        "truncated": false
    }, 
    "version": "3.0.0"
}:: [   PASS   ] :: Running 'cat /tmp/tmpout1' (Expected 0, got 0)
:: [   PASS   ] :: File '/tmp/tmpout1' should contain 'uid=admin.*dc=testrelm,dc=com' 
:: [   PASS   ] :: File '/usr/share/ipa/updates/10-60basev3.update' should contain 'ipaExternalMember' 
:: [   PASS   ] :: BZ 915745 not found
Comment 8 errata-xmlrpc 2013-11-21 15:51:27 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1651.html

Note You need to log in before you can comment on or make changes to this bug.