915745 – Entire 60basev3 schema is not included in update file, other errors

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 915745 - Entire 60basev3 schema is not included in update file, other errors

Summary: Entire 60basev3 schema is not included in update file, other errors

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	ipa
Sub Component:
Version:	6.5
Hardware:	Unspecified
OS:	Unspecified
Priority:	urgent
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Martin Kosek
QA Contact:	Namita Soman
Docs Contact:
URL:
Whiteboard:
Depends On:	910902
Blocks:	916535
TreeView+	depends on / blocked

Reported:	2013-02-26 12:35 UTC by Martin Kosek
Modified:	2018-11-30 19:32 UTC (History)
CC List:	7 users (show)
Fixed In Version:	ipa-3.0.0-27.el6
Doc Type:	Bug Fix
Doc Text:	Update files, used when upgrading Identity Management server to a higher version, did not contain one new Directory Server schema attributeType (ipaExternalMember) and an objectClass (ipaExternalGroup). Consequently, Identity Management servers, which were updated from a previous version that did not have this attributeType and objectClass in its base installation, missed the attributeType and objectClass in its schema. Both command-line interface (CLI) commands using these schema elements and Web UI as a whole did not function properly. This update adds the missing objectClass and attributeType to the Identity Management update files. Currently, Directory Server schema is updated during the Identity Management update process, and CLI commands and the Web UI function normally.
Clone Of:	910902
Environment:
Last Closed:	2013-11-21 20:51:27 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2013:1651	0	normal	SHIPPED_LIVE	ipa bug fix and enhancement update	2013-11-21 00:39:40 UTC

Description Martin Kosek 2013-02-26 12:35:48 UTC

+++ This bug was initially created as a clone of Bug #910902 +++

This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/3398

In a very brief look I found a number of attributes and objectclasses in 60basev3.ldif that are not in an associated update file. The updates are split between 10-60basev3.update and 60-trusts.update.

missing attributes
 * ipaExternalMember

missing objectclasses
 * ipaExternalGroup

The definition for ipaNTFlatName has a misspelled ORDERING in both the 60basev3.ldif and the update file.

--- Additional comment from Namita Soman on 2013-02-13 15:53:53 EST ---

QE will install ipa 2.1, add objects, upgrade to ipa 3.0 and verify UI is accessible. Is that a good test?

--- Additional comment from Rob Crittenden on 2013-02-14 08:55:00 EST ---

Yes, that should be sufficient.

--- Additional comment from xdong on 2013-02-14 14:03:18 EST ---

Created attachment 697340 [details]
updated from ipa-server-2.1.3-9.el6.x86_64

--- Additional comment from xdong on 2013-02-14 14:05:05 EST ---

Created attachment 697341 [details]
updated to ipa-server-3.0.0-26.el6_4.x86_64 ,WebUI shows error prompt

--- Additional comment from Rob Crittenden on 2013-02-15 09:14:16 EST ---

If you look at /var/log/httpd/error_log you'll see whether you're getting the sam backtrace as originally reported (related to missing ipaExternalMember)

--- Additional comment from xdong on 2013-02-21 16:10:30 EST ---

[Thu Feb 21 15:59:59 2013] [error] ipa: ERROR: non-public: KeyError: 'ipaExternalGroup'
[Thu Feb 21 15:59:59 2013] [error] Traceback (most recent call last):
[Thu Feb 21 15:59:59 2013] [error]   File "/usr/lib/python2.6/site-packages/ipaserver/rpcserver.py", line 334, in wsgi_execute
[Thu Feb 21 15:59:59 2013] [error]     result = self.Command[name](*args, **options)
[Thu Feb 21 15:59:59 2013] [error]   File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 435, in __call__
[Thu Feb 21 15:59:59 2013] [error]     ret = self.run(*args, **options)
[Thu Feb 21 15:59:59 2013] [error]   File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 747, in run
[Thu Feb 21 15:59:59 2013] [error]     return self.execute(*args, **options)
[Thu Feb 21 15:59:59 2013] [error]   File "/usr/lib/python2.6/site-packages/ipalib/plugins/internal.py", line 119, in execute
[Thu Feb 21 15:59:59 2013] [error]     (o.name, json_serialize(o)) for o in self.api.Object()
[Thu Feb 21 15:59:59 2013] [error]   File "/usr/lib/python2.6/site-packages/ipalib/plugins/internal.py", line 119, in <genexpr>
[Thu Feb 21 15:59:59 2013] [error]     (o.name, json_serialize(o)) for o in self.api.Object()
[Thu Feb 21 15:59:59 2013] [error]   File "/usr/lib/python2.6/site-packages/ipalib/util.py", line 55, in json_serialize
[Thu Feb 21 15:59:59 2013] [error]     return json_serialize(obj.__json__())
[Thu Feb 21 15:59:59 2013] [error]   File "/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py", line 644, in __json__
[Thu Feb 21 15:59:59 2013] [error]     attrs = self.api.Backend.ldap2.schema.attribute_types(objectclasses)
[Thu Feb 21 15:59:59 2013] [error]   File "/usr/lib64/python2.6/site-packages/ldap/schema/subentry.py", line 277, in attribute_types
[Thu Feb 21 15:59:59 2013] [error]     object_class = self.sed[ObjectClass][object_class_oid]
[Thu Feb 21 15:59:59 2013] [error] KeyError: 'ipaExternalGroup'
[Thu Feb 21 15:59:59 2013] [error] ipa: INFO: admin.REDHAT.COM: json_metadata(None, None, object=u'all'): KeyError

--- Additional comment from Martin Kosek on 2013-02-22 07:36:27 EST ---

Fixed upstream:
master: https://fedorahosted.org/freeipa/changeset/49beb8cd3a752322285aa21a94306f7b99bcfae8
ipa-3-1: https://fedorahosted.org/freeipa/changeset/fd1cfd38e2cf0b9b8730f6d68c9fc3283a0872a1
ipa-3-0: https://fedorahosted.org/freeipa/changeset/d6a92b2dece5908eec94b8394ee611a497916648

The missing attributeType and objectClasse is now added to update file. It also replaces misspelled ipant* attributeTypes ORDERING value on new install and upgrades.

--- Additional comment from Martin Kosek on 2013-02-26 03:54:09 EST ---

Upstream ticket reopened, moving to ASSIGNED.

Comment 1 Martin Kosek 2013-02-27 11:55:54 UTC

Regression (schema parsing error messages) fixed upstream:

master: https://fedorahosted.org/freeipa/changeset/4a6f3cac29d0cbc119b32a4ed41efdeac13791e5
ipa-3-1: https://fedorahosted.org/freeipa/changeset/6832218a6afb38265044b2f0dd6633163bf0e11d
ipa-3-0: https://fedorahosted.org/freeipa/changeset/9c00258f7a4b7f10d83c8f13d2c7508a6820a79b

Comment 4 Xiyang Dong 2013-03-04 18:56:56 UTC

verified in ipa-server-3.0.0-26.el6_4.2.x86_64

Steps to reproduce:
1.updated 6.2 -> 6.3 -> 6.4

The error didn't show up.All WebUI elements work fine.

Comment 6 Scott Poore 2013-09-05 22:34:09 UTC

Verified from cli.

Version ::

ipa-server-3.0.0-34.el6.x86_64

Automated Test Results ::

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ipa_upgrade_bz915745 - Entire 60basev3 schema is not included in update file, other errors
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 17:32:53 ] ::  Checking Web UI
:: [ 17:32:53 ] ::  Prepare json query in file
:: [ 17:32:53 ] ::  Getting Session ID with:  curl -v --negotiate -u: https://rhel6-1.testrelm.com/ipa/session/login_kerberos --cacert /etc/ipa/ca.crt
:: [   PASS   ] :: Running 'curl  -H "Content-Type:application/json" -H "Referer: https://rhel6-1.testrelm.com/ipa/xml" -H "Accept:application/json"  -H "Accept-Language:en" --cacert /etc/ipa/ca.crt -d  @/tmp/jsoninput -X POST -b "ipa_session=c6c089a2715a830e6573bb3580edfcb1; httponly; Path=/ipa; secure" https://rhel6-1.testrelm.com/ipa/session/json > /tmp/tmpout1 2>&1' (Expected 0, got 0)
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
122   420    0   420    0    69   2935    482 --:--:-- --:--:-- --:--:--  3162
{
    "error": null, 
    "id": null, 
    "principal": "admin", 
    "result": {
        "count": 1, 
        "result": [
            {
                "dn": "uid=admin,cn=users,cn=accounts,dc=testrelm,dc=com", 
                "uid": [
                    "admin"
                ]
            }
        ], 
        "summary": "1 user matched", 
        "truncated": false
    }, 
    "version": "3.0.0"
}:: [   PASS   ] :: Running 'cat /tmp/tmpout1' (Expected 0, got 0)
:: [   PASS   ] :: File '/tmp/tmpout1' should contain 'uid=admin.*dc=testrelm,dc=com' 
:: [   PASS   ] :: File '/usr/share/ipa/updates/10-60basev3.update' should contain 'ipaExternalMember' 
:: [   PASS   ] :: BZ 915745 not found

Comment 8 errata-xmlrpc 2013-11-21 20:51:27 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1651.html

Note You need to log in before you can comment on or make changes to this bug.