Red Hat Bugzilla – Bug 950014
Enrolling a host into IdM/IPA always takes two attempts
Last modified: 2014-03-06 10:49:28 EST
Fixed upstream: master: 8377f4e92f6c927d6303a4be9d22e71a90af9ab0 The problem is that the task to rebuild memberof is executed before some of the members are added which can sometimes leave things in a bad state. This patch commits to LDAP the updates in blocks of 10 so that members are added in LDAP before memberOf rebuild is executed.
Verified. Version : ipa-server-3.0.0-34.el6.x86_64 Test Results : :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: ipa-rbac-1023 -bz950014 Enrolling a host into IdM/IPA always takes two attempts :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: kdestroy: No credentials cache found while destroying cache spawn /usr/bin/kinit -V admin Using default cache: /tmp/krb5cc_0 Using principal: admin@TESTRELM.COM Password for admin@TESTRELM.COM: Authenticated to Kerberos v5 Default principal: admin@TESTRELM.COM :: [ 12:45:10 ] :: kinit as admin with password Secret123 was successful. :: [ 12:45:10 ] :: create ipa user: [bzuser950014], firstname: [bzuser950014], lastname: [bzuser950014] password: [Secret123] :: [ 12:45:12 ] :: create ipa user: [bzuser950014], password: [Secret123] ------------------------- Added user "bzuser950014" ------------------------- User login: bzuser950014 First name: bzuser950014 Last name: bzuser950014 Full name: bzuser950014 bzuser950014 Display name: bzuser950014 bzuser950014 Initials: bb Home directory: /home/bzuser950014 GECOS field: bzuser950014 bzuser950014 Login shell: /bin/sh Kerberos principal: bzuser950014@TESTRELM.COM Email address: bzuser950014@testrelm.com UID: 593800023 GID: 593800023 Password: True Kerberos keys available: True :: [ PASS ] :: add test user account (Expected 0, got 0) spawn /usr/bin/kinit -V bzuser950014 Using default cache: /tmp/krb5cc_0 Using principal: bzuser950014@TESTRELM.COM Password for bzuser950014@TESTRELM.COM: Password expired. You must change it now. Enter new password: Enter it again: Authenticated to Kerberos v5 Default principal: bzuser950014@TESTRELM.COM :: [ 12:45:21 ] :: kinit as bzuser950014 with new password Secret123 was successful. bzuser950014 :: [ PASS ] :: Running 'create_ipauser bzuser950014 bzuser950014 bzuser950014 Secret123 dummy123' (Expected 0, got 0) kdestroy: No credentials cache found while destroying cache spawn /usr/bin/kinit -V admin Using default cache: /tmp/krb5cc_0 Using principal: admin@TESTRELM.COM Password for admin@TESTRELM.COM: Authenticated to Kerberos v5 Default principal: admin@TESTRELM.COM :: [ 12:45:23 ] :: kinit as admin with password Secret123 was successful. -------------------------------- Added role "build administrator" -------------------------------- Role name: build administrator Description: build administrator :: [ PASS ] :: add role build administrator (Expected 0, got 0) Role name: build administrator Description: build administrator Privileges: Host Administrators ---------------------------- Number of privileges added 1 ---------------------------- :: [ PASS ] :: add priviledge host administrators to role build administrator (Expected 0, got 0) Role name: build administrator Description: build administrator Member users: bzuser950014 Privileges: Host Administrators ------------------------- Number of members added 1 ------------------------- :: [ PASS ] :: add member user bzuser950014 to role build administrator (Expected 0, got 0) -------------------------------------- Added host "bzhost950014.testrelm.com" -------------------------------------- Host name: bzhost950014.testrelm.com Principal name: host/bzhost950014.testrelm.com@TESTRELM.COM Password: False Keytab: False Managed by: bzhost950014.testrelm.com :: [ 12:45:28 ] :: Adding new host bzhost950014.testrelm.com successful with force option. :: [ PASS ] :: add host bzhost950014.testrelm.com to enroll (Expected 0, got 0) Keytab successfully retrieved and stored in: /etc/krb5.keytab Certificate subject base is: O=TESTRELM.COM :: [ PASS ] :: first attempt to enroll a host to ipa succeeded (Expected 0, got 0) spawn /usr/bin/kinit -V admin Using default cache: /tmp/krb5cc_0 Using principal: admin@TESTRELM.COM Password for admin@TESTRELM.COM: Authenticated to Kerberos v5 Default principal: admin@TESTRELM.COM :: [ 12:45:31 ] :: kinit as admin with password Secret123 was successful. ---------------------------------- Deleted role "build administrator" ---------------------------------- :: [ PASS ] :: delete role build administrator (Expected 0, got 0) ---------------------------------------- Deleted host "bzhost950014.testrelm.com" ---------------------------------------- :: [ 12:45:33 ] :: Host bzhost950014.testrelm.com deleted successfully. :: [ PASS ] :: delete test host bzhost950014.testrelm.com (Expected 0, got 0) --------------------------- Deleted user "bzuser950014" --------------------------- :: [ PASS ] :: delete account [bzuser950014] (Expected 0, got 0) :: [ PASS ] :: delete test user bzuser950014 (Expected 0, got 0)
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-1651.html