I can verify that 100 entries come back when utilizing the cli when performing an: ipa sudocmd-find
But when browsing to the corresponding section of the WebUI, an error is thrown and no results return.
/var/log/http/error_log:
[Mon Mar 28 10:57:55 2011] [error] ipa: ERROR: non-public: ValueError: list.remove(x): x not in list [Mon Mar 28 10:57:55 2011] [error] Traceback (most recent call last): [Mon Mar 28 10:57:55 2011] [error] File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 217, in wsgi_execute [Mon Mar 28 10:57:55 2011] [error] result = self.Command[name](*args, **options) [Mon Mar 28 10:57:55 2011] [error] File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 422, in __call__ [Mon Mar 28 10:57:55 2011] [error] ret = self.run(*args, **options) [Mon Mar 28 10:57:55 2011] [error] File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 728, in run [Mon Mar 28 10:57:55 2011] [error] return self.execute(*args, **options) [Mon Mar 28 10:57:55 2011] [error] File "/usr/lib/python2.7/site-packages/ipalib/plugins/baseldap.py", line 1398, in execute [Mon Mar 28 10:57:55 2011] [error] size_limit=options.get('sizelimit', None) [Mon Mar 28 10:57:55 2011] [error] File "/usr/lib/python2.7/site-packages/ipalib/encoder.py", line 188, in new_f [Mon Mar 28 10:57:55 2011] [error] return f(*new_args, **kwargs) [Mon Mar 28 10:57:55 2011] [error] File "/usr/lib/python2.7/site-packages/ipalib/encoder.py", line 199, in new_f [Mon Mar 28 10:57:55 2011] [error] return args[0].decode(f(*args, **kwargs)) [Mon Mar 28 10:57:55 2011] [error] File "/usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py", line 597, in find_entries [Mon Mar 28 10:57:55 2011] [error] (direct, indirect) = self.get_memberof(r[0], memberof, time_limit=time_limit, size_limit=size_limit, normalize=normalize) [Mon Mar 28 10:57:55 2011] [error] File "/usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py", line 1020, in get_memberof [Mon Mar 28 10:57:55 2011] [error] indirect.remove(r[0].lower()) [Mon Mar 28 10:57:55 2011] [error] ValueError: list.remove(x): x not in list
Part of this problem is due to the fact that FreeIPA allows for "*" to be present in search filters when performing an ipa sudocmd-find --all. This problem manifests on the cli as well.
"*" is an important character to use in sudocmd's since sudo allows for globbing.
A separate Ticket has been opened to address this: https://fedorahosted.org/freeipa/ticket/1140
I am working to produce a patch to address 1140, which in turn should resolve the webui/cli issue.
attachment freeipa-rcrit-760-member.patch
This error is addressed by the patch that addresses ticket: https://fedorahosted.org/freeipa/ticket/1139
This error has been manifesting because of static container searches in the ldap2.py member / memberof enumeration.
If error handling is desired for this exception, I suggest it be noted that this error occurs if there is a delta between the memberof list passed into this function and the results returned for verifying those memberships. (I.E. is suggests that the memberOf Plugin or referential integrity is some how broken.)
master: cc0e668
ipa-2-0: e71c5ae
Metadata Update from @jraquino: - Issue assigned to rcritten - Issue set to the milestone: FreeIPA 2.1 - 2011/08 (Final)
Login to comment on this ticket.