https://bugzilla.redhat.com/show_bug.cgi?id=719656
Disabling ipa-nis-manage removes the following suffix from DS causing "ipa hostgroup" command to fail to automatically add any netgroup info in cn=ng,cn=compat, dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com. <snip> # ng, compat, lab.eng.pnq.redhat.com dn: cn=ng,cn=compat, dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com objectClass: extensibleObject cn: ng </snip> Version-Release number of selected component (if applicable): ipa-server-2.0.0-25.el6.x86_64 How reproducible: 100% Steps to Reproduce: 1. Install ipa server 2. Make sure "# ng, compat, lab.eng.pnq.redhat.com" exists # /usr/bin/ldapsearch -x -h localhost -D "cn=Directory Manager" -w Secret123 -b cn=ng,cn=compat,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com # ng, compat, lab.eng.pnq.redhat.com dn: cn=ng,cn=compat, dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com objectClass: extensibleObject cn: ng 3. Add hostgroup # ipa hostgroup-add hostgrp1 --desc="host group1" -------------------------- Added hostgroup "hostgrp1" -------------------------- Host-group: hostgrp1 Description: host group1 4. Verify if netgroup info is automatically added to "cn=ng,cn=compat, dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com" suffix # /usr/bin/ldapsearch -x -h localhost -D "cn=Directory Manager" -w Secret123 -b cn=ng,cn=compat,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com # ng, compat, lab.eng.pnq.redhat.com dn: cn=ng,cn=compat, dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com objectClass: extensibleObject cn: ng # hostgrp1, ng, compat, lab.eng.pnq.redhat.com dn: cn=hostgrp1,cn=ng,cn=compat,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com objectClass: nisNetgroup objectClass: top cn: hostgrp1 5. Now, disable ipa-nis-manage 6. Check if netgroup info exists in "ng, compat, lab.eng.pnq.redhat.com" Actual results: # /usr/bin/ldapsearch -x -h localhost -D "cn=Directory Manager" -w Secret123 -b cn=ng,cn=compat,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com # search result search: 2 result: 32 No such object <<<<<<<<<<<<<<<<<< matchedDN: dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com All netgroup data from cn=compat is removed. Expected results: Should not remove any existing data. Additional info: 1. Enabling ipa-nis-manage doesn't help. 2. This causes adding hostgroup to "ipa sudorule" to fail. 3. Also, affects SSSD while enumerating netgroups.
master: c1f5dad[[BR]] ipa-2-0: fe3fd0e
Metadata Update from @rcritten: - Issue assigned to jcholast - Issue set to the milestone: FreeIPA 2.1 - 2011/07
Login to comment on this ticket.