https://bugzilla.redhat.com/show_bug.cgi?id=804609 (Red Hat Enterprise Linux 6)
Description of problem: After migration of users and groups from 389 directory server, get errors viewing users and group members from the WebUI. Not all attributes are viewable. Example User from directory server :: dn: cn=Darcee Leeson,ou=People,dc=example,dc=com carLicense: 2CGORU4 cn: Darcee Leeson departmentNumber: 9466 description: This is Darcee Leeson's description employeeType: Normal facsimileTelephoneNumber: +1 408 553-4571 givenName: Darcee homePhone: +1 206 217-8241 initials: D. L. l: Sunnyvale mail: Darcee_Leeson@example.com manager: cn=Mollee Weisenberg,ou=People,dc=example,dc=com mobile: +1 818 264-2444 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount ou: Product Testing pager: +1 510 405-3251 postalAddress: example.com, Product Testing Dept #795, Room#250 roomNumber: 9844 secretary: cn=Ayaz Kreiger,ou=People,dc=example,dc=com sn: Leeson telephoneNumber: +1 804 913-8558 title: Supreme Product Testing Visionary uid: Darcee_Leeson uidNumber: 11731 gidNumber: 21731 homeDirectory: /home/Darcee_Leeson userPassword:: e1NTSEF9VzMySTlBaFBkT0dMa201QU9DQThobW5LSC9RV296RWpCMFJ6TXc9PQ= = Example of user in IPA from CLI after migration :: # ipa user-find Darcee_Leeson -------------- 1 user matched -------------- User login: Darcee_Leeson First name: Darcee Last name: Leeson Home directory: /home/Darcee_Leeson Email address: Darcee_Leeson@example.com UID: 11731 GID: 21731 Telephone Number: +1 804 913-8558 Job Title: Supreme Product Testing Visionary Account disabled: False Password: True Kerberos keys available: False Example group from 389 directory server :: dn: cn=Accounting,ou=Groups,dc=example,dc=com objectClass: top objectClass: inetuser objectClass: groupofnames objectClass: posixGroup cn: Accounting member: cn=Gabbie Sarubbi,ou=People,dc=example,dc=com member: cn=Klara Eswara,ou=People,dc=example,dc=com member: cn=Tomasina Kowalsky,ou=People,dc=example,dc=com member: cn=Merilyn Upton,ou=People,dc=example,dc=com member: cn=Cang Keighley,ou=People,dc=example,dc=com member: cn=Idette Risler,ou=People,dc=example,dc=com member: cn=Leanora Corless,ou=People,dc=example,dc=com member: cn=Scarlet Witt,ou=People,dc=example,dc=com member: cn=Laurene Kindem,ou=People,dc=example,dc=com member: cn=Kin-Wai Wennerstrom,ou=People,dc=example,dc=com member: cn=Saeed Dehghan,ou=People,dc=example,dc=com member: cn=Dalenna Spann,ou=People,dc=example,dc=com member: cn=Lonee Praeuner,ou=People,dc=example,dc=com member: cn=Clemence Royle,ou=People,dc=example,dc=com member: cn=Christan Propes,ou=People,dc=example,dc=com member: cn=Blondelle Rabiasz,ou=People,dc=example,dc=com member: cn=Loesje Sparkes,ou=People,dc=example,dc=com member: cn=Gwynith Leigh,ou=People,dc=example,dc=com member: cn=Ella Markell,ou=People,dc=example,dc=com member: cn=Gretchen Lightowler,ou=People,dc=example,dc=com member: cn=Briney Hollingsworth,ou=People,dc=example,dc=com member: cn=Roxy Winlow,ou=People,dc=example,dc=com member: cn=Maycel Kardos,ou=People,dc=example,dc=com member: cn=Marybeth Fuson,ou=People,dc=example,dc=com member: cn=Frederick Vinnell,ou=People,dc=example,dc=com member: cn=Janusz Fussell,ou=People,dc=example,dc=com member: cn=Lorenzo Wilczewski,ou=People,dc=example,dc=com ............ Example of group from IPA after migration :: # ipa group-find accounting ---------------- 2 groups matched ---------------- Group name: Accounting GID: 30000 Member users: Gabbie Sarubbi, Klara Eswara, Tomasina Kowalsky, Merilyn Upton, Cang Keighley, Idette Risler, Leanora Corless, Scarlet Witt, Laurene Kindem, Kin-Wai Wennerstrom, Saeed Dehghan, Dalenna Spann, Lonee Praeuner, Clemence Royle, Christan Propes, Blondelle Rabiasz, Loesje Sparkes, Gwynith Leigh, Ella Markell, Gretchen Lightowler, Briney Hollingsworth, Roxy Winlow, Maycel Kardos, Marybeth Fuson, Frederick Vinnell, Janusz Fussell, Lorenzo Wilczewski, Avie Pouliot Group name: Accounting Managers Description: People who can manage accounting entries ---------------------------- Number of entries returned 2 ---------------------------- PLEASE NOTE :: 2 entries noted ... one returned Version-Release number of selected component (if applicable): ipa-server-2.2.0-4.el6.x86_64 How reproducible: Steps to Reproduce: 1. ipa migrate-ds ldap://389server.hostname 2. launch WebUI, view users and group members 3. Actual results: Expected results: Additional info: Please see attached screen shots
I believe the problem is we aren't updating dn entries within a user. You'll notice that manager and secretary point still refer to ou=People.
master:[[BR]] b9c3eb7[[BR]] 98a99cb
ipa-2-2:[[BR]] 4e0e0fd[[BR]] 0b5c853
A patch fixing a creation of UPGs, when they are not needed:
master: b55c98f[[BR]] ipa-2-2: b98342a
Metadata Update from @dpal: - Issue assigned to rcritten - Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/03
Login to comment on this ticket.