#2979 Prevent disabling last admin
Closed: Fixed None Opened 11 years ago by dpal.

https://bugzilla.redhat.com/show_bug.cgi?id=846309 (Red Hat Enterprise Linux 6)

Description of problem:
Using UI was able to disable the last admin.
As soon as it was disabled - got Internal Server Error

Version-Release number of selected component (if applicable):
freeipa-server-2.99.0-0.20120803T1426Zgit36c4778.fc17.x86_64

How reproducible:
always

Steps to Reproduce:
1. Select admin
2. Click on Disable


Actual results:
Error - Internal Server Error
Then cannot access UI nor kinit as admin
# kinit admin
kinit: Clients credentials have been revoked while getting initial credentials


Expected results:
Since this is the last admin, behaviour should be similar to as decided for bug
805233, when deleting last admin

Additional info:

/var/log/httpd/error_log:

[Tue Aug 07 08:10:11 2012] [error] [client 10.16.98.192] DatabaseError: Server
is unwilling to perform: Account inactivated. Contact system administrator.
[Tue Aug 07 08:10:20 2012] [error] ipa: INFO: Unhandled LDAPError: {'info':
'Account inactivated. Contact system administrator.', 'desc': 'Server is
unwilling to perform'}
[Tue Aug 07 08:10:20 2012] [error] [client 10.16.98.192] mod_wsgi (pid=28823):
Exception occurred processing WSGI script '/usr/share/ipa/wsgi.py'.
[Tue Aug 07 08:10:20 2012] [error] [client 10.16.98.192] Traceback (most recent
call last):
[Tue Aug 07 08:10:20 2012] [error] [client 10.16.98.192]   File
"/usr/share/ipa/wsgi.py", line 49, in application
[Tue Aug 07 08:10:20 2012] [error] [client 10.16.98.192]     return
api.Backend.wsgi_dispatch(environ, start_response)
[Tue Aug 07 08:10:20 2012] [error] [client 10.16.98.192]   File
"/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 246, in
__call__
[Tue Aug 07 08:10:20 2012] [error] [client 10.16.98.192]     return
self.route(environ, start_response)
[Tue Aug 07 08:10:20 2012] [error] [client 10.16.98.192]   File
"/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 258, in route
[Tue Aug 07 08:10:20 2012] [error] [client 10.16.98.192]     return
app(environ, start_response)
[Tue Aug 07 08:10:20 2012] [error] [client 10.16.98.192]   File
"/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 830, in
__call__
[Tue Aug 07 08:10:20 2012] [error] [client 10.16.98.192]
self.create_context(ccache=ipa_ccache_name)
[Tue Aug 07 08:10:20 2012] [error] [client 10.16.98.192]   File
"/usr/lib/python2.7/site-packages/ipalib/backend.py", line 114, in
create_context
[Tue Aug 07 08:10:20 2012] [error] [client 10.16.98.192]
self.Backend.ldap2.connect(ccache=ccache)
[Tue Aug 07 08:10:20 2012] [error] [client 10.16.98.192]   File
"/usr/lib/python2.7/site-packages/ipalib/backend.py", line 63, in connect
[Tue Aug 07 08:10:20 2012] [error] [client 10.16.98.192]     conn =
self.create_connection(*args, **kw)
[Tue Aug 07 08:10:20 2012] [error] [client 10.16.98.192]   File
"/usr/lib/python2.7/site-packages/ipalib/encoder.py", line 198, in new_f
[Tue Aug 07 08:10:20 2012] [error] [client 10.16.98.192]     return
f(*new_args, **kwargs)
[Tue Aug 07 08:10:20 2012] [error] [client 10.16.98.192]   File
"/usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py", line 476, in
create_connection
[Tue Aug 07 08:10:20 2012] [error] [client 10.16.98.192]     _handle_errors(e)
[Tue Aug 07 08:10:20 2012] [error] [client 10.16.98.192]   File
"/usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py", line 241, in
_handle_errors
[Tue Aug 07 08:10:20 2012] [error] [client 10.16.98.192]     raise
errors.DatabaseError(desc=desc, info=info)
[Tue Aug 07 08:10:20 2012] [error] [client 10.16.98.192] DatabaseError: Server
is unwilling to perform: Account inactivated. Contact system administrator.
[Tue Aug 07 08:10:27 2012] [error] ipa: INFO: Unhandled LDAPError: {'info':
'Account inactivated. Contact system administrator.', 'desc': 'Server is
unwilling to perform'}
[Tue Aug 07 08:10:27 2012] [error] [client 10.16.98.192] mod_wsgi (pid=28769):
Exception occurred processing WSGI script '/usr/share/ipa/wsgi.py'.
[Tue Aug 07 08:10:27 2012] [error] [client 10.16.98.192] Traceback (most recent
call last):
[Tue Aug 07 08:10:27 2012] [error] [client 10.16.98.192]   File
"/usr/share/ipa/wsgi.py", line 49, in application
[Tue Aug 07 08:10:27 2012] [error] [client 10.16.98.192]     return
api.Backend.wsgi_dispatch(environ, start_response)
[Tue Aug 07 08:10:27 2012] [error] [client 10.16.98.192]   File
"/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 246, in
__call__
[Tue Aug 07 08:10:27 2012] [error] [client 10.16.98.192]     return
self.route(environ, start_response)
[Tue Aug 07 08:10:27 2012] [error] [client 10.16.98.192]   File
"/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 258, in route
[Tue Aug 07 08:10:27 2012] [error] [client 10.16.98.192]     return
app(environ, start_response)
[Tue Aug 07 08:10:27 2012] [error] [client 10.16.98.192]   File
"/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 830, in
__call__
[Tue Aug 07 08:10:27 2012] [error] [client 10.16.98.192]
self.create_context(ccache=ipa_ccache_name)
[Tue Aug 07 08:10:27 2012] [error] [client 10.16.98.192]   File
"/usr/lib/python2.7/site-packages/ipalib/backend.py", line 114, in
create_context
[Tue Aug 07 08:10:27 2012] [error] [client 10.16.98.192]
self.Backend.ldap2.connect(ccache=ccache)
[Tue Aug 07 08:10:27 2012] [error] [client 10.16.98.192]   File
"/usr/lib/python2.7/site-packages/ipalib/backend.py", line 63, in connect
[Tue Aug 07 08:10:27 2012] [error] [client 10.16.98.192]     conn =
self.create_connection(*args, **kw)
[Tue Aug 07 08:10:27 2012] [error] [client 10.16.98.192]   File
"/usr/lib/python2.7/site-packages/ipalib/encoder.py", line 198, in new_f
[Tue Aug 07 08:10:27 2012] [error] [client 10.16.98.192]     return
f(*new_args, **kwargs)
[Tue Aug 07 08:10:27 2012] [error] [client 10.16.98.192]   File
"/usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py", line 476, in
create_connection
[Tue Aug 07 08:10:27 2012] [error] [client 10.16.98.192]     _handle_errors(e)
[Tue Aug 07 08:10:27 2012] [error] [client 10.16.98.192]   File
"/usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py", line 241, in
_handle_errors
[Tue Aug 07 08:10:27 2012] [error] [client 10.16.98.192]     raise
errors.DatabaseError(desc=desc, info=info)
[Tue Aug 07 08:10:27 2012] [error] [client 10.16.98.192] DatabaseError: Server
is unwilling to perform: Account inactivated. Contact system administrator.

patch submitted

freeipa-jdennis-0078-Ticket-2979-prevent-last-admin-from-being-disabled.patch

Moving closed RC1 tickets to Beta 3.

Metadata Update from @dpal:
- Issue assigned to jdennis
- Issue set to the milestone: FreeIPA 3.0 Beta 3

7 years ago

Login to comment on this ticket.

Metadata