https://bugzilla.redhat.com/show_bug.cgi?id=846309 (Red Hat Enterprise Linux 6)
Description of problem: Using UI was able to disable the last admin. As soon as it was disabled - got Internal Server Error Version-Release number of selected component (if applicable): freeipa-server-2.99.0-0.20120803T1426Zgit36c4778.fc17.x86_64 How reproducible: always Steps to Reproduce: 1. Select admin 2. Click on Disable Actual results: Error - Internal Server Error Then cannot access UI nor kinit as admin # kinit admin kinit: Clients credentials have been revoked while getting initial credentials Expected results: Since this is the last admin, behaviour should be similar to as decided for bug 805233, when deleting last admin Additional info: /var/log/httpd/error_log: [Tue Aug 07 08:10:11 2012] [error] [client 10.16.98.192] DatabaseError: Server is unwilling to perform: Account inactivated. Contact system administrator. [Tue Aug 07 08:10:20 2012] [error] ipa: INFO: Unhandled LDAPError: {'info': 'Account inactivated. Contact system administrator.', 'desc': 'Server is unwilling to perform'} [Tue Aug 07 08:10:20 2012] [error] [client 10.16.98.192] mod_wsgi (pid=28823): Exception occurred processing WSGI script '/usr/share/ipa/wsgi.py'. [Tue Aug 07 08:10:20 2012] [error] [client 10.16.98.192] Traceback (most recent call last): [Tue Aug 07 08:10:20 2012] [error] [client 10.16.98.192] File "/usr/share/ipa/wsgi.py", line 49, in application [Tue Aug 07 08:10:20 2012] [error] [client 10.16.98.192] return api.Backend.wsgi_dispatch(environ, start_response) [Tue Aug 07 08:10:20 2012] [error] [client 10.16.98.192] File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 246, in __call__ [Tue Aug 07 08:10:20 2012] [error] [client 10.16.98.192] return self.route(environ, start_response) [Tue Aug 07 08:10:20 2012] [error] [client 10.16.98.192] File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 258, in route [Tue Aug 07 08:10:20 2012] [error] [client 10.16.98.192] return app(environ, start_response) [Tue Aug 07 08:10:20 2012] [error] [client 10.16.98.192] File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 830, in __call__ [Tue Aug 07 08:10:20 2012] [error] [client 10.16.98.192] self.create_context(ccache=ipa_ccache_name) [Tue Aug 07 08:10:20 2012] [error] [client 10.16.98.192] File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line 114, in create_context [Tue Aug 07 08:10:20 2012] [error] [client 10.16.98.192] self.Backend.ldap2.connect(ccache=ccache) [Tue Aug 07 08:10:20 2012] [error] [client 10.16.98.192] File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line 63, in connect [Tue Aug 07 08:10:20 2012] [error] [client 10.16.98.192] conn = self.create_connection(*args, **kw) [Tue Aug 07 08:10:20 2012] [error] [client 10.16.98.192] File "/usr/lib/python2.7/site-packages/ipalib/encoder.py", line 198, in new_f [Tue Aug 07 08:10:20 2012] [error] [client 10.16.98.192] return f(*new_args, **kwargs) [Tue Aug 07 08:10:20 2012] [error] [client 10.16.98.192] File "/usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py", line 476, in create_connection [Tue Aug 07 08:10:20 2012] [error] [client 10.16.98.192] _handle_errors(e) [Tue Aug 07 08:10:20 2012] [error] [client 10.16.98.192] File "/usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py", line 241, in _handle_errors [Tue Aug 07 08:10:20 2012] [error] [client 10.16.98.192] raise errors.DatabaseError(desc=desc, info=info) [Tue Aug 07 08:10:20 2012] [error] [client 10.16.98.192] DatabaseError: Server is unwilling to perform: Account inactivated. Contact system administrator. [Tue Aug 07 08:10:27 2012] [error] ipa: INFO: Unhandled LDAPError: {'info': 'Account inactivated. Contact system administrator.', 'desc': 'Server is unwilling to perform'} [Tue Aug 07 08:10:27 2012] [error] [client 10.16.98.192] mod_wsgi (pid=28769): Exception occurred processing WSGI script '/usr/share/ipa/wsgi.py'. [Tue Aug 07 08:10:27 2012] [error] [client 10.16.98.192] Traceback (most recent call last): [Tue Aug 07 08:10:27 2012] [error] [client 10.16.98.192] File "/usr/share/ipa/wsgi.py", line 49, in application [Tue Aug 07 08:10:27 2012] [error] [client 10.16.98.192] return api.Backend.wsgi_dispatch(environ, start_response) [Tue Aug 07 08:10:27 2012] [error] [client 10.16.98.192] File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 246, in __call__ [Tue Aug 07 08:10:27 2012] [error] [client 10.16.98.192] return self.route(environ, start_response) [Tue Aug 07 08:10:27 2012] [error] [client 10.16.98.192] File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 258, in route [Tue Aug 07 08:10:27 2012] [error] [client 10.16.98.192] return app(environ, start_response) [Tue Aug 07 08:10:27 2012] [error] [client 10.16.98.192] File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 830, in __call__ [Tue Aug 07 08:10:27 2012] [error] [client 10.16.98.192] self.create_context(ccache=ipa_ccache_name) [Tue Aug 07 08:10:27 2012] [error] [client 10.16.98.192] File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line 114, in create_context [Tue Aug 07 08:10:27 2012] [error] [client 10.16.98.192] self.Backend.ldap2.connect(ccache=ccache) [Tue Aug 07 08:10:27 2012] [error] [client 10.16.98.192] File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line 63, in connect [Tue Aug 07 08:10:27 2012] [error] [client 10.16.98.192] conn = self.create_connection(*args, **kw) [Tue Aug 07 08:10:27 2012] [error] [client 10.16.98.192] File "/usr/lib/python2.7/site-packages/ipalib/encoder.py", line 198, in new_f [Tue Aug 07 08:10:27 2012] [error] [client 10.16.98.192] return f(*new_args, **kwargs) [Tue Aug 07 08:10:27 2012] [error] [client 10.16.98.192] File "/usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py", line 476, in create_connection [Tue Aug 07 08:10:27 2012] [error] [client 10.16.98.192] _handle_errors(e) [Tue Aug 07 08:10:27 2012] [error] [client 10.16.98.192] File "/usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py", line 241, in _handle_errors [Tue Aug 07 08:10:27 2012] [error] [client 10.16.98.192] raise errors.DatabaseError(desc=desc, info=info) [Tue Aug 07 08:10:27 2012] [error] [client 10.16.98.192] DatabaseError: Server is unwilling to perform: Account inactivated. Contact system administrator.
patch submitted
freeipa-jdennis-0078-Ticket-2979-prevent-last-admin-from-being-disabled.patch
master: 4f03aed[[BR]] ipa-3-0: 47ff8c5
Moving closed RC1 tickets to Beta 3.
Metadata Update from @dpal: - Issue assigned to jdennis - Issue set to the milestone: FreeIPA 3.0 Beta 3
Login to comment on this ticket.