Issue #3192: ipa-adtrust-install does not reset all information when re-run - freeipa

freeipa

#3192 ipa-adtrust-install does not reset all information when re-run

Closed: Fixed None Opened 11 years ago by mkosek.

https://bugzilla.redhat.com/show_bug.cgi?id=867447 (Red Hat Enterprise Linux 6)

Description of problem:

When changing the NetBIOS name of the IPA domain, ipa-adtrust-install missed
changing one object (ipaNTFlatName):

[root@f18-1 ~]# ipa-adtrust-install

The log file for this installation can be found in
/var/log/ipaserver-install.log
==============================================================================
This program will setup components needed to establish trust to AD domains for
the FreeIPA Server.

This includes:
  * Configure Samba
  * Add trust related objects to FreeIPA LDAP server

To accept the default shown in brackets, press the Enter key.

IPA generated smb.conf detected.
Overwrite smb.conf? [no]: yes

The following operations may take some minutes to complete.
Please wait until the prompt is returned.

Enter the NetBIOS name for the IPA domain.
Only up to 15 uppercase ASCII letters and digits are allowed.
Example: EXAMPLE.

NetBIOS domain name [TESTRELM]:

Configuring cross-realm trusts for IPA server requires password for user
'admin'.
This user is a regular system account used for IPA server administration.

admin password:
...output truncated...

[root@f18-1 ~]# ldapsearch -H ldapi://%2fvar%2frun%2fslapd-TESTRELM-COM.socket
objectclass=ipaNTDomainAttrs
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
# extended LDIF
#
# LDAPv3
# base <dc=testrelm,dc=com> (default) with scope subtree
# filter: objectclass=ipaNTDomainAttrs
# requesting: ALL
#

# testrelm.com, ad, etc, testrelm.com
dn: cn=testrelm.com,cn=ad,cn=etc,dc=testrelm,dc=com
ipaNTFallbackPrimaryGroup: cn=Default SMB Group,cn=groups,cn=accounts,dc=testr
 elm,dc=com
objectClass: ipaNTDomainAttrs
objectClass: nsContainer
objectClass: top
ipaNTSecurityIdentifier: S-1-5-21-2925033745-151447840-2997953556
ipaNTFlatName: ADTESTDOM
ipaNTDomainGUID: b6f2eca8-01a0-4041-aac6-58446c934b13
cn: testrelm.com

# search result
search: 3
result: 0 Success

# numResponses: 2
# numEntries: 1


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Install IPA Master
2. Install AD Server
3. run ipa-adtrust-install with one NetBIOS name
4. re-run ipa-adtrust-install with new NetBIOS name
5. ldapsearch -H ldapi://%2fvar%2frun%2fslapd-<INSTANCE_NAME>.socket
objectclass=ipaNTDomainAttrs

Actual results:

Shows original NetBIOS name, not new one.

Expected results:

Shows new NetBIOS name.

Additional info:

To workaround this, ldapmodify object like this:

ldapmodify -H ldapi://%2fvar%2frun%2fslapd-TESTRELM-DOM.socket << EOF
dn: cn=testrelm.com,cn=ad,cn=etc,dc=testrelm,dc=com
changetype: modify
replace: ipaNTFlatName
ipaNTFlatName: TESTRELM

EOF

mkosek commented 11 years ago

master: b204881[[BR]]
ipa-3-0: 349ab51

Metadata Update from @mkosek:
- Issue assigned to sbose
- Issue set to the milestone: FreeIPA 3.0.1 (bug fixing)

7 years ago

Metadata

Assignee

sbose

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 3.0.1 (bug fixing)

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

IPA

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=867447

tester

None

changelog

None

design

None

freeipa

Source Code

#3192 ipa-adtrust-install does not reset all information when re-run Closed: Fixed None Opened 11 years ago by mkosek.

Metadata

#3192 ipa-adtrust-install does not reset all information when re-run

Closed: Fixed None Opened 11 years ago by mkosek.