https://bugzilla.redhat.com/show_bug.cgi?id=870446 (Red Hat Enterprise Linux 6)
Description of problem: When doing a multioperation --addattr and --delattr on an attribute that is single valued and required, no error message is returned. This is a regression from previously releases. # ipa group-del test -------------------- Deleted group "test" -------------------- [root@qe-blade-11 ipa-group-cli]# ipa group-add --desc=test test ------------------ Added group "test" ------------------ Group name: test Description: test GID: 523800179 CORRECT BEHAVIOR # ipa group-mod --addattr gidnumber=12345678 test ipa: ERROR: gidnumber: Only one value allowed. # ipa group-mod --delattr gidnumber=12345678 test ipa: ERROR: gidnumber does not contain '12345678' # ipa group-mod --delattr gidnumber=523800179 test ipa: ERROR: 'gid' is required INCORRECT BEHAVIOR # ipa group-mod --addattr gidnumber=12345678 --delattr gidnumber=12345678 test --------------------- Modified group "test" --------------------- Group name: test Description: test GID: 523800179 # echo $? 0 Version-Release number of selected component (if applicable): # rpm -qi ipa-server Name : ipa-server Relocations: (not relocatable) Version : 3.0.0 Vendor: (none) Release : 105.20121022T2338zgit3488770.el6 Build Date: Mon 22 Oct 2012 09:13:40 PM EDT Install Date: Thu 25 Oct 2012 03:17:00 PM EDT Build Host: goofy-vm16.dsdev.sjc.redhat.com Group : System Environment/Base Source RPM: ipa-3.0.0-105.20121022T2338zgit3488770.el6.src.rpm Size : 4357546 License: GPLv3+ Signature : (none) URL : http://www.freeipa.org/ Summary : The IPA authentication server Description : IPA is an integrated solution to provide centrally managed Identity (machine, user, virtual machines, groups, authentication credentials), Policy (configuration settings, access control information) and Audit (events, logs, analysis thereof). If you are installing an IPA server you need to install this package (in other words, most people should NOT install this package). How reproducible: always Steps to Reproduce: 1. see description 2. 3. Actual results: No error, appears successful but isn't and return code 0 Expected results: according to help .. --addattr=STR Add an attribute/value pair. Format is attr=value. The attribute must be part of the schema. --delattr=STR Delete an attribute/value pair. The option will be evaluated last, after all sets and adds. delattr should be evaluated last and would have at least expected # ipa group-mod --delattr gidnumber=523800179 test ipa: ERROR: 'gid' is required and return code of 1 Additional info:
My investigation on this one:
I check the behavior, for the reported command. Setting both "--addattr gidnumber=12345678 --delattr gidnumber=12345678" is actually allowed even for a single valued attribute, as this operation practically translates to NOOP. But in that case, we should return "no modifications to be performed" error if no other attribute was modified. This *is* a regression: # ipa group-add foogroup Description: foo ---------------------- Added group "foogroup" ---------------------- Group name: foogroup Description: foo GID: 371800003 OK: # ipa group-mod foogroup --delattr=gidnumber=371800000 ipa: ERROR: gidnumber does not contain '371800000' OK: # ipa group-mod foogroup --delattr=gidnumber=371800003 ipa: ERROR: 'gid' is required OK: # ipa group-mod foogroup --addattr=gidnumber=371800000 ipa: ERROR: gidnumber: Only one value allowed. ERROR: # ipa group-mod foogroup --addattr=gidnumber=371800000 --delattr=gidnumber=371800000 ------------------------- Modified group "foogroup" ------------------------- Group name: foogroup Description: foo GID: 371800003 "no modifications to be performed" should have been risen. I will open an upstream ticket.
attachment freeipa-mkosek-329-use-common-encoding-in-modlist-generation.patch
Patch freeipa-mkosek-329-use-common-encoding-in-modlist-generation.patch sent for review
Changing 3.2 priority
Re-triaged to 3.0.1 milestone.
master: d180d3c[[BR]] ipa-3-0: 1f1918f
Note: this "dirty fix" will be superseded by patch in #2265.
Metadata Update from @mkosek: - Issue assigned to mkosek - Issue set to the milestone: FreeIPA 3.0.1 (bug fixing)
Login to comment on this ticket.