https://bugzilla.redhat.com/show_bug.cgi?id=893827 (Red Hat Enterprise Linux 6)
Description of problem: in 6.3: # ipa permission-find --targetgroup=ipausers --all -------------------- 1 permission matched -------------------- dn: cn=add user to default group,cn=permissions,cn=pbac,dc=testrelm,dc=com Permission name: Add user to default group Permissions: write Attributes: member Target group: ipausers Granted to Privilege: User Administrators memberindirect: cn=user administrators,cn=privileges,cn=pbac,dc=testrelm,dc=com, cn=user administrator,cn=roles,cn=accounts,dc=testrelm,dc=com objectclass: top, groupofnames, ipapermission ---------------------------- Number of entries returned 1 ---------------------------- in 6.4: # ipa permission-find --targetgroup=ipausers --all ipa: ERROR: an internal error has occurred # ipa permission-show "Add user to default group" --all dn: cn=Add user to default group,cn=permissions,cn=pbac,dc=testrelm,dc=com Permission name: Add user to default group Permissions: write Attributes: member Target group: ipausers Granted to Privilege: User Administrators objectclass: top, groupofnames, ipapermission Version-Release number of selected component (if applicable): ipa-server-3.0.0-19.el6.x86_64 How reproducible: always Steps to Reproduce: 1. ipa permission-find --targetgroup=ipausers --all Actual results: ipa: ERROR: an internal error has occurred Expected results: List permission "Add user to default group" where target group is ipauser Additional info: From /var/log/httpd/error_log: [Wed Jan 09 20:25:59 2013] [error] ipa: ERROR: non-public: TypeError: 'in <string>' requires string as left operand, not DN [Wed Jan 09 20:25:59 2013] [error] Traceback (most recent call last): [Wed Jan 09 20:25:59 2013] [error] File "/usr/lib/python2.6/site-packages/ipaserver/rpcserver.py", line 334, in wsgi_execute [Wed Jan 09 20:25:59 2013] [error] result = self.Command[name](*args, **options) [Wed Jan 09 20:25:59 2013] [error] File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 435, in __call__ [Wed Jan 09 20:25:59 2013] [error] ret = self.run(*args, **options) [Wed Jan 09 20:25:59 2013] [error] File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 747, in run [Wed Jan 09 20:25:59 2013] [error] return self.execute(*args, **options) [Wed Jan 09 20:25:59 2013] [error] File "/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py", line 1893, in execute [Wed Jan 09 20:25:59 2013] [error] truncated = callback(self, ldap, entries, truncated, *args, **options) [Wed Jan 09 20:25:59 2013] [error] File "/usr/lib/python2.6/site-packages/ipalib/plugins/permission.py", line 457, in post_callback [Wed Jan 09 20:25:59 2013] [error] aciresults = self.api.Command.aci_find(*args, **opts) [Wed Jan 09 20:25:59 2013] [error] File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 435, in __call__ [Wed Jan 09 20:25:59 2013] [error] ret = self.run(*args, **options) [Wed Jan 09 20:25:59 2013] [error] File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 747, in run [Wed Jan 09 20:25:59 2013] [error] return self.execute(*args, **options) [Wed Jan 09 20:25:59 2013] [error] File "/usr/lib/python2.6/site-packages/ipalib/plugins/aci.py", line 818, in execute [Wed Jan 09 20:25:59 2013] [error] if api.env.container_group in target: [Wed Jan 09 20:25:59 2013] [error] TypeError: 'in <string>' requires string as left operand, not DN [Wed Jan 09 20:25:59 2013] [error] ipa: INFO: admin@TESTRELM.COM: permission_find(None, targetgroup=u'ipausers', all=True, raw=False, version=u'2.46', pkey_only=False): TypeError
attachment freeipa-mkosek-346-permission-find-no-longer-crashes-with-targetgroup.patch
Patch freeipa-mkosek-346-permission-find-no-longer-crashes-with-targetgroup.patch sent for review
This bug was found during 3.0 testing and has a fix ready. Autotriaging the issue to 3.0.2 milestone.
master: cb7e93b[[BR]] ipa-3-1: dfa67df[[BR]] ipa-3-0: 8602899
Metadata Update from @mkosek: - Issue assigned to mkosek - Issue set to the milestone: FreeIPA 3.0.2
Login to comment on this ticket.