freeipa

Clone
Source Code
GIT

#3390 Internal error when user triggers trusted domain communication
Closed: Fixed None Opened 11 years ago by mkosek.

Closed: Fixed
Reopen Issue

When user privileged to add group members tries to add external member is not a member of Trusted Admins, he receives an internal error:

# ipa user-show fbar
  User login: fbar
  First name: Foo
  Last name: Bar
  Home directory: /home/fbar
  Login shell: /bin/sh
  Email address: fbar@linux.ad.test
  UID: 1230000003
  GID: 1230000003
  Account disabled: False
  Password: True
  Member of groups: ipausers
  Roles: helpdesk                    <<<<<<
  Kerberos keys available: True
# kinit fbar
Password for fbar@LINUX.AD.TEST: 
# ipa group-add-member ext_all_admins --external "AD\Domain Admins"
[member user]: 
[member group]: 
ipa: ERROR: an internal error has occurred

/var/log/httpd/error_log:
[Mon Feb 04 10:09:55.085035 2013] [:error] [pid 22453] Traceback (most recent call     last):
[Mon Feb 04 10:09:55.085041 2013] [:error] [pid 22453]   File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 334, in wsgi_execute
[Mon Feb 04 10:09:55.085046 2013] [:error] [pid 22453]     result = self.              Command[name](*args, **options)
[Mon Feb 04 10:09:55.085051 2013] [:error] [pid 22453]   File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 435, in __call__
[Mon Feb 04 10:09:55.085056 2013] [:error] [pid 22453]     ret = self.run(*args, **    options)
[Mon Feb 04 10:09:55.085060 2013] [:error] [pid 22453]   File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 747, in run
[Mon Feb 04 10:09:55.085065 2013] [:error] [pid 22453]     return self.execute(*       args, **options)
[Mon Feb 04 10:09:55.085070 2013] [:error] [pid 22453]   File "/usr/lib/python2.7/site-packages/ipalib/plugins/baseldap.py", line 1546, in execute
[Mon Feb 04 10:09:55.085075 2013] [:error] [pid 22453]     **options)
[Mon Feb 04 10:09:55.085079 2013] [:error] [pid 22453]   File "/usr/lib/python2.7/site-packages/ipalib/plugins/group.py", line 388, in post_callback
[Mon Feb 04 10:09:55.085084 2013] [:error] [pid 22453]     actual_sid =                domain_validator.get_trusted_domain_object_sid(sid)
[Mon Feb 04 10:09:55.085089 2013] [:error] [pid 22453]   File "/usr/lib/python2.7/site-packages/ipaserver/dcerpc.py", line 264, in get_trusted_domain_object_sid
[Mon Feb 04 10:09:55.085094 2013] [:error] [pid 22453]     components.get('flatname'), filter, attrs, scope)
[Mon Feb 04 10:09:55.085099 2013] [:error] [pid 22453]   File "/usr/lib/python2.7/site-packages/ipaserver/dcerpc.py", line 221, in get_trusted_domain_objects
[Mon Feb 04 10:09:55.085104 2013] [:error] [pid 22453]     self._domains = self.       get_trusted_domains()
[Mon Feb 04 10:09:55.085109 2013] [:error] [pid 22453]   File "/usr/lib/python2.7/site-packages/ipaserver/dcerpc.py", line 162, in get_trusted_domains
[Mon Feb 04 10:09:55.085124 2013] [:error] [pid 22453]     entry[1][self.              ATTR_TRUST_AUTHOUT][0])
[Mon Feb 04 10:09:55.085129 2013] [:error] [pid 22453] KeyError:                       'ipanttrustauthoutgoing'
[Mon Feb 04 10:09:55.085498 2013] [:error] [pid 22453] ipa: INFO: fbar@LINUX.AD.TEST:  group_add_member(u'ext_all_admins', ipaexternalmember=(u'AD\\\\Domain Admins',),       all=False, raw=False, version=u'2.47'): KeyError

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=907917

master: a41e10f

ipa-3-1: b238fc1

Metadata Update from @mkosek:
- Issue assigned to mkosek
- Issue set to the milestone: FreeIPA 3.2 - 2013/02
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
defect
None
None
IPA
None
1
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=907917
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.