freeipa

Clone
Source Code
GIT

#5268 server closes connection and refuses commands after deleting user that is still logged in
Closed: Fixed None Opened 8 years ago by alich.

Closed: Fixed
Reopen Issue

VERSION: 4.2.90.201508241517GITb202afb, API_VERSION: 2.152

[root@freeipabox ~]# ipa user-add --first=Foo --last=Bar --homedir=/home/foobar --password foobar
Password: 
Enter Password again to verify: 
-------------------
Added user "foobar"
-------------------
  User login: foobar
  First name: Foo
  Last name: Bar
  Full name: Foo Bar
  Display name: Foo Bar
  Initials: FB
  Home directory: /home/foobar
  GECOS: Foo Bar
  Login shell: /bin/sh
  Kerberos principal: foobar@ABC.EXAMPLE.COM
  Email address: foobar@abc.example.com
  UID: 1025000046
  GID: 1025000046
  Password: True
  Member of groups: ipausers
  Kerberos keys available: True


-sh-4.3$ whoami
foobar
-sh-4.3$ ipa vault-find
----------------
0 vaults matched
----------------
----------------------------
Number of entries returned 0
----------------------------


[root@freeipabox ~]# ipa user-del foobar
---------------------
Deleted user "foobar"
---------------------
[root@freeipabox ~]# ipa user-show foobar
ipa: ERROR: foobar: user not found
[root@freeipabox ~]# id foobar
uid=1025000046(foobar) gid=1025000046(foobar) groups=1025000046(foobar)


-sh-4.3$ ipa vault-find
ipa: ERROR: Insufficient access: SASL(-14): authorization failure: Invalid credentials
-sh-4.3$ cd
-sh-4.3$ pwd
/home/foobar
-sh-4.3$ ls
-sh-4.3$ ipa user-find
ipa: ERROR: Can't connect to server: Already connected


[root@freeipabox ~]# ipa user-find
ipa: ERROR: cannot connect to 'https://freeipabox.abc.example.com/ipa/session/json': Internal Server Error


-sh-4.3$ exit
logout
Connection to 192.168.1.1 closed.


[root@freeipabox ~]# ipa user-find
ipa: ERROR: cannot connect to 'https://freeipabox.abc.example.com/ipa/session/json': Internal Server Error
[root@freeipabox ~]# ipa vault-find
ipa: ERROR: cannot connect to 'https://freeipabox.abc.example.com/ipa/session/json': Internal Server Error
# after some time
[root@freeipabox ~]# ipa vault-find
ipa: ERROR: Can't connect to server: Already connected
[root@freeipabox ~]# ipa user-find
ipa: ERROR: Can't connect to server: Already connected
[root@freeipabox ~]# ipa config-show
ipa: ERROR: Can't connect to server: Already connected

# make it working again
[root@freeipabox ~]# systemctl restart ipa
[root@freeipabox ~]# ipa config-show
  Maximum username length: 32
  Home directory base: /home
  Default shell: /bin/sh
  Default users group: ipausers
- SNIP -
[root@freeipabox ~]# ipa vault-find
----------------
0 vaults matched
----------------
----------------------------
Number of entries returned 0
----------------------------

[root@freeipabox slapd-ABC-EXAMPLE-COM]# ausearch -m avc -ts recent
<no matches>

[root@freeipabox slapd-ABC-EXAMPLE-COM]# pwd; cat errors
/var/log/dirsrv/slapd-ABC-EXAMPLE-COM
    389-Directory/1.3.4.3 B2015.209.428
    freeipabox.abc.example.com:636 (/etc/dirsrv/slapd-ABC-EXAMPLE-COM)

[01/Sep/2015:11:37:16 +0200] get_dom_sid - [file ipa_sidgen_common.c, line 75]: Internal search failed.
[01/Sep/2015:11:39:11 +0200] get_dom_sid - [file ipa_sidgen_common.c, line 75]: Internal search failed.

Also, you won't be able to login via webui (Internal Error) until you restart the server.

Taking over the ticket, as agreed with tbabej.

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1259848

Fixed.
master:

  • 198908e ldap: Make ldap2 connection management thread-safe again

ipa-4-2:

  • fa15297 ldap: Make ldap2 connection management thread-safe again

Metadata Update from @alich:
- Issue assigned to jcholast
- Issue set to the milestone: FreeIPA 4.2.1
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
important
None
None
None
None
defect
None
None
IPA
None
1
None
wanted
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=1259848
alich
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.