Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1261586
Description of problem: Failing to add attribute for ipaUserObjectClasses. [root@master ~]# ipa config-mod --addattr="ipauserobjectclasses=sambasamaccount" ipa: ERROR: invalid 'ipauserobjectclasses': user default attribute usercertificate;binary would not be allowed! Version-Release number of selected component (if applicable): It appears from test results that this may have started at 4.2.0-5 Seeing it now at ipa-server-4.2.0-8.el7.x86_64 How reproducible: always Steps to Reproduce: 1. Setup IPA Master 2. ipa config-mod --addattr="ipauserobjectclasses=sambasamaccount" Actual results: error above Expected results: no error. Additional info: [root@master ~]# ipa config-show --all --raw dn: cn=ipaConfig,cn=etc,dc=testrelm,dc=test ipamaxusernamelength: 32 ipahomesrootdir: /home ipadefaultloginshell: /bin/sh ipadefaultprimarygroup: ipausers ipadefaultemaildomain: testrelm.test ipasearchtimelimit: 2 ipasearchrecordslimit: 100 ipausersearchfields: uid,givenname,sn,telephonenumber,ou,title ipagroupsearchfields: cn,description ipamigrationenabled: FALSE ipacertificatesubjectbase: O=TESTRELM.TEST ipapwdexpadvnotify: 4 ipaconfigstring: AllowNThash ipaselinuxusermaporder: guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c10 23$unconfined_u:s0-s0:c0.c1023 ipaselinuxusermapdefault: unconfined_u:s0-s0:c0.c1023 ipakrbauthzdata: MS-PAC ipakrbauthzdata: nfs:NONE aci: (targetattr = "cn || createtimestamp || entryusn || ipacertificatesubjectbase || ipaconfigstring || ipacustomfields || ipadefaultemaildomain || ipadefaultloginshell || ipadefaultprimarygroup || ipagroupobjectclasses || ipagroupsearchfields || ipahomesrootdir || ipakrbauthzdata || ipamaxusernamelength || ipamigrationenabled || ipapwdexpadvnotify || ipasearchrecordslimit || ipasearchtimelimit || ipaselinuxusermapdefault || ipaselinuxusermaporder || ipauserauthtype || ipauserobjectclasses || ipausersearchfields || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaguiconfig)")(version 3.0;acl "permission:System: Read Global Configuration";allow (compare,read,search) userdn = "ldap:///all";) cn: ipaConfig ipaGroupObjectClasses: top ipaGroupObjectClasses: groupofnames ipaGroupObjectClasses: nestedgroup ipaGroupObjectClasses: ipausergroup ipaGroupObjectClasses: ipaobject ipaUserObjectClasses: top ipaUserObjectClasses: person ipaUserObjectClasses: organizationalperson ipaUserObjectClasses: inetorgperson ipaUserObjectClasses: inetuser ipaUserObjectClasses: posixaccount ipaUserObjectClasses: krbprincipalaux ipaUserObjectClasses: krbticketpolicyaux ipaUserObjectClasses: ipaobject ipaUserObjectClasses: ipasshuser objectClass: nsContainer objectClass: top objectClass: ipaGuiConfig objectClass: ipaConfigObject objectClass: ipaUserAuthTypeClass [root@master ~]#
master:
ipa-4-2:
Metadata Update from @pvoborni: - Issue assigned to jcholast - Issue set to the milestone: FreeIPA 4.2.2
Login to comment on this ticket.