freeipa

Clone
Source Code
GIT

#5295 ipa config-mod addattr fails for ipauserobjectclasses
Closed: Fixed None Opened 8 years ago by pvoborni.

Closed: Fixed
Reopen Issue

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1261586

Description of problem:

Failing to add attribute for ipaUserObjectClasses.

[root@master ~]# ipa config-mod
--addattr="ipauserobjectclasses=sambasamaccount"
ipa: ERROR: invalid 'ipauserobjectclasses': user default attribute
usercertificate;binary would not be allowed!

Version-Release number of selected component (if applicable):
It appears from test results that this may have started at 4.2.0-5
Seeing it now at ipa-server-4.2.0-8.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1. Setup IPA Master
2. ipa config-mod --addattr="ipauserobjectclasses=sambasamaccount"


Actual results:
error above

Expected results:
no error.

Additional info:
[root@master ~]# ipa config-show --all --raw
  dn: cn=ipaConfig,cn=etc,dc=testrelm,dc=test
  ipamaxusernamelength: 32
  ipahomesrootdir: /home
  ipadefaultloginshell: /bin/sh
  ipadefaultprimarygroup: ipausers
  ipadefaultemaildomain: testrelm.test
  ipasearchtimelimit: 2
  ipasearchrecordslimit: 100
  ipausersearchfields: uid,givenname,sn,telephonenumber,ou,title
  ipagroupsearchfields: cn,description
  ipamigrationenabled: FALSE
  ipacertificatesubjectbase: O=TESTRELM.TEST
  ipapwdexpadvnotify: 4
  ipaconfigstring: AllowNThash
  ipaselinuxusermaporder: guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c10
23$unconfined_u:s0-s0:c0.c1023
  ipaselinuxusermapdefault: unconfined_u:s0-s0:c0.c1023
  ipakrbauthzdata: MS-PAC
  ipakrbauthzdata: nfs:NONE
  aci: (targetattr = "cn || createtimestamp || entryusn ||
ipacertificatesubjectbase || ipaconfigstring || ipacustomfields ||
ipadefaultemaildomain || ipadefaultloginshell || ipadefaultprimarygroup ||
ipagroupobjectclasses || ipagroupsearchfields || ipahomesrootdir ||
ipakrbauthzdata || ipamaxusernamelength || ipamigrationenabled ||
ipapwdexpadvnotify || ipasearchrecordslimit || ipasearchtimelimit ||
ipaselinuxusermapdefault || ipaselinuxusermaporder || ipauserauthtype ||
ipauserobjectclasses || ipausersearchfields || modifytimestamp ||
objectclass")(targetfilter = "(objectclass=ipaguiconfig)")(version 3.0;acl
"permission:System: Read Global Configuration";allow (compare,read,search)
userdn = "ldap:///all";)
  cn: ipaConfig
  ipaGroupObjectClasses: top
  ipaGroupObjectClasses: groupofnames
  ipaGroupObjectClasses: nestedgroup
  ipaGroupObjectClasses: ipausergroup
  ipaGroupObjectClasses: ipaobject
  ipaUserObjectClasses: top
  ipaUserObjectClasses: person
  ipaUserObjectClasses: organizationalperson
  ipaUserObjectClasses: inetorgperson
  ipaUserObjectClasses: inetuser
  ipaUserObjectClasses: posixaccount
  ipaUserObjectClasses: krbprincipalaux
  ipaUserObjectClasses: krbticketpolicyaux
  ipaUserObjectClasses: ipaobject
  ipaUserObjectClasses: ipasshuser
  objectClass: nsContainer
  objectClass: top
  objectClass: ipaGuiConfig
  objectClass: ipaConfigObject
  objectClass: ipaUserAuthTypeClass
[root@master ~]#

master:

  • 60dd90c config: allow user/host attributes with tagging options

ipa-4-2:

  • bbcbbf3 config: allow user/host attributes with tagging options

Metadata Update from @pvoborni:
- Issue assigned to jcholast
- Issue set to the milestone: FreeIPA 4.2.2
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
important
None
None
None
None
defect
None
None
IPA
None
1
None
None
dkupka
None
https://bugzilla.redhat.com/show_bug.cgi?id=1261586
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.