#5322 idoverrideuser-find fails if any SID anchor is not resolvable anymore
Closed: Fixed None Opened 8 years ago by tbabej.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1265915

Description of problem: When AD trust is deleted post winsync migrate, the
Default trust View is not listed in UI.


Version-Release number of selected component (if applicable):


How reproducible: Always.


Steps to Reproduce:
1. Establish Winsync Agreement with AD
2. Ensure users are replicated to IPA.
3. Now AD trust with POSIX i.e ipa trust-add --range-type='ipa-ad-trust-posix'
4. Ensure trust is established successfully
5. Ensure that the users are listed in 'Default Trust View'
6. Now delete the trust.

Actual results:
The trust gets removed successfully, but when we navigate to IDViews tab it
displays the below error in UI

Operations Error:  invalid 'sid': SID is not valid
An error has occurred (IPA Error 3009: ValidationError)

Error on Console.
[root@ipa01 ipa]# ipa idoverrideuser-find "Default Trust View"
ipa: ERROR: invalid 'sid': SID is not valid


Expected results:
Should the ID Views be removed here? Default Trust View shouldn't be removed.
If they are to be removed, shouldn't we fix the error seen on the UI and
console.

Additional info:

master:

  • 4c2276f idoverride: Ignore ValidationErrors when converting the anchor
  • eaeb403 tests: Add tests for idoverride object integrity

ipa-4-2:

  • 52680a1 idoverride: Ignore ValidationErrors when converting the anchor
  • cc085d2 tests: Add tests for idoverride object integrity

Metadata Update from @tbabej:
- Issue assigned to someone
- Issue set to the milestone: FreeIPA 4.2.3

7 years ago

Login to comment on this ticket.

Metadata