Steps to reproduce:
ad.domain.net
upn_user
upn_user\@ad.domain.net@REALM.COM
If the trusted domain doesn't have any additional suffixes set, the UPN validation fails.
[Wed Jul 20 14:02:13.564686 2016] [wsgi:error] [pid 840] ipa: ERROR: non-public: KeyError: 'ipantadditionalsuffixes' [Wed Jul 20 14:02:13.564701 2016] [wsgi:error] [pid 840] Traceback (most recent call last): [Wed Jul 20 14:02:13.564702 2016] [wsgi:error] [pid 840] File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 352, in wsgi_execute [Wed Jul 20 14:02:13.564704 2016] [wsgi:error] [pid 840] result = self.Command[name](*args, **options) [Wed Jul 20 14:02:13.564705 2016] [wsgi:error] [pid 840] File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 447, in __call__ [Wed Jul 20 14:02:13.564706 2016] [wsgi:error] [pid 840] return self.__do_call(*args, **options) [Wed Jul 20 14:02:13.564707 2016] [wsgi:error] [pid 840] File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 475, in __do_call [Wed Jul 20 14:02:13.564708 2016] [wsgi:error] [pid 840] ret = self.run(*args, **options) [Wed Jul 20 14:02:13.564708 2016] [wsgi:error] [pid 840] File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 797, in run [Wed Jul 20 14:02:13.564709 2016] [wsgi:error] [pid 840] return self.execute(*args, **options) [Wed Jul 20 14:02:13.564710 2016] [wsgi:error] [pid 840] File "/usr/lib/python2.7/site-packages/ipaserver/plugins/baseldap.py", line 2330, in execute [Wed Jul 20 14:02:13.564711 2016] [wsgi:error] [pid 840] *keys, **options) [Wed Jul 20 14:02:13.564712 2016] [wsgi:error] [pid 840] File "/usr/lib/python2.7/site-packages/ipaserver/plugins/baseuser.py", line 642, in pre_callback [Wed Jul 20 14:02:13.564714 2016] [wsgi:error] [pid 840] check_principal_realm_in_trust_namespace(self.api, *keys) [Wed Jul 20 14:02:13.564715 2016] [wsgi:error] [pid 840] File "/usr/lib/python2.7/site-packages/ipalib/util.py", line 972, in check_principal_realm_in_trust_namespace [Wed Jul 20 14:02:13.564716 2016] [wsgi:error] [pid 840] set(upn.lower() for upn in obj['ipantadditionalsuffixes'])) [Wed Jul 20 14:02:13.564717 2016] [wsgi:error] [pid 840] KeyError: 'ipantadditionalsuffixes' [Wed Jul 20 14:02:13.564949 2016] [wsgi:error] [pid 840] ipa: INFO: [jsonserver_kerb] admin@TEST.EXAMPLE.COM: user_add_principal/1(u'krbalias_user', (u'krbalias_user\\\\@domain2@TEST.EXAMPLE.COM',), version=u'2.210'): KeyError
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1117306 (Red Hat Enterprise Linux 7)
master:
Metadata Update from @mkubik: - Issue assigned to mbabinsk - Issue set to the milestone: FreeIPA 4.4.1
Login to comment on this ticket.