freeipa

Clone
Source Code
GIT

#6440 cannot delete external host from a netgroup if a host with the same name exists.
Opened 7 years ago by pvoborni. Modified 7 years ago

Open
Close issue as:
fixed wontfix worksforme duplicate insufficientinfo invalid

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1386539

Description of problem:

Hi, this is very simple bug to reproduce and fix.

externalhost: A

non fully qualified in a netgroup

ipa host-add A.DOMAIN

if I do:

ipa netgroup-remove-member mynetgroup
[member host]: A

if will fail because as it's finding the host under "cn=cmnputers", the command
line will try to remove the host instead of the externalhost attibute.

See the details below.


Version-Release number of selected component (if applicable):

ipa-server-4.2.0-15.el7.x86_64



Steps to Reproduce:

[root@dell-r530-10 ~]# ipa netgroup-show mynetgroup --raw --all
  dn: ipaUniqueID=e4b744ec-95c8-11e6-a92f-1866da5af007,cn=ng,cn=alt,dc=testrelm
,dc=test
  cn: mynetgroup
  nisdomainname: testrelm.test
  externalhost: mynode
  ipaUniqueID: e4b744ec-95c8-11e6-a92f-1866da5af007
  objectClass: ipaassociation
  objectClass: ipaobject
  objectClass: ipanisnetgroup


external host called mynode

+ host added with the same name:

ipa host-add mynode.testrealm.test --force
----------------------------------
Added host "mynode.testrealm.test"
----------------------------------
  Host name: mynode.testrealm.test
  Principal name: host/mynode.testrealm.test@TESTRELM.TEST
  Password: False
  Keytab: False
  Managed by: mynode.testrealm.test


 ipa host-show mynode --raw --all
  dn: fqdn=mynode.testrealm.test,cn=computers,cn=accounts,dc=testrelm,dc=test
  fqdn: mynode.testrealm.test
  krbprincipalname: host/mynode.testrealm.test@TESTRELM.TEST
  has_password: FALSE
  has_keytab: FALSE
  managedby:
fqdn=mynode.testrealm.test,cn=computers,cn=accounts,dc=testrelm,dc=test
  cn: mynode.testrealm.test
  ipaUniqueID: 6fa5b3e4-95ca-11e6-9c7a-1866da5af007
  managing:
fqdn=mynode.testrealm.test,cn=computers,cn=accounts,dc=testrelm,dc=test
  objectClass: ipaobject
  objectClass: ieee802device
  objectClass: nshost
  objectClass: ipaservice
  objectClass: pkiuser
  objectClass: ipahost
  objectClass: krbprincipal
  objectClass: krbprincipalaux
  objectClass: ipasshhost
  objectClass: top
  objectClass: ipaSshGroupOfPubKeys
  serverHostName: mynode
[root@dell-r530-10 ~]#


Now, there's no way to delete the externalhost:


[root@dell-r530-10 ~]# ipa netgroup-remove-member mynetgroup
[member user]:
[member group]:
[member host]: mynode
[member host group]:
[member netgroup]:
  Netgroup name: mynetgroup
  NIS domain name: testrelm.test
  External host: mynode
  Failed hosts/hostgroups:
    member host: mynode.testrealm.test: This entry is not a member
    member host group:
---------------------------
Number of members removed 0
---------------------------

what we see is that the client application searches if there's a host already
called mynode:

[19/Oct/2016:12:47:44 +051800] conn=40 op=7 SRCH
base="cn=computers,cn=accounts,dc=testrelm,dc=test" scope=2 filter="(&(&(object
Class=ipaobject)(objectClass=nshost)(objectClass=ipahost)(objectClass=pkiuser)(
objectClass=ipaservice))(serverHostName=mynode))" attrs=""
[19/Oct/2016:12:47:44 +051800] conn=40 op=7 RESULT err=0 tag=101 nentries=1
etime=0

So, it will try to apply the MOD operation on a "host" attribute and not an
externalhost and it will fail:

[19/Oct/2016:12:47:44 +051800] conn=40 op=10 MOD dn="ipaUniqueID=e4b744ec-95c8-
11e6-a92f-1866da5af007,cn=ng,cn=alt,dc=testrelm,dc=test"
[19/Oct/2016:12:47:44 +051800] conn=40 op=10 RESULT err=16 tag=103 nentries=0
etime=0 csn=58071e19000200040000

err=16 ===> LDAP_NO_SUCH_ATTRIBUTE


Workaround is very simple:

ldapmodify -D "cn=directory manager" -w Secret123
dn: ipaUniqueID=e4b744ec-95c8-11e6-a92f-1866da5af007,cn=ng,cn=alt,dc=testrelm,d
c=test
changetype: modify
delete: externalhost
externalhost: mynode

Metadata Update from @pvoborni:
- Issue assigned to someone
- Issue set to the milestone: FreeIPA 4.5 backlog
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
defect
None
None
IPA
None
None
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=1386539
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.