freeipa

Clone
Source Code
GIT

#7695 ipa service-del <Principal name> should display principal name instead of Invalid 'principal'.
Closed: fixed 3 years ago by cheimes. Opened 5 years ago by abbra.

Closed: fixed
Reopen Issue

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1623763

Description of problem: Deleting services from the UI/console should display
principal name instead of Invalid 'principal'

Version-Release number of selected component (if applicable):
ipa-server-4.6.4-6.el7.x86_64
sssd-1.16.2-12.el7.x86_64
package samba is not installed
pki-server-10.5.9-6.el7.noarch
selinux-policy-3.13.1-220.el7.noarch
389-ds-base-1.3.8.4-11.el7.x86_64


How reproducible: Always

Steps to Reproduce:
1. Install Master and 2 Replicas
2. Navigate to IPA UI --> Identity ---> Services.
3. Select all the services and click the 'Delete' button.


Actual results:
Services required by IPA are not deleted but the pop-up window displays Invalid
'principal' instead of the actual service deleted.

[root@master ~]# ipa service-del ldap/replica1.apollo.test@APOLLO.TEST
ipa: ERROR: invalid 'principal': This principal is required by the IPA master

[Thu Aug 30 11:50:39.407794 2018] [:error] [pid 11758] ipa: DEBUG: retrieving
schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-APOLLO-TEST.socket
conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f57f3199908>
[Thu Aug 30 11:50:39.697064 2018] [:error] [pid 11758] ipa: DEBUG: WSGI
wsgi_execute PublicError: Traceback (most recent call last):
[Thu Aug 30 11:50:39.697083 2018] [:error] [pid 11758]   File
"/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 369, in
wsgi_execute
[Thu Aug 30 11:50:39.697088 2018] [:error] [pid 11758]     result =
command(*args, **options)
[Thu Aug 30 11:50:39.697098 2018] [:error] [pid 11758]   File
"/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 450, in __call__
[Thu Aug 30 11:50:39.697103 2018] [:error] [pid 11758]     return
self.__do_call(*args, **options)
[Thu Aug 30 11:50:39.697107 2018] [:error] [pid 11758]   File
"/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 478, in __do_call
[Thu Aug 30 11:50:39.697112 2018] [:error] [pid 11758]     ret =
self.run(*args, **options)
[Thu Aug 30 11:50:39.697116 2018] [:error] [pid 11758]   File
"/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 800, in run
[Thu Aug 30 11:50:39.697121 2018] [:error] [pid 11758]     return
self.execute(*args, **options)
[Thu Aug 30 11:50:39.697125 2018] [:error] [pid 11758]   File
"/usr/lib/python2.7/site-packages/ipaserver/plugins/baseldap.py", line 1587, in
execute
[Thu Aug 30 11:50:39.697129 2018] [:error] [pid 11758]     delete_entry(pkey)
[Thu Aug 30 11:50:39.697134 2018] [:error] [pid 11758]   File
"/usr/lib/python2.7/site-packages/ipaserver/plugins/baseldap.py", line 1538, in
delete_entry
[Thu Aug 30 11:50:39.697138 2018] [:error] [pid 11758]     dn = callback(self,
ldap, dn, *nkeys, **options)
[Thu Aug 30 11:50:39.697142 2018] [:error] [pid 11758]   File
"/usr/lib/python2.7/site-packages/ipaserver/plugins/service.py", line 669, in
pre_callback
[Thu Aug 30 11:50:39.697147 2018] [:error] [pid 11758]
check_required_principal(ldap, keys[-1])
[Thu Aug 30 11:50:39.697151 2018] [:error] [pid 11758]   File
"/usr/lib/python2.7/site-packages/ipaserver/plugins/service.py", line 287, in
check_required_principal
[Thu Aug 30 11:50:39.697156 2018] [:error] [pid 11758]     raise
errors.ValidationError(name='principal', error=_('This principal is required by
the IPA master'))
[Thu Aug 30 11:50:39.697160 2018] [:error] [pid 11758] ValidationError: invalid
'principal': This principal is required by the IPA master

Expected results: It's better to display the output in console and UI by
replacing the Invalid 'principal' with actual principal name to avoid confusion
as in that the principal name is invalid.

e.g
[root@master ~]# ipa service-del ldap/replica1.apollo.test@APOLLO.TEST
ipa: ERROR: ldap/replica1.apollo.test@APOLLO.TEST: This principal is required
by the IPA master

Additional info: Logging this as an bug to change the output being displayed
while deleting the service.

Metadata Update from @abbra:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1623763
5 years ago

Metadata Update from @dpal:
- Issue set to the milestone: None (was: FreeIPA 4.6.5)
- Issue tagged with: easyfix
4 years ago

Added easyfix. This is just a text message fix. Might be a good first ticket for someone to tackle.

I had an issue with ipatool and backports failed. Please create manual backports to 4.6 and 4.8. I'm sorry for the inconvenience. :(

ipa-4-8:

  • 8737749 Display principal name while del required principal
  • f0ef418 ipatests: Test deletion of required principal throws proper error

Metadata Update from @cheimes:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)
3 years ago

ipa-4-6:

  • 94f220d Display principal name while del required principal
  • 17693c0 ipatests: Test deletion of required principal throws proper error

Metadata Update from @abbra:
- Custom field changelog adjusted to When deleting services, report exact name of a system required principal that couldn't be deleted.
3 years ago

Login to comment on this ticket.

Metadata
None

easyfix

None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=1623763
None
When deleting services, report exact name of a system required principal that couldn't be deleted.
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.