Issue #4382: ipa-adtrust-install broken due to DNS name validation - freeipa

freeipa

#4382 ipa-adtrust-install broken due to DNS name validation

Closed: Fixed None Opened 9 years ago by tbabej.

This is a regression in master:

==============================================================================
[2014-06-17T18:32:26Z ipa.ipatests.test_integration.host.Host.vm-227.cmd22.out] <DEBUG>: This program will setup components needed to establish trust to AD domains for
[2014-06-17T18:32:26Z ipa.ipatests.test_integration.host.Host.vm-227.cmd22.out] <DEBUG>: the FreeIPA Server.
[2014-06-17T18:32:26Z ipa.ipatests.test_integration.host.Host.vm-227.cmd22.out] <DEBUG>: 
[2014-06-17T18:32:26Z ipa.ipatests.test_integration.host.Host.vm-227.cmd22.out] <DEBUG>: This includes:
[2014-06-17T18:32:26Z ipa.ipatests.test_integration.host.Host.vm-227.cmd22.out] <DEBUG>:   * Configure Samba
[2014-06-17T18:32:26Z ipa.ipatests.test_integration.host.Host.vm-227.cmd22.out] <DEBUG>:   * Add trust related objects to FreeIPA LDAP server
[2014-06-17T18:32:26Z ipa.ipatests.test_integration.host.Host.vm-227.cmd22.out] <DEBUG>: 
[2014-06-17T18:32:26Z ipa.ipatests.test_integration.host.Host.vm-227.cmd22.out] <DEBUG>: To accept the default shown in brackets, press the Enter key.
[2014-06-17T18:32:26Z ipa.ipatests.test_integration.host.Host.vm-227.cmd22.out] <DEBUG>: 
[2014-06-17T18:32:26Z ipa.ipatests.test_integration.host.Host.vm-227.cmd22.out] <DEBUG>: Configuring CIFS
[2014-06-17T18:32:26Z ipa.ipatests.test_integration.host.Host.vm-227.cmd22.out] <DEBUG>:   [1/21]: stopping smbd
[2014-06-17T18:32:26Z ipa.ipatests.test_integration.host.Host.vm-227.cmd22.out] <DEBUG>:   [2/21]: creating samba domain object
[2014-06-17T18:32:27Z ipa.ipatests.test_integration.host.Host.vm-227.cmd22.out] <DEBUG>:   [3/21]: creating samba config registry
[2014-06-17T18:32:27Z ipa.ipatests.test_integration.host.Host.vm-227.cmd22.out] <DEBUG>:   [4/21]: writing samba config file
[2014-06-17T18:32:27Z ipa.ipatests.test_integration.host.Host.vm-227.cmd22.out] <DEBUG>:   [5/21]: adding cifs Kerberos principal
[2014-06-17T18:32:27Z ipa.ipatests.test_integration.host.Host.vm-227.cmd22.out] <DEBUG>:   [6/21]: check for cifs services defined on other replicas
[2014-06-17T18:32:27Z ipa.ipatests.test_integration.host.Host.vm-227.cmd22.out] <DEBUG>:   [7/21]: adding cifs principal to S4U2Proxy targets
[2014-06-17T18:32:27Z ipa.ipatests.test_integration.host.Host.vm-227.cmd22.out] <DEBUG>:   [8/21]: adding admin(group) SIDs
[2014-06-17T18:32:27Z ipa.ipatests.test_integration.host.Host.vm-227.cmd22.out] <DEBUG>:   [9/21]: adding RID bases
[2014-06-17T18:32:27Z ipa.ipatests.test_integration.host.Host.vm-227.cmd22.out] <DEBUG>:   [10/21]: updating Kerberos config
[2014-06-17T18:32:27Z ipa.ipatests.test_integration.host.Host.vm-227.cmd22.out] <DEBUG>: 'dns_lookup_kdc' already set to 'true', nothing to do.
[2014-06-17T18:32:27Z ipa.ipatests.test_integration.host.Host.vm-227.cmd22.out] <DEBUG>:   [11/21]: activating CLDAP plugin
[2014-06-17T18:32:28Z ipa.ipatests.test_integration.host.Host.vm-227.cmd22.out] <DEBUG>:   [12/21]: activating sidgen plugin and task
[2014-06-17T18:32:28Z ipa.ipatests.test_integration.host.Host.vm-227.cmd22.out] <DEBUG>:   [13/21]: activating extdom plugin
[2014-06-17T18:32:28Z ipa.ipatests.test_integration.host.Host.vm-227.cmd22.out] <DEBUG>:   [14/21]: configuring smbd to start on boot
[2014-06-17T18:32:28Z ipa.ipatests.test_integration.host.Host.vm-227.cmd22.out] <DEBUG>:   [15/21]: adding special DNS service records
[2014-06-17T18:32:28Z ipa.ipatests.test_integration.host.Host.vm-227.cmd22.err] <DEBUG>: Unexpected error - see /var/log/ipaserver-install.log for details:
[2014-06-17T18:32:28Z ipa.ipatests.test_integration.host.Host.vm-227.cmd22.err] <DEBUG>: ConversionError: invalid 'name': domain name '_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs' and normalized domain name '_ldap._tcp.default-first-site-name._sites.dc._msdcs' do not match. Please use only normalized domains

From the install log:

    2014-06-17T18:32:29Z DEBUG raw: dnsrecord_find(u'dom227.jenkinsad.idm.lab.eng.brq.redhat.com', u'_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs', version=u'2.89')
    2014-06-17T18:32:29Z DEBUG dnsrecord_find(<DNS name dom227.jenkinsad.idm.lab.eng.brq.redhat.com.>, u'_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs', structured=False, all=False, raw=False, version=u'2.89', pkey_only=False)
    2014-06-17T18:32:29Z DEBUG raw: dnsrecord_add(u'dom227.jenkinsad.idm.lab.eng.brq.redhat.com', u'_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs', srvrecord=u'0 100 389 vm-227', version=u'2.89')
    2014-06-17T18:32:29Z DEBUG   File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 639, in run_script
        return_value = main_function()

      File "/usr/sbin/ipa-adtrust-install", line 414, in main
        smb.create_instance()

      File "/usr/lib/python2.7/site-packages/ipaserver/install/adtrustinstance.py", line 882, in create_instance
        self.start_creation(show_service_name=False)

      File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 367, in start_creation
        method()

      File "/usr/lib/python2.7/site-packages/ipaserver/install/adtrustinstance.py", line 607, in __add_dns_service_records
        add_rr(zone, win_srv, "SRV", rec)

      File "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line 332, in add_rr
        api.Command.dnsrecord_add(unicode(zone), unicode(name), **addkw)

      File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 433, in __call__
        params = self.convert(**params)

      File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 631, in convert
        (k, self.params[k].convert(v)) for (k, v) in kw.iteritems()

      File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 631, in <genexpr>
        (k, self.params[k].convert(v)) for (k, v) in kw.iteritems()

      File "/usr/lib/python2.7/site-packages/ipalib/parameters.py", line 797, in convert
        return self._convert_scalar(value)

      File "/usr/lib/python2.7/site-packages/ipalib/parameters.py", line 1976, in _convert_scalar
        error=error)

    2014-06-17T18:32:29Z DEBUG The ipa-adtrust-install command failed, exception: ConversionError: invalid 'name': domain name '_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs' and normalized domain name '_ldap._tcp.default-first-site-name._sites.dc._msdcs' do not match. Please use only normalized domains

mbasti commented 9 years ago

DNS plugin should do this validation only for IDN domains

mkosek commented 9 years ago

Adding to list of tickets required for 4.0 release.

mkosek commented 9 years ago

master:

152c8f2 Check normalization only for IDNA domains

Metadata Update from @tbabej:
- Issue assigned to mbasti
- Issue set to the milestone: FreeIPA 4.0 GA

6 years ago

Metadata

Assignee

mbasti

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 4.0 GA

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

IPA

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

tbabej

external_tracker

None

rhbz

tester

None

changelog

None

design

None

freeipa

Source Code

#4382 ipa-adtrust-install broken due to DNS name validation Closed: Fixed None Opened 9 years ago by tbabej.

Metadata

#4382 ipa-adtrust-install broken due to DNS name validation

Closed: Fixed None Opened 9 years ago by tbabej.