#6082 com.redhat.idm.trust-fetch-domains helper crashes due to bad API initialization
Closed: Fixed None Opened 7 years ago by mbabinsk.

When establishing one-way trust, the oddjob helper script that should fetch trusted forest topology info (like UPN suffixes) does not work due to absent ldap2 backend. This can be seen when trying to run the helper directly using oddjob-request:

 oddjob_request -i com.redhat.idm.trust.fetch_domains                -s com.redhat.idm.trust -o /                com.redhat.idm.trust.fetch_domains ad.realm
WARNING: yacc table file version is out of date
Traceback (most recent call last):
  File "/usr/libexec/ipa/oddjob/com.redhat.idm.trust-fetch-domains", line 127, in <module>
  File "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 330, in __getattr__
    raise AttributeError(key)
AttributeError: ldap2

This causes trust-add to not populate the trust object with all the data, in particular the ipantadditionalsuffixes attribute.

Steps to reproduce:

1.) install IPA server

2.) run ipa-adtrust-install and establish a trust to some AD domain

3.) run the following command against trusted AD domain

oddjob_request -i com.redhat.idm.trust.fetch_domains -s com.redhat.idm.trust -o com.redhat.idm.trust.fetch_domains <ad.domain.name>

Expected results:

There should be no output by default. With 'log level = 100' in smb.conf, one should see plenty of output from communication with AD DC.

Actual result:

Traceback seen above


  • b144bf5 Use server API in com.redhat.idm.trust-fetch-domains oddjob helper


  • c2edfa0 idrange: fix unassigned global variable

Metadata Update from @mbabinsk:
- Issue assigned to mbasti
- Issue set to the milestone: FreeIPA 4.4.1

6 years ago

Login to comment on this ticket.