#6911 error adding authenticator indicators to host
Closed: fixed 2 years ago Opened 2 years ago by pvoborni.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1441593

Description of problem:

there is an error with attribute value already exists while doing:

ipa host-mod --auth-ind=otp <host>

We have enabled "fail audit log" and we had the exact operation that is failing
and that is being attempted by the command line:

=======================================================
time: 20170412101350
dn: fqdn=rhtest2.ncsd.corp,cn=computers,cn=accounts,dc=ipa,dc=example,dc=test
result: 20
changetype: modify
add: objectClass
objectClass: krbprincipalaux
-
replace: krbPrincipalAuthInd
krbPrincipalAuthInd: otp
-
replace: modifiersname
modifiersname: uid=extsyto,cn=users,cn=accounts,dc=ipa,dc=example,dc=test
-
replace: modifytimestamp
modifytimestamp: 20170412071350Z
-
replace: entryusn
entryusn: 453907
-
=======================================================

It's quite evident that error 20 is because of
==============================
add: objectClass
objectClass: krbprincipalaux
==============================

that already exists in the entry.

I have tried to reproduce it on my side but I had not the same modify
operation:

=================================================
time: 20170412043112
dn: fqdn=newhost.cgparente.local,cn=computers,cn=accounts,dc=cgparente,dc=local
result: 0
changetype: modify
replace: krbPrincipalAuthInd
krbPrincipalAuthInd: otp
-
replace: modifiersname
modifiersname: uid=admin,cn=users,cn=accounts,dc=cgparente,dc=local
-
replace: modifytimestamp
modifytimestamp: 20170412083112Z
-
replace: entryusn
entryusn: 39407
-
===================================================

For a certain reason, something provoked the objectclass add that drove to the
err=20 in customer environment.

Customer is running same version than me.


Version-Release number of selected component (if applicable):
ipa-server-4.4.0-14.el7_3.6.x86_64


How reproducible: only customer.


Steps to Reproduce: just add the otp indicator to a host.

Problem is in casing, see https://bugzilla.redhat.com/show_bug.cgi?id=1441593#c2 for details


Metadata Update from @pvoborni:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1441593

2 years ago

Metadata Update from @pvoborni:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1441593

2 years ago

Metadata Update from @pvoborni:
- Issue assigned to fbarreto

2 years ago

Metadata Update from @pvoborni:
- Issue priority set to: critical
- Issue tagged with: bug

2 years ago

master:

  • d51af28 Fixing adding authenticator indicators to host

ipa-4-5:

  • 81ae5f4 Fixing adding authenticator indicators to host

Metadata Update from @mbasti:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

2 years ago

Login to comment on this ticket.

Metadata