Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1484826
Description of problem: FreeIPA/IdM installations which were created with directory server preceding DS 1.3.3.0 doesn't have DS whoami plugin enabled. Whoami plugin is required for whoami IPA API call which is part of Web UI startup. Whoami command is executed after login to get who is the user. With missing plugin entablement this command fails with protocol error and thus loading of Web UI fails. In httpd error log the error is: ipa: ERROR: non-public: PROTOCOL_ERROR: {'info': 'unsupported extended operation', 'desc': 'Protocol error'} Workaround: Enable the plugin by modifying dse.ldif when DS is shutdown. Or by executing LDAP mod operation as Directory Manager with following ldif: # whoami, plugins, config dn: cn=whoami,cn=plugins,cn=config cn: whoami nsslapd-plugin-depends-on-type: database nsslapd-pluginDescription: whoami extended operation plugin nsslapd-pluginEnabled: on nsslapd-pluginId: whoami-plugin nsslapd-pluginInitfunc: whoami_init nsslapd-pluginPath: libwhoami-plugin nsslapd-pluginType: extendedop nsslapd-pluginVendor: 389 Project nsslapd-pluginVersion: 1.3.6.1 objectClass: top objectClass: nsSlapdPlugin objectClass: extensibleObject Expected results: If whoami plugin is enabled during IPA upgrade if it is not enabled.
Metadata Update from @pvomacka: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1484826
Metadata Update from @pvomacka: - Issue assigned to pvomacka
Metadata Update from @pvoborni: - Issue priority set to: critical - Issue set to the milestone: FreeIPA 4.5.4
Metadata Update from @pvomacka: - Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/1010
master:
ipa-4-5:
ipa-4-6:
Metadata Update from @pvomacka: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.