Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1494226
Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.
Description of problem: When using the IPA WebUI previously set account Contact Settings and Employee Information are not displayed when viewing a specific user. When searching for the same user with "ipa user-show <name> --all", the details are there. When trying to add missing data in the webUI, you get the following error: "IPAError 4202: EmptyModlist - no modifications to be performed" Version-Release number of selected component (if applicable): ipa-server-4.5.0-21.el7_4.1.2.x86_64 How reproducible: Everytime Steps to Reproduce: 1. When looking at a contact's data in the webUI
Caused by cert_find command on CA less install:
Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 367, in wsgi_execute result = command(*args, **options) File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 447, in __call__ return self.__do_call(*args, **options) File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 475, in __do_call ret = self.run(*args, **options) File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 797, in run return self.execute(*args, **options) File "/usr/lib/python2.7/site-packages/ipaserver/plugins/cert.py", line 1537, in execute ra = self.api.Backend.ra File "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 335, in __getattr__ raise AttributeError(key) AttributeError: ra
Metadata Update from @pvoborni: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1494226
Metadata Update from @pvoborni: - Issue priority set to: critical
Metadata Update from @tkrizek: - Issue set to the milestone: FreeIPA 4.5.5 (was: FreeIPA 4.5.4)
Metadata Update from @rcritten: - Issue assigned to rcritten
So the issue is that for a CA-less installation there is no ra Backend to retrieve hence the backtrace.
We can detect this and not blow up but it will result in not showing any certificates stored within an entry (e.g. service) because it relies on cert-find.
I think there should be a fallback where if cert-find returns NotFound but there is a userCertificate value within the entry it should show those instead.
So it was surprising to me that cert-find is used when there is no CA. It wasn't designed this way, but there it is. Confirmed on a F25 IPA 4.4.4 install.
https://github.com/freeipa/freeipa/pull/1196
master:
@rcritten please create a manual backport for ipa-4-5
ipa-4-5
ipa-4-6:
ipa-4-5:
Metadata Update from @stlaz: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Facing the similar problem on a CA less installation of FreeIPA 4.6.8.
Is there any workaround or fix for this problem?
Facing the similar problem on a CA less installation of FreeIPA 4.6.8. Is there any workaround or fix for this problem?
The issue has been faced for user authentication type and contact settings fields in the web UI.
Login to comment on this ticket.