In a CA-less install of freeipa 4.8.4 (also confirmed in 4.8.0), a javascript error while the page loads stops all the data from loading. Reformatting the app.js, and setting break on exceptions gives an error:
TypeError: record is undefined
This is happening in the following function, when we are trying to get the CA information as part of usercertificate
usercertificate
load: function (data) { var record = this.get_record(data); for (var i = 0; i < record.length; i++) { this.normalize_object(record[i]) } return record }
Having a look at the data['result'] array
data['result']
element 0 appears to be my user details - looks fine, contains usercertificate as expected element 1 appears to be an error: 4001 - None: password policy not found element 2 appears to be another copy of my user details element 3 appears to be another error: 4001 - CA is not configured
I think the actual error is in the get_record function:
get_record
get_record: function (data) { if (data.id === undefined || data.result === undefined || data.error === undefined) { return data } var dr = data.result; var record = null; if (dr) { if (IPA.defined(dr[this.result_name])) record = dr[this.result_name]; else if (dr.results) { var result = dr.results[this.result_index]; if (result) record = result[this.result_name]; var res_type = typeof record; var obj_in_type = typeof this.object_index; if (record && res_type === 'object' && obj_in_type === 'number') record = record[this.object_index] } } return record },
the line thats breaking here is:
if (result) record = result[this.result_name];
When we're trying to get the CA details - result_index is set to 3, so we get data['result'][3]['result'] - but data['result'][3] is actually an error message:
result_index
3
data['result'][3]['result']
data['result'][3]
error: "CA is not configured" error_code: 4001 error_kw: {…} error_name: "NotFound" <prototype>: {…}
so undefined gets returned, and the javascript stops running when we try to access undefined.length
We have a pair of freeipa 4.5.4 servers in the same domain, and can confirm that the issue doesn't occur on them.
only half the user's data is displayed correctly - all boxes after 'Certificates' are empty / editable. This means that if you hit 'Save', the contents of these fields is wiped!
User data to be displayed as previously
$ rpm -q freeipa-server freeipa-client ipa-server ipa-client 389-ds-base pki-ca krb5-server
freeipa-server-4.8.4-2.fc31.x86_64 freeipa-client-4.8.4-2.fc31.x86_64 package ipa-server is not installed package ipa-client is not installed 389-ds-base-1.4.2.7-1.fc31.x86_64 pki-ca-10.7.3-3.fc31.noarch krb5-server-1.17-46.fc31.x86_64
Metadata Update from @frenaud: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1835853
Issue linked to Bugzilla: Bug 1835853
Metadata Update from @frenaud: - Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/4831 - Issue assigned to stsymbal
The issue was fixed in cert plugin:
https://pagure.io/freeipa/c/32c64a78cef499c05e4ffa71d033692571297dca
Since it is old fix it is already in older FreeIPA version branches. So no backport is needed.
Metadata Update from @frenaud: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1835853, https://bugzilla.redhat.com/show_bug.cgi?id=1884819 (was: https://bugzilla.redhat.com/show_bug.cgi?id=1835853)
Issue linked to Bugzilla: Bug 1884819
The issue is also seen in RHEL 7.9, meaning it's present on ipa-4-6 branch.
@frenaud
The issue fixed here https://pagure.io/freeipa/issue/8369
I've updated BZ issue.
Commits ref for 8369: master:
ipa-4-6:
ipa-4-8:
Metadata Update from @frenaud: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
master:
ipa-4-9:
Login to comment on this ticket.