#8543 After upgrade AD Trust Agents were removed from LDAP
Closed: fixed 3 years ago by mpolovka. Opened 3 years ago by mpolovka.

Clone of https://bugzilla.redhat.com/show_bug.cgi?id=1778777

Description of problem:
Upgrade code in IdM should verify for every krbprincipalname=cifs/ipa.master@$REALM,cn=services,cn=accounts,$SUFFIX belonging to cn=adtrust agents, a corresponding fqdn=ipa.master,cn=machines,cn=accounts,$SUFFIX also belongs to the same group)

Version-Release number of selected component (if applicable):
freeipa-server-4.6.5-11

How reproducible:
Only have seen it in this case.

Steps to Reproduce:
1. ipa-server-upgrade

Actual results:
AD Trust Agents were removed

Expected results:
AD Trust agents not affected

Additional info:

ldapsearch -xLLL -D "cn=directory manager" -W -b "cn=adtrust agents,cn=sysaccounts,cn=etc,$SUFFIX"

Enter LDAP Password:
dn: cn=adtrust agents,cn=sysaccounts,cn=etc,$SUFFIX
memberOf: cn=adtrust agents,cn=privileges,cn=pbac,$SUFFIX
memberOf: cn=system: read system trust accounts,cn=permissions,cn=pbac,$SUFFIX
member: krbprincipalname=cifs/stcprdxidm01.$SUFFIX@$SUFFIX,cn=services,c
n=accounts,d$SUFFIX
member: krbprincipalname=cifs/stcprdxidm02.$SUFFIX@$SUFFIX,cn=services,c
n=accounts,d$SUFFIX
member: krbprincipalname=cifs/calprdxidm01.$SUFFIX@$SUFFIX,cn=services,c
n=accounts,$SUFFIX
member: krbprincipalname=cifs/calprdxidm02.$SUFFIX@$SUFFIX,cn=services,c
n=accounts,$SUFFIX
objectClass: GroupOfNames
objectClass: top
objectClass: nestedgroup
cn: adtrust agents


PR with test opened at PR5172

Metadata Update from @mpolovka:
- Custom field affects_doc adjusted to on
- Custom field knownissue adjusted to on
- Issue untagged with: bug
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)
- Issue tagged with: tests

3 years ago

Metadata Update from @mpolovka:
- Custom field rhbz adjusted to 1778777

3 years ago

Login to comment on this ticket.

Metadata