Clone of https://bugzilla.redhat.com/show_bug.cgi?id=1778777
Description of problem: Upgrade code in IdM should verify for every krbprincipalname=cifs/ipa.master@$REALM,cn=services,cn=accounts,$SUFFIX belonging to cn=adtrust agents, a corresponding fqdn=ipa.master,cn=machines,cn=accounts,$SUFFIX also belongs to the same group)
Version-Release number of selected component (if applicable): freeipa-server-4.6.5-11
How reproducible: Only have seen it in this case.
Steps to Reproduce: 1. ipa-server-upgrade
Actual results: AD Trust Agents were removed
Expected results: AD Trust agents not affected
Additional info:
Enter LDAP Password: dn: cn=adtrust agents,cn=sysaccounts,cn=etc,$SUFFIX memberOf: cn=adtrust agents,cn=privileges,cn=pbac,$SUFFIX memberOf: cn=system: read system trust accounts,cn=permissions,cn=pbac,$SUFFIX member: krbprincipalname=cifs/stcprdxidm01.$SUFFIX@$SUFFIX,cn=services,c n=accounts,d$SUFFIX member: krbprincipalname=cifs/stcprdxidm02.$SUFFIX@$SUFFIX,cn=services,c n=accounts,d$SUFFIX member: krbprincipalname=cifs/calprdxidm01.$SUFFIX@$SUFFIX,cn=services,c n=accounts,$SUFFIX member: krbprincipalname=cifs/calprdxidm02.$SUFFIX@$SUFFIX,cn=services,c n=accounts,$SUFFIX objectClass: GroupOfNames objectClass: top objectClass: nestedgroup cn: adtrust agents
PR with test opened at PR5172
Metadata Update from @mpolovka: - Custom field affects_doc adjusted to on - Custom field knownissue adjusted to on - Issue untagged with: bug - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open) - Issue tagged with: tests
Fixed upstream master: https://github.com/freeipa/freeipa/commit/2c9b212cf08e9f0e6814b2e7a0922079b3929634
ipa-4-6: https://pagure.io/freeipa/c/bb4ec6fcb4547bc624cde93e16a9201dfa8d4426
ipa-4-7: https://pagure.io/freeipa/c/206e1f94efda11dd773860c9bbf9609d797688d4
ipa-4-8: https://pagure.io/freeipa/c/b21128c2d7575c6eba6a52fa4448a9a2c7b56913
Metadata Update from @mpolovka: - Custom field rhbz adjusted to 1778777
Login to comment on this ticket.