[Freeipa-devel] DN patch and documentation
John Dennis
jdennis at redhat.com
Wed Aug 8 18:49:14 UTC 2012
On 08/08/2012 09:37 AM, Martin Kosek wrote:
> I started reviewing the latest state of your DN effort in your git repo. It is
> in much better shape than before, but I still found some issues in utilities we
> use. I am sending what I have found so far.
Thanks!
>
> 1) ipa-managed-entries is broken
> # ipa-managed-entries -l
> Available Managed Entry Definitions:
> [u'UPG Definition']
> [u'NGP Definition']
>
> # ipa-managed-entries -e 'UPG Definition' status
> Unexpected error
> AttributeError: 'LDAPEntry' object has no attribute 'originfilter'
O.K. will investigate
> 2) ipa-replica-prepare is broken when --ip-address is passed
> # ipa-replica-prepare vm-055.idm.lab.bos.redhat.com --ip-address=10.16.78.55
> Directory Manager (existing master) password:
>
> Preparing replica for vm-055.idm.lab.bos.redhat.com from
> vm-086.idm.lab.bos.redhat.com
> Creating SSL certificate for the Directory Server
> Creating SSL certificate for the dogtag Directory Server
> Creating SSL certificate for the Web Server
> Exporting RA certificate
> Copying additional files
> Finalizing configuration
> Packaging replica information into
> /var/lib/ipa/replica-info-vm-055.idm.lab.bos.redhat.com.gpg
> Adding DNS records for vm-055.idm.lab.bos.redhat.com
> preparation of replica failed: invalid 'ip_address': Gettext('invalid IP
> address format', domain='ipa', localedir=None)
> invalid 'ip_address': Gettext('invalid IP address format', domain='ipa',
> localedir=None)
> File "/sbin/ipa-replica-prepare", line 464, in <module>
> main()
>
> File "/sbin/ipa-replica-prepare", line 452, in main
> add_zone(domain)
>
> File "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py",
> line 302, in add_zone
> idnsallowtransfer=u'none',)
>
> File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 433, in __call__
> self.validate(**params)
>
> File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 705, in validate
> param.validate(value, self.env.context, supplied=param.name in kw)
>
> File "/usr/lib/python2.7/site-packages/ipalib/parameters.py", line 879, in
> validate
> self._validate_scalar(value)
>
> File "/usr/lib/python2.7/site-packages/ipalib/parameters.py", line 900, in
> _validate_scalar
> rule=rule,
Yes, I saw the same thing, but I don't think it's has anything to do
with dn's. I even asked about this on IRC yesterday. Are you sure this
isn't broken on master as well? When I looked at the code it just looked
wrong and I didn't touch anything in this area. Can someone do a quick
check on master and see if the problem exists there too?
> 3) ipa-replica-manage list is broken:
> # ipa-replica-manage list
> Failed to get data from 'vm-086.idm.lab.bos.redhat.com':
> base="cn=replicas,cn=ipa,cn=etc,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com",
> scope=1, filterstr="(objectClass=*)"
>
> I think the problem here is that the following code in ipa-replica-manage
> returns an exception when no entry in cn=replicas is found (which is ok):
>
> dn = DN(('cn', 'replicas'), ('cn', 'ipa'), ('cn', 'etc'),
> ipautil.realm_to_suffix(realm))
> entries = conn.getList(dn, ldap.SCOPE_ONELEVEL)
O.K. thanks, will investigate, seems like a simple fix.
>
> 4) IPA compliance is broken
>
> # ipa-compliance
> IPA compliance checking failed:
>
> This is the traceback (some DN was left in string format):
> Traceback (most recent call last):
> File "/sbin/ipa-compliance", line 198, in <module>
> main()
> File "/sbin/ipa-compliance", line 179, in main
> check_compliance(tmpdir, options.debug)
> File "/sbin/ipa-compliance", line 121, in check_compliance
> size_limit = -1)
> File "/usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py", line
> 1087, in find_entries
> assert isinstance(base_dn, DN)
> AssertionError
O.K. will investigate, seems like a simple fix.
>
> Btw. Petr Vobornik is testing Web UI, so far so good
Great.
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-devel
mailing list