From 8170659d15f11e9eb3b66f25109c6ce271cdcff3 Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Tue, 27 Jul 2021 11:54:20 +0200 Subject: [PATCH] Fix ldapupdate.get_sub_dict() for missing named user MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The named user may not be present when ipa-server-dns and bind are not installed. NAMED_UID and NAMED_GID constants are only used with local DNS support. Fixes: https://pagure.io/freeipa/issue/8936 Signed-off-by: Christian Heimes Co-authored-by: François Cami Reviewed-By: Francois Cami Reviewed-By: Rob Crittenden --- ipaserver/install/ldapupdate.py | 14 +++++++--- ipatests/prci_definitions/nightly_latest.yaml | 12 +++++++++ .../prci_definitions/nightly_previous.yaml | 12 +++++++++ .../prci_definitions/nightly_rawhide.yaml | 13 +++++++++ .../test_integration/test_installation.py | 27 +++++++++++++++++++ 5 files changed, 75 insertions(+), 3 deletions(-) diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py index 822862d0b..2492bb369 100644 --- a/ipaserver/install/ldapupdate.py +++ b/ipaserver/install/ldapupdate.py @@ -64,6 +64,15 @@ def get_sub_dict(realm, domain, suffix, fqdn, idstart=None, idmax=None): idrange_size = idmax - idstart + 1 subid_base_rid = constants.SUBID_RANGE_START - idrange_size + # uid / gid for autobind + # user is only defined when ipa-server-dns and bind are installed + try: + named_uid = platformconstants.NAMED_USER.uid + named_gid = platformconstants.NAMED_GROUP.gid + except ValueError: + named_uid = None + named_gid = None + return dict( REALM=realm, DOMAIN=domain, @@ -99,9 +108,8 @@ def get_sub_dict(realm, domain, suffix, fqdn, idstart=None, idmax=None): DEFAULT_ADMIN_SHELL=platformconstants.DEFAULT_ADMIN_SHELL, SELINUX_USERMAP_DEFAULT=platformconstants.SELINUX_USERMAP_DEFAULT, SELINUX_USERMAP_ORDER=platformconstants.SELINUX_USERMAP_ORDER, - # uid / gid for autobind - NAMED_UID=platformconstants.NAMED_USER.uid, - NAMED_GID=platformconstants.NAMED_GROUP.gid, + NAMED_UID=named_uid, + NAMED_GID=named_gid, ) diff --git a/ipatests/prci_definitions/nightly_latest.yaml b/ipatests/prci_definitions/nightly_latest.yaml index bee3535d3..efaa8f5eb 100644 --- a/ipatests/prci_definitions/nightly_latest.yaml +++ b/ipatests/prci_definitions/nightly_latest.yaml @@ -547,6 +547,18 @@ jobs: timeout: 4800 topology: *master_1repl_1client + fedora-latest/test_installation_TestInstallWithoutNamed: + requires: [fedora-latest/build] + priority: 50 + job: + class: RunPytest + args: + build_url: '{fedora-latest/build_url}' + test_suite: test_integration/test_installation.py::TestInstallWithoutNamed + template: *ci-master-latest + timeout: 4800 + topology: *master_1repl + fedora-latest/test_idviews: requires: [fedora-latest/build] priority: 50 diff --git a/ipatests/prci_definitions/nightly_previous.yaml b/ipatests/prci_definitions/nightly_previous.yaml index 6fd160054..34980a1f9 100644 --- a/ipatests/prci_definitions/nightly_previous.yaml +++ b/ipatests/prci_definitions/nightly_previous.yaml @@ -547,6 +547,18 @@ jobs: timeout: 4800 topology: *master_1repl_1client + fedora-previous/test_installation_TestInstallWithoutNamed: + requires: [fedora-previous/build] + priority: 50 + job: + class: RunPytest + args: + build_url: '{fedora-previous/build_url}' + test_suite: test_integration/test_installation.py::TestInstallWithoutNamed + template: *ci-master-previous + timeout: 4800 + topology: *master_1repl + fedora-previous/test_idviews: requires: [fedora-previous/build] priority: 50 diff --git a/ipatests/prci_definitions/nightly_rawhide.yaml b/ipatests/prci_definitions/nightly_rawhide.yaml index 4b89f18d1..d01289c30 100644 --- a/ipatests/prci_definitions/nightly_rawhide.yaml +++ b/ipatests/prci_definitions/nightly_rawhide.yaml @@ -588,6 +588,19 @@ jobs: timeout: 4800 topology: *master_1repl_1client + fedora-rawhide/test_installation_TestInstallWithoutNamed: + requires: [fedora-rawhide/build] + priority: 50 + job: + class: RunPytest + args: + build_url: '{fedora-rawhide/build_url}' + update_packages: True + test_suite: test_integration/test_installation.py::TestInstallWithoutNamed + template: *ci-master-frawhide + timeout: 4800 + topology: *master_1repl + fedora-rawhide/test_idviews: requires: [fedora-rawhide/build] priority: 50 diff --git a/ipatests/test_integration/test_installation.py b/ipatests/test_integration/test_installation.py index e76fd0efe..e3c41eaa1 100644 --- a/ipatests/test_integration/test_installation.py +++ b/ipatests/test_integration/test_installation.py @@ -1853,3 +1853,30 @@ class TestInstallWithoutSudo(IntegrationTest): result = tasks.install_client(self.master, self.clients[0]) assert self.no_sudo_str not in result.stderr_text assert self.sudo_version_str not in result.stdout_text + + +class TestInstallWithoutNamed(IntegrationTest): + num_replicas = 1 + + @classmethod + def remove_named(cls, host): + # remove the bind package and make sure the named user does not exist. + # https://pagure.io/freeipa/issue/8936 + result = host.run_command(['id', 'named'], raiseonerr=False) + if result.returncode == 0: + tasks.uninstall_packages(host, ['bind']) + host.run_command(['userdel', constants.NAMED_USER]) + assert host.run_command( + ['id', 'named'], raiseonerr=False + ).returncode == 1 + + @classmethod + def install(cls, mh): + for tgt in (cls.master, cls.replicas[0]): + cls.remove_named(tgt) + tasks.install_master(cls.master, setup_dns=False) + + def test_replica0_install(self): + tasks.install_replica( + self.master, self.replicas[0], setup_ca=False, setup_dns=False + )