From a1eb13cdbc109da8c028bb886a1207ea2cc23cee Mon Sep 17 00:00:00 2001
From: Christian Heimes <cheimes@redhat.com>
Date: Tue, 27 Jul 2021 11:54:20 +0200
Subject: [PATCH] Fix ldapupdate.get_sub_dict() for missing named user
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The named user may not be present when ipa-server-dns and bind are not
installed. NAMED_UID and NAMED_GID constants are only used with local
DNS support.
Fixes: https://pagure.io/freeipa/issue/8936
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Co-authored-by: François Cami <fcami@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
---
ipaserver/install/ldapupdate.py | 14 +++++++---
.../nightly_ipa-4-9_latest.yaml | 12 +++++++++
.../nightly_ipa-4-9_previous.yaml | 12 +++++++++
.../test_integration/test_installation.py | 27 +++++++++++++++++++
4 files changed, 62 insertions(+), 3 deletions(-)
diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py
index 06cb78e0b..f0e7d6162 100644
--- a/ipaserver/install/ldapupdate.py
+++ b/ipaserver/install/ldapupdate.py
@@ -64,6 +64,15 @@ def get_sub_dict(realm, domain, suffix, fqdn, idstart=None, idmax=None):
idrange_size = idmax - idstart + 1
subid_base_rid = constants.SUBID_RANGE_START - idrange_size
+ # uid / gid for autobind
+ # user is only defined when ipa-server-dns and bind are installed
+ try:
+ named_uid = platformconstants.NAMED_USER.uid
+ named_gid = platformconstants.NAMED_GROUP.gid
+ except ValueError:
+ named_uid = None
+ named_gid = None
+
return dict(
REALM=realm,
DOMAIN=domain,
@@ -99,9 +108,8 @@ def get_sub_dict(realm, domain, suffix, fqdn, idstart=None, idmax=None):
DEFAULT_ADMIN_SHELL=platformconstants.DEFAULT_ADMIN_SHELL,
SELINUX_USERMAP_DEFAULT=platformconstants.SELINUX_USERMAP_DEFAULT,
SELINUX_USERMAP_ORDER=platformconstants.SELINUX_USERMAP_ORDER,
- # uid / gid for autobind
- NAMED_UID=platformconstants.NAMED_USER.uid,
- NAMED_GID=platformconstants.NAMED_GROUP.gid,
+ NAMED_UID=named_uid,
+ NAMED_GID=named_gid,
)
diff --git a/ipatests/prci_definitions/nightly_ipa-4-9_latest.yaml b/ipatests/prci_definitions/nightly_ipa-4-9_latest.yaml
index 939ee2b7d..1c8c5ddfc 100644
--- a/ipatests/prci_definitions/nightly_ipa-4-9_latest.yaml
+++ b/ipatests/prci_definitions/nightly_ipa-4-9_latest.yaml
@@ -547,6 +547,18 @@ jobs:
timeout: 4800
topology: *master_1repl_1client
+ fedora-latest-ipa-4-9/test_installation_TestInstallWithoutNamed:
+ requires: [fedora-latest-ipa-4-9/build]
+ priority: 50
+ job:
+ class: RunPytest
+ args:
+ build_url: '{fedora-latest-ipa-4-9/build_url}'
+ test_suite: test_integration/test_installation.py::TestInstallWithoutNamed
+ template: *ci-ipa-4-9-latest
+ timeout: 4800
+ topology: *master_1repl
+
fedora-latest-ipa-4-9/test_idviews:
requires: [fedora-latest-ipa-4-9/build]
priority: 50
diff --git a/ipatests/prci_definitions/nightly_ipa-4-9_previous.yaml b/ipatests/prci_definitions/nightly_ipa-4-9_previous.yaml
index 03658a934..6d121d59f 100644
--- a/ipatests/prci_definitions/nightly_ipa-4-9_previous.yaml
+++ b/ipatests/prci_definitions/nightly_ipa-4-9_previous.yaml
@@ -547,6 +547,18 @@ jobs:
timeout: 4800
topology: *master_1repl_1client
+ fedora-previous-ipa-4-9/test_installation_TestInstallWithoutNamed:
+ requires: [fedora-previous-ipa-4-9/build]
+ priority: 50
+ job:
+ class: RunPytest
+ args:
+ build_url: '{fedora-previous-ipa-4-9/build_url}'
+ test_suite: test_integration/test_installation.py::TestInstallWithoutNamed
+ template: *ci-ipa-4-9-previous
+ timeout: 4800
+ topology: *master_1repl
+
fedora-previous-ipa-4-9/test_idviews:
requires: [fedora-previous-ipa-4-9/build]
priority: 50
diff --git a/ipatests/test_integration/test_installation.py b/ipatests/test_integration/test_installation.py
index e76fd0efe..e3c41eaa1 100644
--- a/ipatests/test_integration/test_installation.py
+++ b/ipatests/test_integration/test_installation.py
@@ -1853,3 +1853,30 @@ class TestInstallWithoutSudo(IntegrationTest):
result = tasks.install_client(self.master, self.clients[0])
assert self.no_sudo_str not in result.stderr_text
assert self.sudo_version_str not in result.stdout_text
+
+
+class TestInstallWithoutNamed(IntegrationTest):
+ num_replicas = 1
+
+ @classmethod
+ def remove_named(cls, host):
+ # remove the bind package and make sure the named user does not exist.
+ # https://pagure.io/freeipa/issue/8936
+ result = host.run_command(['id', 'named'], raiseonerr=False)
+ if result.returncode == 0:
+ tasks.uninstall_packages(host, ['bind'])
+ host.run_command(['userdel', constants.NAMED_USER])
+ assert host.run_command(
+ ['id', 'named'], raiseonerr=False
+ ).returncode == 1
+
+ @classmethod
+ def install(cls, mh):
+ for tgt in (cls.master, cls.replicas[0]):
+ cls.remove_named(tgt)
+ tasks.install_master(cls.master, setup_dns=False)
+
+ def test_replica0_install(self):
+ tasks.install_replica(
+ self.master, self.replicas[0], setup_ca=False, setup_dns=False
+ )
--
2.31.1