On 1/17/22 10:59 AM, Rob Crittenden wrote:
Scott Serr via FreeIPA-users wrote:
On 1/12/22 11:43 AM, Rob Crittenden wrote:
Scott Serr via FreeIPA-users wrote:
Attributes in the Employee Information section of the user web page
are blank following a series of OS/IPA updates.
The "ipa user-find --all" cli command shows these attributes fine.
Specifically (in my case):
Department Number
Employee Number
Employee Type
I'm wondering if anyone else has seen this. Trying to find a small
test case, I've found 1 of my development VMs that has some
snapshots. It's Rocky 8. It has seen OS/IPA updates frequently in
the last month. This VM also has a snapshot on December 8th.
Now I have 3 clones of this VM (at different snapshot times):
dev-current -- fails to show these attributes on user web page
dev-dec8 -- shows these attributes
dev-dec8-updated-to-current -- shows these attributes
The system is mainly used to test updates, data remains the same.
The only difference I can think of is "dev-current" has had
*incremental* OS/IPA updates between Dec 8th and now.
I'm combing through a filesystem diff, trying to figure out why they
behave differently, /usr/share/ipa appears to be the same. Something
else odd: "dev-current" has a new section "User attributes for SMB
services" on the user web page. The dev-dec8 and
dev-dec8-updated-to-current states/VMs don't have this section on the
user web page.
Interested in any troubleshooting ideas, or ideas of why this is
happening.
Thank you,
Scott
dnf.log shows dev-current had an update to 4.9.6-6 that the other clone
(dev-dec8-updated) did not.
It looks like 4.9.6-6, although replaced has created this lingering problem.
dev-dec8-updated
2021-11-04T12:48:27-0600 DEBUG Upgraded:
ipa-server-4.9.2-4.module+el8.4.0+664+1636a961.x86_64
2022-01-11T12:07:55-0700 DEBUG Upgraded:
ipa-server-4.9.6-10.module+el8.5.0+719+4f06efb6.x86_64
dev-current
2021-11-04T12:48:27-0600 DEBUG Upgraded:
ipa-server-4.9.2-4.module+el8.4.0+664+1636a961.x86_64
2021-12-08T11:34:23-0700 DEBUG Upgraded:
ipa-server-4.9.6-6.module+el8.5.0+675+61f67439.x86_64
2021-12-21T09:55:41-0700 DEBUG Upgraded:
ipa-server-4.9.6-10.module+el8.5.0+719+4f06efb6.x86_64
I don't quite follow what you're trying to ask. Are these two separate
systems? Do both show the same behavior?
Does the information show in the cli? ipa user-show --all someuser
Do/did you have any custom plugins?
What exact attributes are not displaying?
rob
I'm sorry Rob, yesterday my web email client didn't do well with
threading, I've tried to fix the thread.
These are clones of the same system, early on Dec 8th they were the same
and since then took 2 different upgrade paths. (I only power up 1 at a
time because of IPs and hostnames)
dev-dec8-updated
2021-11-04T12:48:27-0600 DEBUG Upgraded: ipa-server-4.9.2-4
2022-01-11T12:07:55-0700 DEBUG Upgraded: ipa-server-4.9.6-10
dev-current
2021-11-04T12:48:27-0600 DEBUG Upgraded: ipa-server-4.9.2-4
2021-12-08T11:34:23-0700 DEBUG Upgraded: ipa-server-4.9.6-6
2021-12-21T09:55:41-0700 DEBUG Upgraded: ipa-server-4.9.6-10
The "dev-current" has gone down a different upgrade path from
"dev-dec8-updated" but they arrive at the same place (4.9.6-10). It appears that 4.9.6-6
has caused the issue. The issue being those attributes in Employee Information section of the web
page.
These clone VMs did have a simple custom plugin. It was
/usr/share/ipa/ui/js/plugins/myplugin/myplugin.js. I removing the custom
plugin (from dev-current), but that didn't fix the missing attributes on the
web page. Maybe there is some caching that I need to clear. Very well could
be something from our custom plugin, is there anything tricky to back it out?
"ipa user-show --all me" shows Employee Type, Employee Number, and Department
Number properly.
I'm at a loss. The best I can suggest is to try the browser debugger to
see if you can tell what is happening. The data should be available
based on the cli (the ui uses the same interfaces).
As for removing it I think that removing the javascript, restarting
Apache and doing a force reload in the browser should do it.
rob
Rob, this may surprise you, it did me.
I set out to create a brand new replica on our production cluster. My
intent was to disconnect it from the cluster and do tests. I was not
able to do make the replica, I kept getting errors running
ipa-replica-install. I saw:
ipa: ERROR: Certificate operation cannot be completed: Request failed with
status 403: Non-2xx response from CA REST API: 403. (403)
I had to fix this before I could continue. You are well aware of the
recent issue:
Bug 2006070 - Upgrades incorrectly add secret attribute to connectors
https://bugzilla.redhat.com/show_bug.cgi?id=2006070
(First, I found at least 4 threads on this mailing list directly
connected to this issue. I'm thankful!)
I saw that my VM clone (discussed above in the thread) that skipped over
ipa-server-4.9.6-6 update, only had secret= and did not have
requiredSecret=. I removed requiredSecret from a member of the
production cluster. PKI/certs worked! And low and behold, my web
interface now shows attribute values for Employee Type, Employee Number,
and Department Number. It also no longer shows the SMB section, like we
are used to.
(In our environment we don't make use of PKI functionality on our
clients yet, otherwise I'd probably notice this breakage much earlier.)
I'm hopeful this clears up all my issues. I wanted the list to know the
fix.
Thanks for you help!
Scott
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
