[Freeipa-users] Searching for things in the UI no longer seems to work, neither does ipa host-find or hostgroup-find after schema upgrade to dogtag 10

[Martin Basti]

On 10/07/2015 09:49 AM, Alex Williams wrote:
> Hi guys,
>
> yesterday I finally managed to get our IPA3.0.0 servers in a state 
> that I could upgrade the schema to dogtag 10, using the migration 
> script and launched a new RHEL7.1 IPA4.1 server as a replica. 
> Unfortunately, in both the new RHEL7.1 IPA4.1 server AND the old 
> RHEL6.6 IPA3.0.0 server that I replicated from (Also happens to be our 
> CRL master), I can no longer search for hosts or DNS entries, or host 
> groups, either in the UI, or on the command line.
>
> They're there, they show up when you go to the hosts, dns or user page 
> in a list, but you cannot then refine the search. This is also true of 
> ipa host-find and ipa hostgroup-find on the command line. Is this a 
> bug in IPA4.1? Is it a schema issue? Is it just because we still have 
> an IPA3 server running the show and an IPA4 replica? I can't really 
> justify dropping our production IPA3 servers, if searching for records 
> doesn't work in IPA4.1.
>
> I still appear to be able to search in the UI of one of our other IPA3 
> servers, despite the fact it has had its schema updated and it has 
> been connected to the new IPA4 server.
>
> Thanks in advance for any help anyone can offer.
>
> Cheers
>
> Alex
>
Hello,

can you provide more info please:

* are you kinited as admin user?
* does ipa dnszone-find returns all results?
* does ipa dnszone-find <name of zone> return something?
* does ipa dnszone-show <name of zone> return the zone?

We had issue with access control, where non admin users cannot search 
for zones, I'm not sure about hosts, and host groups.
I do not think that this is a schema upgrade issue nor related to Dogtag 10.

Martin