[Freeipa-users] Services missing in web-ui

Troels Hansen th at casalogic.dk
Wed Dec 7 11:43:09 UTC 2016 

Looks great...... Pavel, as a RedHat internal, should I create a ticket to have this fixed in the RedHat version, or does it already have a internal Red Hat bugzilla case? 

----- On Dec 7, 2016, at 11:58 AM, Pavel Vomacka <pvomacka at redhat.com> wrote: 

> Hello,

> it is caused by missing canonical name on services which were created in older
> versions of FreeIPA. Fixed ticket here:
> https://fedorahosted.org/freeipa/ticket/6397 .
> On 12/07/2016 11:48 AM, Fujisan wrote:

>> And with Firefox 50.0.2.

>> F.

>> On Wed, Dec 7, 2016 at 11:46 AM, Fujisan < fujisan43 at gmail.com > wrote:

>>> I have the same issue with version 4.4.2

>>> $ rpm -qa|grep freeipa
>>> freeipa-server-4.4.2-1.fc25.x86_64
>>> freeipa-python-compat-4.4.2-1.fc25.noarch
>>> freeipa-server-common-4.4.2-1.fc25.noarch
>>> freeipa-common-4.4.2-1.fc25.no arch
>>> freeipa-server-trust-ad-4.4.2-1.fc25.x86_64
>>> freeipa-client-4.4.2-1.fc25.x86_64
>>> freeipa-client-common-4.4.2-1.fc25.noarch

>>> ​F.​

>>> On Wed, Dec 7, 2016 at 11:13 AM, Troels Hansen < th at casalogic.dk > wrote:

>>>> I have a strange issue in IPA 4.4.0-12 (RHEL 7.3)

>>>> Navigating to Identity -> Services reveals 5 services. 2 cifs, 2 dogtag and one
>>>> empty line...

>>>> cifs/host1.domain at REALM
>>>> cifs/host2.domain at REALM
>>>> dogtag/ipa01.domain at REALM
>>>> dogtag/ipa02.domain at REALM

>>>> However, from CLI everything looks OK:

>>>> # ipa service-find
>>>> -------------------
>>>> 11 services matched
>>>> -------------------
>>>> Principal name: ldap/ipa02.domain at REALM
>>>> Principal alias: ldap/ipa02.domain at REALM
>>>> Certificate: .......
>>>> .......

>>>> Keytab: True

>>>> Principal name: ldap/ipa01.domain at REALM
>>>> Principal alias: ldap/ipa01.domain at REALM
>>>> Certificate: .......
>>>> .......

>>>> Keytab: True

>>>> Principal name: HTTP/ipa02.domain at REALM
>>>> Principal alias: HTTP/ipa02.domain at REALM
>>>> Certificate: ........
>>>> .......

>>>> Keytab: True

>>>> Principal name: cifs/rhellxudv01.domain at REALM
>>>> Principal alias: cifs/rhellxudv01.domain at REALM
>>>> Keytab: True

>>>> Principal name: cifs/ipa02.domain at REALM
>>>> Principal alias: cifs/ipa02.domain at REALM
>>>> Keytab: True

>>>> Principal name: nfs/profil01.domain at REALM
>>>> Principal alias: nfs/profil01.domain at REALM
>>>> Keytab: True

>>>> Principal name: cifs/ipa01.domain at REALM
>>>> Principal alias: cifs/ipa01.domain at REALM
>>>> Keytab: True

>>>> Principal name: dogtag/ipa02.domain at REALM
>>>> Principal alias: dogtag/ipa02.domain at REALM
>>>> Keytab: True

>>>> Principal name: dogtag/ipa01.domain at REALM
>>>> Principal alias: dogtag/ipa01.domain at REALM
>>>> Keytab: True

>>>> Principal name: cifs/rhellxudv02.domain at REALM
>>>> Principal alias: cifs/rhellxudv02.domain at REALM
>>>> Keytab: True

>>>> Principal name: HTTP/ipa01.domain at REALM
>>>> Principal alias: HTTP/ipa01.domain at REALM
>>>> Certificate: ..............
>>>> ..............
>>>> Keytab: True

>>>> -----------------------------
>>>> Number of entries returned 11
>>>> -----------------------------

>>>> (some lines truncated.....)

>>>> soooo... somsthing must be disrupting the view in web-ui,

>>>> Tried in Chrome 43 and IE 11

>>>> Looking at what gets requested by the browser at /ipa/session/json I can see in
>>>> the json that it gets the correct content:

>>>> result: {count: 11, result: [,…], summary: "11 services matched", truncated:
>>>> false}
>>>> count: 11
>>>> result: [,…]
>>>> 0: {dn:
>>>> "krbprincipalname=cifs/rhellxudv01.domain at REALM,cn=services,cn=accounts,dc=domain",…}
>>>> 1: {dn:
>>>> "krbprincipalname=dogtag/ipa01.domain at REALM,cn=services,cn=accounts,dc=domain",…}
>>>> 2: {dn:
>>>> "krbprincipalname=nfs/profil01.domain at REALM,cn=services,cn=accounts,dc=domain",…}
>>>> 3: {dn:
>>>> "krbprincipalname=cifs/rhellxudv02.domain at REALM,cn=services,cn=accounts,dc=domain",…}
>>>> 4: {dn:
>>>> "krbprincipalname=dogtag/ipa02.domain at REALM,cn=services,cn=accounts,dc=domain",…}
>>>> 5: {dn:
>>>> "krbprincipalname=HTTP/ipa01.domain at REALM,cn=services,cn=accounts,dc=domain",…}
>>>> 6: {dn:
>>>> "krbprincipalname=cifs/ipa02.domain at REALM,cn=services,cn=accounts,dc=domain",…}
>>>> 7: {dn:
>>>> "krbprincipalname=cifs/ipa01.domain at REALM,cn=services,cn=accounts,dc=domain",…}
>>>> 8: {dn:
>>>> "krbprincipalname=ldap/ipa01.domain at REALM,cn=services,cn=accounts,dc=domain",…}
>>>> 9: {dn:
>>>> "krbprincipalname=HTTP/ipa02.domain at REALM,cn=services,cn=accounts,dc=domain",…}
>>>> 10: {dn:
>>>> "krbprincipalname=ldap/ipa02.domain at REALM,cn=services,cn=accounts,dc=domain",…}
>>>> summary: "11 services matched"
>>>> truncated: false

>>>> So this is obviously only a web-ui problem, but I can't see what causes the
>>>> problem?

>>>> --
>>>> Manage your subscription for the Freeipa-users mailing list:
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>> Go to http://freeipa.org for more info on the project

> --
> Pavel^3 Vomacka

-- 

Med venlig hilsen 

Troels Hansen 

Systemkonsulent 

Casalogic A/S 

T (+45) 70 20 10 63 

M (+45) 22 43 71 57 

Red Hat, SUSE, VMware, Citrix, Novell, Yellowfin BI, EnterpriseDB, Sophos og meget mere. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161207/1f16b799/attachment.htm>

More information about the Freeipa-users mailing list