-
Bug
-
Resolution: Unresolved
-
Normal
-
None
Description of problem:
dsconf incorrectly setting up Pass-Through Authentication
Version-Release number of selected component (if applicable):
389-ds-base.x86_64 (1.4.3.34-1.module+el8.7.0+18367+58a49cb0
How reproducible:
Always
Steps to Reproduce:
1. dsconf corpldap plugin pam-pass-through-auth config 'IPA PAM PTA Config' add --exclude-suffix='cn=config' --id_map_method='ENTRY' --id-attr='uid' --filter="(&(Unable to render embedded object: File ((uid=newrelicmon))() not found.(uid=bugzilla))(!(uid=applmgr)))" --fallback='TRUE' --secure='TRUE' --service='ldapserver' --missing-suffix='ALLOW' --include-suffix='ou=Users,dc=redhat,dc=com'
Successfully created the cn=IPA PAM PTA Config,cn=PAM Pass Through Auth,cn=plugins,cn=config
Actual results:
fallback, id_map_method and id_attr being incorrectly set
Expected results:
correctly set
Additional info:
- dsconf corpldap plugin pam-pass-through-auth config 'IPA PAM PTA Config' add --exclude-suffix='cn=config' --id_map_method='ENTRY' --id-attr='uid' --filter="(&(Unable to render embedded object: File ((uid=newrelicmon))() not found.(uid=bugzilla))(!(uid=applmgr)))" --fallback='TRUE' --secure='TRUE' --service='ldapserver' --missing-suffix='ALLOW' --include-suffix='ou=Users,dc=redhat,dc=com'
Successfully created the cn=IPA PAM PTA Config,cn=PAM Pass Through Auth,cn=plugins,cn=config
It created successfully, but showing the output results in fallback, id_map_method and id_attr being incorrectly set:
- dsconf corpldap plugin pam-pass-through-auth show
dn: cn=PAM Pass Through Auth,cn=plugins,cn=config
cn: PAM Pass Through Auth
nsslapd-plugin-depends-on-type: database
nsslapd-pluginDescription: PAM pass through authentication plugin
nsslapd-pluginEnabled: on
nsslapd-pluginId: pam_passthruauth
nsslapd-pluginInitfunc: pam_passthruauth_init
nsslapd-pluginPath: libpam-passthru-plugin
nsslapd-pluginType: betxnpreoperation
nsslapd-pluginVendor: 389 Project
nsslapd-pluginVersion: 1.4.3.34
nsslapd-pluginloadglobal: true
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
objectClass: pamConfig
pamExcludeSuffix: cn=config
pamFallback: FALSE
pamFilter: (&(Unable to render embedded object: File ((uid=newrelicmon))() not found.(uid=bugzilla))(!(uid=applmgr)))
pamIDAttr: notUsedWithRDNMethod
pamIDMapMethod: RDN
pamIncludeSuffix: ou=Users,dc=redhat,dc=com
pamMissingSuffix: ALLOW
pamSecure: TRUE
pamService: ldapserver
pamthreadsafe: TRUE
And attempts to fix the incorrect settings are also producing errors:
- dsconf corpldap plugin pam-pass-through-auth config 'PAM Pass Through Auth' set --fallback='true'
Error: No object exists given the filter criteria: PAM Pass Through Auth (&(&(objectclass=top)(objectclass=extensibleObject)(objectclass=nsslapdplugin)(objectclass=pamConfig))(|(cn=PAM Pass Through Auth)))
- dsconf corpldap plugin pam-pass-through-auth config 'IPA PAM PTA Config,cn=PAM Pass Through Auth,cn=plugins,cn=config' set --fallback='true'
Error: No object exists given the filter criteria: IPA PAM PTA Config,cn=PAM Pass Through Auth,cn=plugins,cn=config (&(&(objectclass=top)(objectclass=extensibleObject)(objectclass=nsslapdplugin)(objectclass=pamConfig))(|(cn=IPA PAM PTA Config,cn=PAM Pass Through Auth,cn=plugins,cn=config)))
