Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

SWIFT: POC Conversion

Sync from "Extern...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Undefined
Fix Version/s: rhel-10.1
Affects Version/s: None
Component/s: 389-ds-base
Labels:
None

Fixed in Build:
389-ds-base-3.1.3-2.el10
Regression:
No
Severity:
Low
Epic Link:
IDM-1961

AssignedTeam:
rhel-idm-ds

Story Points:
0
Blocked:
False
Ready:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Sprint:
None

Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/151590
Test Coverage:

Automated

ProdDocsReview-CCS:
Unspecified
ProdDocsReview-Dev:
Unspecified
ProdDocsReview-QE:
Unspecified

Experience:

PX Impact Score:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

Description of a problem

Failing to create nested role using "dsidm role create-nested"

Version-Release number of the selected component

`rpm -q 389-ds-base cockpit-389-ds`

389-ds-base-3.0.5-2.el10.x86_64

Steps to reproduce

1. Create a managed role (e.g. cn=test_managed,dc=example,dc=com)
2. Try to create a nested role with nsRoleDN being the previously created managed role

Actual results

Fails with "Attribute nsRoleDN must not be None"

# dsidm -v localhost -b dc=example,dc=com role create-nested
DEBUG: The 389 Directory Server Identity Manager
DEBUG: Inspired by works of: ITS, The University of Adelaide
DEBUG: dsrc path: /root/.dsrc
DEBUG: dsrc container path: /data/config/container.inf
DEBUG: dsrc instances: []
DEBUG: dsrc no such section: slapd-localhost
DEBUG: Called with: Namespace(verbose=True, json=False, instance='localhost', basedn='dc=example,dc=com', binddn=None, bindpw=None, prompt=False, pwdfile=None, starttls=False, cn=None, nsRoleDN=None, func=<function create_nested at 0x7f78264b8c20>)
DEBUG: Instance details: {'uri': 'localhost', 'basedn': 'dc=example,dc=com', 'binddn': None, 'bindpw': None, 'saslmech': None, 'tls_cacertdir': None, 'tls_cert': None, 'tls_key': None, 'tls_reqcert': None, 'starttls': False, 'prompt': False, 'pwdfile': None, 'args': {'ldapurl': 'localhost', 'root-dn': None}}
DEBUG: Allocate <class 'lib389.DirSrv'> with ldapi://%2frun%2fslapd-localhost.socket
DEBUG: Allocate <class 'lib389.DirSrv'> with %2frun%2fslapd-localhost.socket
DEBUG: Allocate <class 'lib389.DirSrv'> with prereserve-1mt-rhel-10.0-20241220.0-890-2025-01-10-09-28:389
DEBUG: Allocate <class 'lib389.DirSrv'> with prereserve-1mt-rhel-10.0-20241220.0-890-2025-01-10-09-28:389
DEBUG: Allocate <class 'lib389.DirSrv'> with ldapi://%2frun%2fslapd-localhost.socket
DEBUG: Allocate <class 'lib389.DirSrv'> with %2frun%2fslapd-localhost.socket
DEBUG: Allocate <class 'lib389.DirSrv'> with prereserve-1mt-rhel-10.0-20241220.0-890-2025-01-10-09-28:389
DEBUG: Allocate <class 'lib389.DirSrv'> with prereserve-1mt-rhel-10.0-20241220.0-890-2025-01-10-09-28:389
DEBUG: open(): Connecting to uri ldapi://%2frun%2fslapd-localhost.socket
DEBUG: Using dirsrv ca certificate /etc/dirsrv/slapd-localhost
DEBUG: Using external ca certificate /etc/dirsrv/slapd-localhost
DEBUG: Using /etc/openldap/ldap.conf certificate policy
DEBUG: ldap.OPT_X_TLS_REQUIRE_CERT = 2
DEBUG: open(): Using root autobind ...
DEBUG: open(): bound as None
DEBUG: Retrieving entry with [('',)]
DEBUG: Retrieved entry [dn: 
vendorVersion: 389-Directory/3.0.5 B2024.351.0000]

Enter value for cn : test_nested
Enter value for nsRoleDN : cn=test_managed,dc=example,dc=com

DEBUG: Checking "None" under dc=example,dc=com : {'cn': 'test_nested', 'nsroledn': 'cn=test_managed,dc=example,dc=com'}
DEBUG: Attribute nsRoleDN must not be None
Traceback (most recent call last):
  File "/usr/sbin/dsidm", line 139, in <module>
    result = args.func(inst, basedn, log, args)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/lib389/cli_idm/role.py", line 68, in create_nested
    _generic_create(inst, basedn, log.getChild('_generic_create'), NestedRoles, kwargs, args)
  File "/usr/lib/python3.12/site-packages/lib389/cli_base/__init__.py", line 247, in _generic_create
    o = mc.create(properties=kwargs)
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/lib389/_mapped_object.py", line 1323, in create
    return co.create(rdn, properties, self._basedn)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/lib389/_mapped_object.py", line 1076, in create
    return self._create(rdn, properties, basedn, ensure=False)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/lib389/_mapped_object.py", line 1017, in _create
    (dn, valid_props) = self._validate(rdn, properties, basedn)
                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/lib389/_mapped_object.py", line 957, in _validate
    raise ldap.UNWILLING_TO_PERFORM('Attribute %s must not be None' % attr)
ldap.UNWILLING_TO_PERFORM: Attribute nsRoleDN must not be None
ERROR: Error: Attribute nsRoleDN must not be None

Expected results

Should create nested role with specified nsRoleDN

links to

389ds/389-ds-base/issues/6493

RHBA-2025:151590 389-ds-base update

Assignee:: IdM DS Dev

Reporter:: Lenka Doudova

Developer:: IdM DS Dev

QA Contact:: IdM DS QE

Doc Contact:: Evgenia Martyniuk

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2025/01/10 9:51 AM

Updated:: 2025/11/11 10:06 AM

Resolved:: 2025/11/11 10:06 AM

Next Planned Release Date:: 2025/11/11

Release Date:: 2025/11/11

Details

Description

Description of a problem

Version-Release number of the selected component

rpm -q 389-ds-base cockpit-389-ds

Steps to reproduce

Actual results

Expected results

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates

`rpm -q 389-ds-base cockpit-389-ds`