It may possibly be related to this, but this is marked as fixed for 4.3: https://pagure.io/freeipa/issue/5456
I'm on 4.4.0-14.el7.centos.7
A user had their lastname entry added with the wrong case. I attempted to update it by changing the case, got an error like this:
[Wed Sep 06 17:46:08.010202 2017] [:error] [pid 15253] ipa: INFO: [jsonserver_session] aclark@DEV.REDACTED.NET: user_mod/1(u'pboppe', sn=u'Boppe', version=u'2.213'): DatabaseError
I changed it to something else entirely, then changed it to the correct case.
This happened on attributes: "lastname", "fullname", "displayname", "initials", "gecos". I didn't test it elsewhere.
Is there a ticket already for this or should I create a new one? I don't want to create work for the IPA devs :)
Thanks,
Anthony Clark
Anthony Clark via FreeIPA-users wrote:
It may possibly be related to this, but this is marked as fixed for 4.3: https://pagure.io/freeipa/issue/5456
That is the case of an attribute not a value.
I'm on 4.4.0-14.el7.centos.7
A user had their lastname entry added with the wrong case. I attempted to update it by changing the case, got an error like this:
[Wed Sep 06 17:46:08.010202 2017] [:error] [pid 15253] ipa: INFO: [jsonserver_session] aclark@DEV.REDACTED.NET mailto:aclark@DEV.REDACTED.NET: user_mod/1(u'pboppe', sn=u'Boppe', version=u'2.213'): DatabaseError
I changed it to something else entirely, then changed it to the correct case.
This happened on attributes: "lastname", "fullname", "displayname", "initials", "gecos". I didn't test it elsewhere.
Is there a ticket already for this or should I create a new one? I don't want to create work for the IPA devs :)
Please open, I couldn't find an existing one.
I suspect the issue is related to the schema which ignores case for surName.
rob
On Wed, Sep 06, 2017 at 02:05:56PM -0400, Anthony Clark via FreeIPA-users wrote:
It may possibly be related to this, but this is marked as fixed for 4.3: https://pagure.io/freeipa/issue/5456
I'm on 4.4.0-14.el7.centos.7
A user had their lastname entry added with the wrong case. I attempted to update it by changing the case, got an error like this:
[Wed Sep 06 17:46:08.010202 2017] [:error] [pid 15253] ipa: INFO: [jsonserver_session] aclark@DEV.REDACTED.NET: user_mod/1(u'pboppe', sn=u'Boppe', version=u'2.213'): DatabaseError
I changed it to something else entirely, then changed it to the correct case.
This happened on attributes: "lastname", "fullname", "displayname", "initials", "gecos". I didn't test it elsewhere.
Is there a ticket already for this or should I create a new one? I don't want to create work for the IPA devs :)
Thanks,
Anthony Clark
This is expected behaviour. In the IETF spec for user schema, the 'sn' attribute[1], which is based on the 'name' attribute[2], uses the `caseIgnoreMatch' equality rule. So the LDAP server correctly determines that there is no change to perform.
[1] https://tools.ietf.org/html/rfc4519#section-2.32 [2] https://tools.ietf.org/html/rfc4519#section-2.18
Arguably we should detect this in IPA and reject the change without contacting the database, but the failure is expected, so feel free to file a ticket anyway.
Cheers, Fraser
On 09/07/2017 03:21 AM, Fraser Tweedale via FreeIPA-users wrote:
On Wed, Sep 06, 2017 at 02:05:56PM -0400, Anthony Clark via FreeIPA-users wrote:
It may possibly be related to this, but this is marked as fixed for 4.3: https://pagure.io/freeipa/issue/5456
I'm on 4.4.0-14.el7.centos.7
A user had their lastname entry added with the wrong case. I attempted to update it by changing the case, got an error like this:
[Wed Sep 06 17:46:08.010202 2017] [:error] [pid 15253] ipa: INFO: [jsonserver_session] aclark@DEV.REDACTED.NET: user_mod/1(u'pboppe', sn=u'Boppe', version=u'2.213'): DatabaseError
I changed it to something else entirely, then changed it to the correct case.
This happened on attributes: "lastname", "fullname", "displayname", "initials", "gecos". I didn't test it elsewhere.
Is there a ticket already for this or should I create a new one? I don't want to create work for the IPA devs :)
Thanks,
Anthony Clark
This is expected behaviour. In the IETF spec for user schema, the 'sn' attribute[1], which is based on the 'name' attribute[2], uses the `caseIgnoreMatch' equality rule. So the LDAP server correctly determines that there is no change to perform.
[1] https://tools.ietf.org/html/rfc4519#section-2.32 [2] https://tools.ietf.org/html/rfc4519#section-2.18
Arguably we should detect this in IPA and reject the change without contacting the database, but the failure is expected, so feel free to file a ticket anyway.
The attributes are case insensitive and so xxx and xXx are the same value. But in DS we are nice and always keep the original spelling and also allow replacements with identical values. I think it is the other way round, IPA already catches thes identical changes and should allow them
Cheers, Fraser _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
freeipa-users@lists.fedorahosted.org