Bug 1079498
| Summary: | extdom-extop: Plugin needs to ignore results that belong to different domain as requested | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Dmitri Pal <dpal> |
| Component: | ipa | Assignee: | Martin Kosek <mkosek> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Namita Soman <nsoman> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | medium | ||
| Version: | 7.0 | CC: | pviktori, rcritten, rpacheco, spoore |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | ipa-3.3.3-26.el7 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-06-13 13:07:01 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Dmitri Pal
2014-03-21 17:20:17 UTC
Fixed upstream master: https://fedorahosted.org/freeipa/changeset/c885bc3e49b41490668ed8b62989d71ec1cadf34 ipa-3-3: https://fedorahosted.org/freeipa/changeset/2ec7c50f3c475e5ffbf2f73968636c483c6503e7 Verified.
Version ::
ipa-server-3.3.3-27.el7.x86_64
Results ::
First reproducing issue with 3.3.3-25:
[root@rhel7-3 ipa-trust-functional]# ipa trust-find
----------------
2 trusts matched
----------------
Realm name: ad1.example.test
Domain NetBIOS name: AD1
Domain Security Identifier: S-1-5-21-1111600086-3918383388-1921175064
SID blacklist incoming: S-1-0, S-1-1, S-1-2, S-1-3, S-1-5-1, S-1-5-2, S-1-5-3, S-1-5-4, S-1-5-5,
S-1-5-6, S-1-5-7, S-1-5-8, S-1-5-9, S-1-5-10, S-1-5-11, S-1-5-12, S-1-5-13,
S-1-5-14, S-1-5-15, S-1-5-16, S-1-5-17, S-1-5-18, S-1-5-19, S-1-5-20
SID blacklist outgoing: S-1-0, S-1-1, S-1-2, S-1-3, S-1-5-1, S-1-5-2, S-1-5-3, S-1-5-4, S-1-5-5,
S-1-5-6, S-1-5-7, S-1-5-8, S-1-5-9, S-1-5-10, S-1-5-11, S-1-5-12, S-1-5-13,
S-1-5-14, S-1-5-15, S-1-5-16, S-1-5-17, S-1-5-18, S-1-5-19, S-1-5-20
Trust type: Active Directory domain
Realm name: ad2.example.test
Domain NetBIOS name: AD2
Domain Security Identifier: S-1-5-21-1515602834-2930230041-3336973146
SID blacklist incoming: S-1-0, S-1-1, S-1-2, S-1-3, S-1-5-1, S-1-5-2, S-1-5-3, S-1-5-4, S-1-5-5,
S-1-5-6, S-1-5-7, S-1-5-8, S-1-5-9, S-1-5-10, S-1-5-11, S-1-5-12, S-1-5-13,
S-1-5-14, S-1-5-15, S-1-5-16, S-1-5-17, S-1-5-18, S-1-5-19, S-1-5-20
SID blacklist outgoing: S-1-0, S-1-1, S-1-2, S-1-3, S-1-5-1, S-1-5-2, S-1-5-3, S-1-5-4, S-1-5-5,
S-1-5-6, S-1-5-7, S-1-5-8, S-1-5-9, S-1-5-10, S-1-5-11, S-1-5-12, S-1-5-13,
S-1-5-14, S-1-5-15, S-1-5-16, S-1-5-17, S-1-5-18, S-1-5-19, S-1-5-20
Trust type: Active Directory domain
----------------------------
Number of entries returned 2
----------------------------
[root@rhel7-3 ipa-trust-functional]# id testuser1.test
uid=1956201133(testuser1.test) gid=1956201133(testuser1.test.test) groups=1956201133(testuser1.test.test)
[root@rhel7-3 ipa-trust-functional]# rpm -q ipa-server
ipa-server-3.3.3-25.el7.x86_64
Then testing with patched version 3.3.3-27:
[root@rhel7-3 ipa-trust-functional]# service sssd stop; rm -rf /var/lib/sss/{db,mc}/*; service sssd start
Redirecting to /bin/systemctl stop sssd.service
Redirecting to /bin/systemctl start sssd.service
[root@rhel7-3 ipa-trust-functional]# id testuser1.test
uid=1956201133(testuser1.test) gid=1956201133(testuser1.test) groups=1956201133(testuser1.test)
[root@rhel7-3 ipa-trust-functional]# service sssd stop; rm -rf /var/lib/sss/{db,mc}/*; service sssd start
Redirecting to /bin/systemctl stop sssd.service
Redirecting to /bin/systemctl start sssd.service
[root@rhel7-3 ipa-trust-functional]# id testuser1.testuid=551802247(testuser1.test) gid=551802247(testuser1.test) groups=551802247(testuser1.test)
This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |