Bug 1108229
| Summary: | [RFE] Better integration with the external provisioning systems - users | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Martin Kosek <mkosek> |
| Component: | ipa | Assignee: | Martin Kosek <mkosek> |
| Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | medium | ||
| Version: | 7.1 | CC: | rcritten |
| Target Milestone: | rc | Keywords: | FutureFeature |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | ipa-4.0.3-1.el7 | Doc Type: | Enhancement |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-03-05 10:12:04 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Martin Kosek
2014-06-11 14:58:13 UTC
This request is already fixed in upstream FreeIPA project. Please refer to the linked ticket for additional details and related commits. Verified using ipa-server-4.1.0-15.el7.x86_64 Test 1: The ldifs should contain userClass: # grep userClass /etc/dirsrv/slapd-TESTRELM-TEST/schema/60basev3.ldif objectClasses: (2.16.840.1.113730.3.8.12.20 NAME 'ipaUser' AUXILIARY MUST ( uid ) MAY ( userClass ) X-ORIGIN 'IPA v3' ) # grep userClass /etc/dirsrv/slapd-TESTRELM-TEST/schema/05rfc4524.ldif attributeTypes: ( 0.9.2342.19200300.100.1.8 NAME 'userClass' Test2: Add user in single usergroup using regex set for usergroup # ipa group-add --desc="QE Group" idm-qe -------------------- Added group "idm-qe" -------------------- Group name: idm-qe Description: QE Group GID: 743000003 # ipa automember-add --type=group idm-qe ------------------------------ Added automember rule "idm-qe" ------------------------------ Automember Rule: idm-qe # ipa automember-add-condition --key=userClass --type=group --inclusive-regex=qe idm-qe ------------------------------ Added condition(s) to "idm-qe" ------------------------------ Automember Rule: idm-qe Inclusive Regex: userClass=qe ---------------------------- Number of conditions added 1 ---------------------------- # ipa user-add one --class=qe First name: one Last name: one ---------------- Added user "one" ---------------- User login: one First name: one Last name: one Full name: one one Display name: one one Initials: oo Home directory: /home/one GECOS: one one Login shell: /bin/sh Kerberos principal: one Email address: one UID: 743000004 GID: 743000004 Class: qe Password: False Member of groups: idm-qe, ipausers Kerberos keys available: False Test3: Add user in multiple usergroup using regex set for usergroup # ipa group-add --desc="Dev Group" idm-dev --------------------- Added group "idm-dev" --------------------- Group name: idm-dev Description: Dev Group GID: 743000005 # ipa automember-add --type=group idm-dev ------------------------------- Added automember rule "idm-dev" ------------------------------- Automember Rule: idm-dev # ipa automember-add-condition --key=userClass --type=group --inclusive-regex=dev idm-dev ------------------------------- Added condition(s) to "idm-dev" ------------------------------- Automember Rule: idm-dev Inclusive Regex: userClass=dev ---------------------------- Number of conditions added 1 ---------------------------- # ipa user-add two --class=qe,dev First name: two Last name: two ---------------- Added user "two" ---------------- User login: two First name: two Last name: two Full name: two two Display name: two two Initials: tt Home directory: /home/two GECOS: two two Login shell: /bin/sh Kerberos principal: two Email address: two UID: 743000006 GID: 743000006 Class: qe,dev Password: False Member of groups: idm-qe, ipausers, idm-dev Kerberos keys available: False # ipa group-show idm-qe Group name: idm-qe Description: QE Group GID: 743000003 Member users: one, two # ipa group-show idm-dev Group name: idm-dev Description: Dev Group GID: 743000005 Member users: two Test4: Add user using non-existing regex # ipa user-add three --class=non-existent First name: three Last name: three ------------------ Added user "three" ------------------ User login: three First name: three Last name: three Full name: three three Display name: three three Initials: tt Home directory: /home/three GECOS: three three Login shell: /bin/sh Kerberos principal: three Email address: three UID: 743000007 GID: 743000007 Class: non-existent Password: False Member of groups: ipausers Kerberos keys available: False Test5: Find users using single value for "class" parameter # ipa user-find --class=qe --------------- 2 users matched --------------- User login: four First name: four Last name: four Home directory: /home/four Login shell: /bin/sh Email address: four UID: 743000008 GID: 743000008 Account disabled: False Class: qe Password: False Kerberos keys available: False User login: one First name: one Last name: one Home directory: /home/one Login shell: /bin/sh Email address: one UID: 743000004 GID: 743000004 Account disabled: False Class: qe Password: False Kerberos keys available: False ---------------------------- Number of entries returned 2 ---------------------------- Test6: Find users using multiple values for "class" parameter # ipa user-find --class=qe,dev -------------- 1 user matched -------------- User login: two First name: two Last name: two Home directory: /home/two Login shell: /bin/sh Email address: two UID: 743000006 GID: 743000006 Account disabled: False Class: qe,dev Password: False Kerberos keys available: False ---------------------------- Number of entries returned 1 ---------------------------- Test7: Find user with non-existent value for "class" parameter # ipa user-find --class=xxx --------------- 0 users matched --------------- ---------------------------- Number of entries returned 0 ---------------------------- Test8: change usergroup of user using "class" parameter to another group # ipa user-mod one --class=dev ------------------- Modified user "one" ------------------- User login: one First name: one Last name: one Home directory: /home/one Login shell: /bin/sh Email address: one UID: 743000004 GID: 743000004 Account disabled: False Class: dev Password: False Member of groups: idm-qe, ipausers Kerberos keys available: False # ipa group-show idm-dev Group name: idm-dev Description: Dev Group GID: 743000005 Member users: two # ipa automember-rebuild --type=group -------------------------------------------------------- Automember rebuild task finished. Processed (5) entries. -------------------------------------------------------- # ipa group-show idm-dev Group name: idm-dev Description: Dev Group GID: 743000005 Member users: one, two # ipa user-show one User login: one First name: one Last name: one Home directory: /home/one Login shell: /bin/sh Email address: one UID: 743000004 GID: 743000004 Account disabled: False Class: dev Password: False Member of groups: idm-qe, ipausers, idm-dev Kerberos keys available: False Test9: Add user in multiple groups using "class" parameter from a single group # ipa user-add five --class=qe First name: five Last name: five ----------------- Added user "five" ----------------- User login: five First name: five Last name: five Full name: five five Display name: five five Initials: ff Home directory: /home/five GECOS: five five Login shell: /bin/sh Kerberos principal: five Email address: five UID: 743000009 GID: 743000009 Class: qe Password: False Member of groups: idm-qe, ipausers Kerberos keys available: False # ipa group-add --desc="Doc Group" idm-doc --------------------- Added group "idm-doc" --------------------- Group name: idm-doc Description: Doc Group GID: 743000010 # ipa automember-add --type=group idm-doc ------------------------------- Added automember rule "idm-doc" ------------------------------- Automember Rule: idm-doc # ipa automember-add-condition --key=userClass --type=group --inclusive-regex=doc idm-doc ------------------------------- Added condition(s) to "idm-doc" ------------------------------- Automember Rule: idm-doc Inclusive Regex: userClass=doc ---------------------------- Number of conditions added 1 ---------------------------- # ipa user-show five User login: five First name: five Last name: five Home directory: /home/five Login shell: /bin/sh Email address: five UID: 743000009 GID: 743000009 Account disabled: False Class: qe Password: False Member of groups: idm-qe, ipausers Kerberos keys available: False # ipa user-mod five --class=doc,dev -------------------- Modified user "five" -------------------- User login: five First name: five Last name: five Home directory: /home/five Login shell: /bin/sh Email address: five UID: 743000009 GID: 743000009 Account disabled: False Class: doc,dev Password: False Member of groups: idm-qe, ipausers Kerberos keys available: False # ipa automember-rebuild --type=group -------------------------------------------------------- Automember rebuild task finished. Processed (6) entries. -------------------------------------------------------- # ipa user-show five User login: five First name: five Last name: five Home directory: /home/five Login shell: /bin/sh Email address: five UID: 743000009 GID: 743000009 Account disabled: False Class: doc,dev Password: False Member of groups: idm-qe, ipausers, idm-dev, idm-doc Kerberos keys available: False Test10: help text displays this new parameter # ipa help user-add | grep class --class=STR User category (semantics placed on this attribute are # ipa help user-mod | grep class --class=STR User category (semantics placed on this attribute are # ipa help user-find | grep class --class=STR User category (semantics placed on this attribute are Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-0442.html |