Bug 1188195

Summary: Fax number not displayed for user-show when kinit'ed as normal user.
Product: Red Hat Enterprise Linux 7 Reporter: Gowrishankar Rajaiyan <grajaiya>
Component: ipaAssignee: IPA Maintainers <ipa-maint>
Status: CLOSED ERRATA QA Contact: Namita Soman <nsoman>
Severity: high Docs Contact:
Priority: high    
Version: 7.1CC: akasurde, drieden, grajaiya, mkosek, mnavrati, ovasik, rcritten, tbabej
Target Milestone: rcKeywords: Regression, ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-4.2.0-0.1.alpha1.el7 Doc Type: Known Issue
Doc Text:
Both anonymous and authenticated users lose the default permission to read the "facsimiletelephonenumber" user attribute after upgrading to the Red Hat Enterprise Linux 7.1 version of Identity Management (IdM). To manually change the new default setting and make the attribute readable again, run the "ipa permission-mod 'System: Read User Addressbook Attributes' --includedattrs facsimiletelephonenumber" command.
 Story Points: ---
Clone Of:
: 1198430 (view as bug list) Environment:
Last Closed: 2015-11-19 12:01:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1198430    
Attachments:
Description Flags
Verification_logs none

Description Gowrishankar Rajaiyan 2015-02-02 10:11:21 UTC 
Description of problem: Use user-mod to set fax number. Kinit as user and try to user-show. Fax number set previously is missing when queried as user.


Version-Release number of selected component (if applicable):
ipa-server-4.1.0-17.el7.x86_64


How reproducible: Always


Steps to Reproduce:
1. kinit admin
2. ipa user-add user0001 --first=user0001 --last=user0001 --password
3. ipa user-mod user0001 --fax=777-777-7777
4. kinit user0001
5. ipa user-show user0001 --all

Actual results: 
"ipa user-show user0001 --all" does not list the fax number.


Expected results:
"ipa user-show user0001 --all" should list the fax number.


Additional info:
[root@apollo ~]# ipa user-mod user0001 --fax=777-777-7777
------------------------
Modified user "user0001"
------------------------
  User login: user0001
  First name: user0001
  Last name: user0001
  Home directory: /home/user0001
  Login shell: /bin/sh
  Email address: user0001.eng.bos.redhat.com
  UID: 1610000001
  GID: 1610000001
  Fax Number: 777-777-7777
  Account disabled: False
  Password: True
  Member of groups: ipausers
  Kerberos keys available: True
[root@apollo ~]#

[root@apollo ~]# echo Secret_123 | kinit user0001
Password for user0001.ENG.BOS.REDHAT.COM: 
[root@apollo ~]# ipa user-find user0001 --fax=777-777-7777
---------------
0 users matched
---------------
----------------------------
Number of entries returned 0
----------------------------
[root@apollo ~]#

[root@apollo ~]# ipa user-show user0001 --all
  dn: uid=user0001,cn=users,cn=accounts,dc=idmqe,dc=lab,dc=eng,dc=bos,dc=redhat,dc=com
  User login: user0001
  First name: user0001
  Last name: user0001
  Full name: user0001 user0001
  Display name: user0001 user0001
  Initials: uu
  Home directory: /home/user0001
  GECOS: user0001 user0001
  Login shell: /bin/sh
  Kerberos principal: user0001.ENG.BOS.REDHAT.COM
  Email address: user0001.eng.bos.redhat.com
  UID: 1610000001
  GID: 1610000001
  Account disabled: False
  Password: True
  Member of groups: ipausers
  Kerberos keys available: True
  ipauniqueid: 4d5472b0-aabe-11e4-b2a7-0015172f2b30
  krblastpwdchange: 20150202094641Z
  krbpasswordexpiration: 20150503094641Z
  objectclass: ipaSshGroupOfPubKeys, ipaobject, mepOriginEntry, person, top, ipasshuser, inetorgperson, organizationalperson, krbticketpolicyaux, krbprincipalaux, inetuser, posixaccount
[root@apollo ~]# 

Now, kinit as admin:

[root@apollo ~]# echo Secret123 | kinit admin
Password for admin.ENG.BOS.REDHAT.COM: 
[root@apollo ~]# ipa user-show user0001 --all
  dn: uid=user0001,cn=users,cn=accounts,dc=idmqe,dc=lab,dc=eng,dc=bos,dc=redhat,dc=com
  User login: user0001
  First name: user0001
  Last name: user0001
  Full name: user0001 user0001
  Display name: user0001 user0001
  Initials: uu
  Home directory: /home/user0001
  GECOS: user0001 user0001
  Login shell: /bin/sh
  Kerberos principal: user0001.ENG.BOS.REDHAT.COM
  Email address: user0001.eng.bos.redhat.com
  UID: 1610000001
  GID: 1610000001
  Fax Number: 777-777-7777
  Account disabled: False
  Password: True
  Member of groups: ipausers
  Kerberos keys available: True
  ipauniqueid: 4d5472b0-aabe-11e4-b2a7-0015172f2b30
  krbextradata: AAKBR89Ua2FkbWluZEBJRE1RRS5MQUIuRU5HLkJPUy5SRURIQVQuQ09NAA==
  krblastpwdchange: 20150202094641Z
  krblastsuccessfulauth: 20150202095810Z
  krbloginfailedcount: 0
  krbpasswordexpiration: 20150503094641Z
  krbticketflags: 128
  mepmanagedentry: cn=user0001,cn=groups,cn=accounts,dc=idmqe,dc=lab,dc=eng,dc=bos,dc=redhat,dc=com
  objectclass: ipaSshGroupOfPubKeys, ipaobject, mepOriginEntry, person, top, ipasshuser, inetorgperson, organizationalperson, krbticketpolicyaux, krbprincipalaux, inetuser, posixaccount
[root@apollo ~]# 


Missing attributes for normal user:
  Fax Number: 777-777-7777
  krbextradata: AAKBR89Ua2FkbWluZEBJRE1RRS5MQUIuRU5HLkJPUy5SRURIQVQuQ09NAA==
  krblastsuccessfulauth: 20150202095810Z
  krbloginfailedcount: 0
  krbpasswordexpiration: 20150503094641Z
  krbticketflags: 128
  mepmanagedentry: cn=user0001,cn=groups,cn=accounts,dc=idmqe,dc=lab,dc=eng,dc=bos,dc=redhat,dc=com


Other missing attributes seems fine to not be listed for user, however, fax is something that user should be able to see.
Comment 1 Gowrishankar Rajaiyan 2015-02-02 10:13:57 UTC 
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ipa-selfservice-usertest-1005: check the user's attribute settings
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

...


:: [  BEGIN   ] :: Running 'ipa user-find user0001  --phone=777-777-7777'
--------------
1 user matched
--------------
  User login: user0001
  First name: Good
  Last name: User
  Home directory: /home/user0001
  Login shell: /bin/bash
  Email address: user0001
  UID: 653400001
  GID: 653400001
  Telephone Number: 777-777-7777
  Job Title: good_admin
  Account disabled: False
  Password: True
  Kerberos keys available: True
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Command 'ipa user-find user0001  --phone=777-777-7777' (Expected 0, got 0)
:: [  BEGIN   ] :: Running 'ipa user-find user0001  --mobile=777-777-7777'
--------------
1 user matched
--------------
  User login: user0001
  First name: Good
  Last name: User
  Home directory: /home/user0001
  Login shell: /bin/bash
  Email address: user0001
  UID: 653400001
  GID: 653400001
  Telephone Number: 777-777-7777
  Mobile Telephone Number: 777-777-7777
  Job Title: good_admin
  Account disabled: False
  Password: True
  Kerberos keys available: True
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Command 'ipa user-find user0001  --mobile=777-777-7777' (Expected 0, got 0)
:: [  BEGIN   ] :: Running 'ipa user-find user0001  --pager=777-777-7777'
--------------
1 user matched
--------------
  User login: user0001
  First name: Good
  Last name: User
  Home directory: /home/user0001
  Login shell: /bin/bash
  Email address: user0001
  UID: 653400001
  GID: 653400001
  Telephone Number: 777-777-7777
  Pager Number: 777-777-7777
  Job Title: good_admin
  Account disabled: False
  Password: True
  Kerberos keys available: True
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Command 'ipa user-find user0001  --pager=777-777-7777' (Expected 0, got 0)
:: [  BEGIN   ] :: Running 'ipa user-find user0001  --fax=777-777-7777'
---------------
0 users matched
---------------
----------------------------
Number of entries returned 0
----------------------------
:: [   FAIL   ] :: Command 'ipa user-find user0001  --fax=777-777-7777' (Expected 0, got 1)
Comment 5 Martin Kosek 2015-02-05 15:17:02 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/4883
Comment 7 Tomas Babej 2015-02-19 17:38:09 UTC 
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/72af5fd9757da16c49959bfdecf4e0cb41c36503
ipa-4-1:
https://fedorahosted.org/freeipa/changeset/73f6d69adfa2c10c9e3534f59d047ade3782b051
Comment 15 Abhijeet Kasurde 2015-08-14 05:08:36 UTC 
Created attachment 1062867 [details]
Verification_logs
Comment 16 Abhijeet Kasurde 2015-08-18 07:23:12 UTC 
Attached logs and marking bug as verified.
Comment 17 errata-xmlrpc 2015-11-19 12:01:14 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2362.html