Bug 1195607
Summary: | Deleteing an external AD user-group should disassociate the users from the user-group associated | ||
---|---|---|---|
Product: | Red Hat Satellite | Reporter: | Kedar Bidarkar <kbidarka> |
Component: | Hammer | Assignee: | Marek Hulan <mhulan> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Kedar Bidarkar <kbidarka> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 6.1.0 | CC: | bbuckingham, bkearney |
Target Milestone: | Unspecified | ||
Target Release: | Unused | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
URL: | http://projects.theforeman.org/issues/9878 | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-08-12 13:56:58 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Kedar Bidarkar
2015-02-24 07:49:10 UTC
NOTE: foobar is the user from AD which also belongs to user-group foobargroup in AD. [root@xyzabc ~]# hammer -u admin -p changeme user-group info --id 1 Id: 1 Name: katello Users: foobar User groups: External user groups: Roles: View hosts Created at: 2015/03/02 08:35:24 Updated at: 2015/03/02 08:35:24 As seen in comment 3, though the external user groups appears empty after it's removed, the user is still associated with the 'katello' user-group. As seen it's still able to perform the Roles of 'view hosts', which I feel is a bug. Cron-job getting run, foreman-rake command running and users logging in **makes no difference**, as I see the issue even after: a) cron-job getting run after the "Admin deletes link between 'bar' and 'foo'" b) the admin running "foreman-rake ldap:refresh_usergroups" on sat6 c) the users have logged in, they still can access the pages as per the roles. NOTE: I have tried this with latest sat6.1 snap4. We need to fix this for satellite6.1. Created redmine issue http://projects.theforeman.org/issues/9878 from this bug when comparing it with comment 3, the user "foobar" is no longer associated with the user-group "katello". [root@xyzabc ~]# hammer -u admin -p changeme user-group external delete --id 1 --user-group-id 1 External user group deleted [root@xyzabc ~]# hammer -u admin -p changeme user-group info --id 1 Id: 1 Name: katello Users: User groups: External user groups: Roles: Viewer View hosts Tasks Reader Tasks Manager Site manager Red Hat Access Logs Manager Edit partition tables Edit hosts Discovery Reader Discovery Manager Boot disk access Created at: 2015/05/05 22:17:01 Updated at: 2015/05/05 22:17:01 ------------------------------------------- [root@xyzabc ~]# hammer -u admin -p changeme user info --id 4 Id: 4 Login: foobar Name: foobar Email: foobar Admin: no Authorized by: Last login: 2015/05/05 22:26:54 Default organization: Default Organization Default location: Default Location Roles: Anonymous User groups: Locations: Default Location Organizations: Default Organization Created at: 2015/05/05 22:18:41 Updated at: 2015/05/05 22:26:54 VERIFIED with sat6.1-GA-SNAP2 This bug is slated to be released with Satellite 6.1. This bug was fixed in version 6.1.1 of Satellite which was released on 12 August, 2015. |